[Snort-sigs] new rule for detect ASPSurvey Login_Validate.asp Password param access
rmkml at ...324...
Fri Jan 13 07:37:01 EST 2006
please check and maybe add this new rule :
web-iis.rules:alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS
(msg:"WEB-IIS ASPSurvey Login_Validate.asp Password param access";
flow:to_server,established; uricontent:"/Login_Validate.asp"; nocase;
uricontent:"Password|3D|"; nocase; reference:cve,2006-0192;
'SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10
allows remote attackers to execute arbitrary SQL commands via the Password
parameter. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information.'
Improve/comments are welcome.
More information about the Snort-sigs