ddavidegli at gmail.com
Wed Oct 1 03:28:45 MDT 2014
Interesting that they're encoding the attack in the useragent string. If
that's the case, can you not write a filter that puts the useragent string
in a temporary location, clears useragent, executes the necessary system()
calls, then swaps it back? Or even better, leave it swapped out, and refer
to the swapped location if you need to examine it for things like I.E. vs.
FireFox vs. Opera vs. whoever?
That's what would first occur to me, but perhaps I'm being over simplistic.
If so, simply tell me.
More information about the PLUG