[Snort-sigs] new rule for detect CuteNews flood.db.php access
rmkml at ...324...
Fri Dec 9 01:24:17 EST 2005
please check and maybe add this new rule :
web-php.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP
CuteNews flood.db.php access"; content:"GET"; nocase; depth:3;
uricontent:"/data/flood.db.php"; nocase; reference:bugtraq,14869;
reference:cve,2005-3010; reference:nessus,19756; reference:osvdb,19478;
Simply detect access to flood.db.php.
Improve/comments are welcome.
More information about the Snort-sigs