HTTP HTTP GET filter ie-exploits HTTP/1.1 200 OK Date: Thu, 22 Jul 2010 11:22:33 GMT Connection: close Content-Type: text/html X-Control: swsclose # Here are some strings the ie-exploits filter should filter: # pcrs command 1: f("javascript:location.replace('mk:@MSITStore:C:')"); # pcrs command 2: # pcrs command 3: HTTP/1.1 200 OK Date: Thu, 22 Jul 2010 11:22:33 GMT Connection: close Content-Type: text/html X-Control: swsclose Content-Length: 890 # Here are some strings the ie-exploits filter should filter: # pcrs command 1: alert("This page looks like it tries to use a vulnerability described here: http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2"); # pcrs command 2: # pcrs command 3:
WARNING: This Server is infected with Nimda!
WARNING: This Server is infected with Nimda! http +filter{ie-exploits} proxy http://%HOSTIP:%HTTPPORT/ie-exploits/%TESTNUMBER GET /ie-exploits/%TESTNUMBER HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */* Connection: close