[Snort-sigs] phpbb session exploit

Matt Jonkman matt at ...2436...
Tue Mar 8 13:12:47 EST 2005

Thanks for the sig Chas. It's posted, looks like there isn't much room for

I left it at any any -> any $HTTP_PORTS. I think it'll be most effective
that way, you'll see incoming attacks as well as any internal outward


-----Original Message-----
From: snort-sigs-admin at lists.sourceforge.net
[mailto:snort-sigs-admin at lists.sourceforge.net] On Behalf Of Chas Tomlin
Sent: Tuesday, March 08, 2005 1:13 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] phpbb session exploit

alert tcp any any -> any 80  (msg:"BLEEDING-EDGE EXPLOIT phpbb Session
3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D"; nocase;
classtype:web-application-attack;sid: 1; rev:1;)


Chas Tomlin

Systems Programmer/Administrator
School of Electronics and Computer Science
University of Southampton

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list