Full Disclosure mailing list archives
Re: Blocks OWA Redirect Attempts
From: "pingywon" <pingywon () hotmail com>
Date: Fri, 18 Mar 2005 18:23:38 -0500
RISE FROM YOUR GRAVE......... A lil Altered Beast anyone ? ~pingywon ----- Original Message ----- From: "Morning Wood" <se_cur_ity () hotmail com> To: <full-disclosure () lists grok org uk> Sent: Friday, March 18, 2005 1:34 PM Subject: [Full-disclosure] Blocks OWA Redirect Attempts
since MS is lax about OWA patching, a kind admin sent me this Cisco Mgmt rule to prevent OWA redirect phishing. D.W ------------------------ / start / -------------------- <?xml version='1.0'?> <!DOCTYPE CSAMCEXPORT> <CSAMCEXPORT export_time="Thu Mar 10 13:15:40 Eastern Standard Time 2005" format_version="4.0"> <DATASET hidden="0" description="Blocks OWA Redirect Attempts"
name="Outlook
Web Access Redirect" id="5264" _toplevel="0"> <DATA_IN value="*/exchweb/bin/auth/owalogon.asp?url=*"/> <DATA_EX value="*/exchweb/bin/auth/owalogon.asp?url=https://mymail.com/exchange*"/> </DATASET> <RULE description="Deny OWA Exploits" user_msg="" tla="DACL" id="660" description_detail="" action="deny" log="log_low" priority="201" _toplevel="0" enabled="1"> <APPCLASS_REF ref_id="120"/> <DATASET_REF ref_id="5264"/> </RULE> <APPCLASS is_session_void="0" ostype="W" description="IIS Web Server executable file" name="IIS Web Server application" id="120" is_timeout="0" description_detail="" _toplevel="0" timeout="" process_group="0" apptype="S"> <USE_IN_PROD value="SW"/> <USE_IN_PROD value="SF"/> <FILE_LITERAL file="inetinfo.exe" dir="**"/> <FILE_LITERAL file="w3wp.exe" dir="**"/> </APPCLASS> <POLICY ostype="W" description="Protects OWA against URL Injection
exploits"
name="Custom OWA Module" id="74" description_detail="" _toplevel="1" mandatory="0"> <RULE_REF ref_id="660"/> </POLICY> </CSAMCEXPORT> ---------------------- / end / ---------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Blocks OWA Redirect Attempts Morning Wood (Mar 18)
- Re: Blocks OWA Redirect Attempts pingywon (Mar 18)