[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Feb 25 17:05:25 EST 2005


[***] Results from Oinkmaster started Fri Feb 25 20:00:05 2005 [***]

[///]     Modified active rules:     [///]

     -> Modified active in bleeding-web.rules (1):
        old: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Exploit Suspected PHP Injection Attack"; content: "GET "; nocase; content: ".php|3f|"; nocase; within: 64; pcre: "/(name=http|cmd=.*(cd|perl|wget|id|uname|t?ftp))/i"; flow:to_server,established; classtype: trojan-activity; sid:2001621; rev:3;)
        new: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg: "BLEEDING-EDGE Exploit Suspected PHP Injection Attack"; content: "GET "; nocase; content: ".php|3f|"; nocase; within: 64; pcre: "/(name=http|cmd=.*(cd|\;|perl|wget|id|uname|t?ftp))/i"; flow:to_server,established; classtype: trojan-activity; sid:2001621; rev:4;)

[*] Non-rule line modifications: [*]
    None.

[*] Added files: [*]
    None.





More information about the Snort-sigs mailing list