Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blocks OWA Redirect Attempts

From: "pingywon" <pingywon () hotmail com>
Date: Fri, 18 Mar 2005 18:23:38 -0500
RISE FROM YOUR GRAVE.........
A lil Altered Beast anyone ?

~pingywon

----- Original Message ----- 
From: "Morning Wood" <se_cur_ity () hotmail com>
To: <full-disclosure () lists grok org uk>
Sent: Friday, March 18, 2005 1:34 PM
Subject: [Full-disclosure] Blocks OWA Redirect Attempts



since MS is lax about OWA patching, a kind admin sent me this Cisco Mgmt
rule to prevent OWA redirect phishing.

D.W

------------------------ / start / --------------------

<?xml version='1.0'?>
<!DOCTYPE CSAMCEXPORT>

<CSAMCEXPORT export_time="Thu Mar 10 13:15:40 Eastern Standard Time 2005"
format_version="4.0">
<DATASET hidden="0" description="Blocks OWA Redirect Attempts"

name="Outlook

Web Access Redirect" id="5264" _toplevel="0">
<DATA_IN value="*/exchweb/bin/auth/owalogon.asp?url=*"/>
<DATA_EX
value="*/exchweb/bin/auth/owalogon.asp?url=https://mymail.com/exchange*"/>
</DATASET>

<RULE description="Deny OWA Exploits" user_msg="" tla="DACL" id="660"
description_detail="" action="deny" log="log_low" priority="201"
_toplevel="0" enabled="1">
<APPCLASS_REF ref_id="120"/>
<DATASET_REF ref_id="5264"/>
</RULE>

<APPCLASS is_session_void="0" ostype="W" description="IIS Web Server
executable file" name="IIS Web Server application" id="120" is_timeout="0"
description_detail="" _toplevel="0" timeout="" process_group="0"
apptype="S">
<USE_IN_PROD value="SW"/>
<USE_IN_PROD value="SF"/>
<FILE_LITERAL file="inetinfo.exe" dir="**"/>
<FILE_LITERAL file="w3wp.exe" dir="**"/>
</APPCLASS>

<POLICY ostype="W" description="Protects OWA against URL Injection

exploits"

name="Custom OWA Module" id="74" description_detail="" _toplevel="1"
mandatory="0">
<RULE_REF ref_id="660"/>
</POLICY>

</CSAMCEXPORT>

---------------------- / end / ----------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: