Consider this piece of code:
Code: Select all
<a href="http://www.google.com" onclick="_gaq.push(['_trackPageview', '/outbound/google']);window.open(this.href,'_self');return false;">google</a>
=== Triggered rule ===
alert(url_content:"%3C"; url_content:"%22"; url_content:"%3E"; msg:"Suspicious looking GET request containing %3C, %3E, and %22. Suspiciously HTML-like."; reference:url,http://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
=== Request URL ===
http://api.search.yahoo.com/WebSearchSe ... fr&fr=flo2The page you are trying to visit is suspected to be using Cross-Site Scripting (XSS).
This is a technique commonly used in phishing attacks.
URL: http://www.google.nl/search%3fq=%253Ca% ... f-8%26aq=t
Do you still want to go there?
Why it is flagged as it is normal link external code to count clicks to an external link? Asynchronous gaq.push( cross domain tracking!
Look here: http://www.google.nl/search?q=%3Ca+href ... utf-8&aq=t
and the direct link there: http://www.mojoportal.com/tracking-outb ... licks.aspx
luntrus