[Snort-sigs] new rule for detect Gallery with PHPNuke index attempt
rmkml at ...324...
Tue Dec 13 03:39:22 EST 2005
please check and maybe add this new rule :
web-php.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS
(msg:"WEB-PHP Gallery with PHPNuke index attempt"; flow:to_server,es
tablished; content:"GET"; nocase; depth:3; uricontent:"/modules.php";
nocase; content:"name|3D|gallery"; content:"file|3D|index"; reference:bugtraq,14547; reference:cve,2005-2596;
reference:nessus,19419; reference:osvdb,18684; classtype:web-application-attack; )
this attempt is already detected by sid 2565 but this rule detect more
this rule IS NOT TESTED.
Improve/comments are welcome.
More information about the Snort-sigs