[Snort-sigs] new rule for detect ASPSurvey Login_Validate.asp Password param access

rmkml rmkml at ...324...
Fri Jan 13 07:37:01 EST 2006


please check and maybe add this new rule :

web-iis.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS 
(msg:"WEB-IIS ASPSurvey Login_Validate.asp Password param access"; 
flow:to_server,established; uricontent:"/Login_Validate.asp"; nocase; 
uricontent:"Password|3D|"; nocase; reference:cve,2006-0192; 
classtype:web-application-activity; )

'SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 
allows remote attackers to execute arbitrary SQL commands via the Password
parameter. NOTE: the provenance of this information is unknown; the 
details are obtained solely from third party information.'

Improve/comments are welcome.


More information about the Snort-sigs mailing list