[Snort-sigs] new rule for detect CuteNews flood.db.php access

rmkml rmkml at ...324...
Fri Dec 9 01:24:17 EST 2005


Hi,

please check and maybe add this new rule :

web-php.rules:alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP 
CuteNews flood.db.php access"; content:"GET"; nocase; depth:3; 
uricontent:"/data/flood.db.php"; nocase; reference:bugtraq,14869; 
reference:cve,2005-3010; reference:nessus,19756; reference:osvdb,19478; 
classtype:web-application-attack; )

Simply detect access to flood.db.php.

Improve/comments are welcome.

Regards
Rmkml




More information about the Snort-sigs mailing list