Hi malware fighters,
With NoScript installed it would not run, but I want to present the following details on JS trying to be smuggled into an image file. IDS will be an important part of in-browser security:
My browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b1pre) Gecko/20080921033621 Minefield/3.1b1pre ID:20080921033621
Detail report:
=== Triggered rule === alert (msg:"smuggling Javascript inside an image"; headers_content:"image"; nocase; headers_re:"/^Content-Type.*image/mi"; body_re:"/<script/i";)=== Request URL ===
http://papers.ssrn.com/sol3/images/expanded.gif=== Response headers ===
Content-Length: 1602
Content-Type: image/gif
Content-Location: http://papers.ssrn.com/sol3/images/expanded.gif
Last-Modified: Fri, 18 Jul 2008 14:02:10 GMT
Accept-Ranges: bytes
Etag: “225f5ddfdee8c81:321a”
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 21 Sep 2008 19:46:06 GMT=== Response body ===
Issue Tracker 4.0.4 :: Download var timerID = null var timerRunning = false var sessionExpired = false var startDate var startSecs
GIF89a…!..,…
…7.+>
.0.x+.^.%X.jNHa.M/@z:9.t.lK)6R}~…sU.<v.,B5!1o|…`…G.kd.bqP.w…DZ(F…c[3f.}…ni…SE.“…>.=…Yl…LW-.{V…OF$…@…..C.@I.!.,|i3o…(yhP1…?r…0.F.GD]2.(…C…w.%”…~,…
…;function loader()
{
startDate = new Date()
startSecs = (startDate.getHours() * 60 * 60) + (startDate.getMinutes() * 60) + startDate.getSeconds()if (timerRunning)
clearTimeout(timerID)check_session()
}function unloader()
{
}function check_session()
{
var now = new Date()
var nowSecs = (now.getHours() * 60 * 60) + (now.getMinutes() * 60) + now.getSeconds()
var elapsedSecs = nowSecs - startSecs;timerID = setTimeout("check_session
Anyone to comment,
pol