HTTP
HTTP GET
filter ie-exploits
HTTP/1.1 200 OK
Date: Thu, 22 Jul 2010 11:22:33 GMT
Connection: close
Content-Type: text/html
X-Control: swsclose
# Here are some strings the ie-exploits filter should filter:
# pcrs command 1:
f("javascript:location.replace('mk:@MSITStore:C:')");
# pcrs command 2:
# pcrs command 3:
HTTP/1.1 200 OK
Date: Thu, 22 Jul 2010 11:22:33 GMT
Connection: close
Content-Type: text/html
X-Control: swsclose
Content-Length: 890
# Here are some strings the ie-exploits filter should filter:
# pcrs command 1:
alert("This page looks like it tries to use a vulnerability described here:
http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2");
# pcrs command 2:
# pcrs command 3:
WARNING: This Server is infected with Nimda!
WARNING: This Server is infected with Nimda!
http
+filter{ie-exploits}
proxy
http://%HOSTIP:%HTTPPORT/ie-exploits/%TESTNUMBER
GET /ie-exploits/%TESTNUMBER HTTP/1.1
Host: %HOSTIP:%HTTPPORT
User-Agent: curl/%VERSION
Accept: */*
Connection: close