It'll need to be a little more general than that. The way I read the vulnerability, any non-printing character will cause the bug, not just %01. Also, it doesn't have to immediately precede the @ - anywhere before the @ will do.
For example - I don't have an ASCII chart handy, but suppose %03 is also non-printable - <a href=" http://[EMAIL PROTECTED]/exploit /format/c ">Read this or risk legal action!!!</a> will catch a log of people. I think any % character before the third / is suspicious - any good reason to have it? If not, the following regex should work: /https?:\/\/[^\s\/]*?\%\d\d[^\s\/]*?\@/ LINK_WITH_DISGUISED_SITE > -----Original Message----- > From: Ivar Snaaijer [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 11, 2003 10:13 AM > To: [EMAIL PROTECTED] > Subject: Re: [SAtalk] Need a rule for IE Exploit > > > Fred wrote: > > >Hello, > >I am out the door on my way to work but we need a rule for a > new IE exploit > >just released, > >Visit this page, the exploit is harmless but to the spoofer, > it's man's best > >friend. > > > >http://www.zapthedingbat.com/security/ex01/vun1.htm > > > >I think this should be put in the next SA release!! > > > > > Was about tu suggest something similar, any RegExp wizard that can > create the rule ? > any mail containing an URL with %01@ in it is most likely to be spam > > Ivar. > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign > up for IBM's > Free Linux Tutorials. Learn everything from the bash shell > to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > _______________________________________________ > Spamassassin-talk mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
