# 14/10/2008 Microsoft PicturePusher XSS

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Microsoft PicturePusher ActiveX Cross Site File Upload Attack"; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; sid:9031; rev:1;)