On Fri, Jun 01, 2001 at 01:00:40AM +0200, Norbert Bollow wrote: > Here is a new type of possible malware that is not stopped by > standard demime/attachment stripping. > > I have just added a check for the regular expression > > /https?:\S*(%3a|\:)(%2f|\/)(%2f|\/)/i I would probably use this instead: http://\S*(%3c|<)script(%20|\+)language Legitimate redirector URLs will include strings like %2F%2F. URL-escaped code for invoking JavaScript is much less likely to appear inside a benign message.
- [[email protected]: Yahoo/Hotmail scripting vulnerabili... Norbert Bollow
- Re: [[email protected]: Yahoo/Hotmail scripting vu... Tim Pierce
- Re: [[email protected]: Yahoo/Hotmail scripting vu... Norbert Bollow
