Hi malware fighters,
Here we have some malscript codes, that are being flagged by Firekeeper in the Mozilla browser.
Sometimes when you find code online, it is a good policy to feed it into the Google search engine and see if firekeeper alert and flags the exploit attempts. In this process one learns about malcode and to what purpose it is abused, to detect it better and be better protected against it.
I give you two examples:
I give them with their alerts:
1
%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28d
script alert 'Name or service not known'
part of === Triggered rule ===
alert(url_content:"%3CSCRIPT"; nocase; msg:"<script> tags GET request cross site scripting attempt"; url_re:"/%3Cscript.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
&
2
%22%3E%3C%2Fscript%3E%3Cscript%3Eal
=== Triggered rule ===
alert(url_content:"%3CSCRIPT"; nocase; msg:"<script> tags GET request cross site scripting attempt"; url_re:"/%3Cscript.*%3E/i"; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
A description of the use of the second exploit one could find described here:
http://www.ernw.de/content/e6/e179/index_ger.htmland here:
http://www.xssed.com/mirror/23934/Very interesting read here:
http://www.pointblanksecurity.com/xss/polonus