[Snort-sigs] new rule for detect 'piranha default passwd attempt'

rmkml rmkml at ...324...
Fri Aug 26 02:45:36 EDT 2005


Hi,

I have added new rule for detect "piranha default passwd attempt" :

web-php.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS 
(msg:"WEB-PHP piranha default passwd attempt"; flow:to_server,established; 
uricontent:"/piranha/secure/control.php3"; content:"Authorizati
on\: Basic cGlyYW5oYTp"; reference:bugtraq,1148; reference:cve,2000-0248; 
reference:nessus,10381; classtype:attempted-recon; sid:99997; rev:1;)

Regards
Rmkml




More information about the Snort-sigs mailing list