[Snort-sigs] Notes webadmin.ntf access via replicaID

Brian bmc at ...95...
Fri Nov 2 04:33:06 EST 2001


According to David Bouscasse:
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80
> (msg:"WEB-MISC Notes webadmin.ntf access";flags: A+;
> uricontent:"8025674c0060D206"; nocase;
> classtype:attempted-recon; sid:????; rev:1;)
> 
> The bug description is available at
> http://www.nextgenss.com and has been submited at
> bugtraq the 31st of octubre. 
> 
> As far as I tested it, if the template is empty or if
> the admin views are controled by correct ACLs, there
> is no way to modify the web content. But hey... it's a
> bug :)

Uh... ok, except in none of the advisories at nextgenss.com do they
ever give the URI of 8025674c0060D206.  What information did you use
to build this signature?

-- 
I always thought that a relationship was bad taste as the "friend" type in C++




More information about the Snort-sigs mailing list