I appreciate that!
-J
-Original Message-
From: Nathan Power [mailto:n...@securitypentest.com]
Sent: Wednesday, March 02, 2011 10:46 AM
To: Weir, Jason
Cc: Full Disclosure
Subject: Re: [Full-disclosure] Facebook URL Redirect
Vulnerability
Here's a snort rule that will detect this
alert tcp $HOME_NET any -
[69.63.176.0/20,69.63.176.0/20,204.15.20.0/22] $HTTP_PORTS
(msg:Facebook URL Redirect Vulnerability; flow:established,to_server;
content:GET; nocase; http_method; content:track.php?r=; nocase;
http_uri;