[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Mon Jul 17 15:19:51 EDT 2006

This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000820-100000848. 
These rules cover cross-site scripting, SQL injection, and/or remote 
file inclusion attacks against the VBZoom, Phorum, HiveMail, Lazarus, 
MiniBB, PhotoCycle, PHP Event Calendar, FlatNuke, PerForums, PHPBB 3, 
Koobi, Invision, Subberz, Sitemap, and PhpWebGallery systems.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000820 || COMMUNITY WEB-PHP SaPHPLesson add.php SQL injection attempt
100000821 || COMMUNITY WEB-PHP VBZooM sub-join.php SQL injection attempt
100000822 || COMMUNITY WEB-PHP VBZooM reply.php SQL injection attempt
100000823 || COMMUNITY WEB-PHP VBZooM ignore-pm.php SQL injection attempt
100000824 || COMMUNITY WEB-PHP VBZooM sendmail.php SQL injection attempt
100000825 || COMMUNITY WEB-PHP Phorum posting.php xss attempt
100000826 || COMMUNITY WEB-PHP Phorum search.php SQL injection attempt
100000827 || COMMUNITY WEB-PHP HiveMail address.view.php xss attempt
100000828 || COMMUNITY WEB-PHP HiveMail address.view.php xss attempt
100000829 || COMMUNITY WEB-PHP HiveMail address.view.php xss attempt
100000830 || COMMUNITY WEB-PHP HiveMail index.php xss attempt
100000831 || COMMUNITY WEB-PHP HiveMail compose.email.php xss attempt
100000832 || COMMUNITY WEB-PHP HiveMail read.markas.php xss attempt
100000833 || COMMUNITY WEB-PHP HiveMail search.results.php SQL injection 
100000834 || COMMUNITY WEB-PHP Lazarus codes-english.php xss attempt
100000835 || COMMUNITY WEB-PHP Lazarus picture.php xss attempt
100000836 || COMMUNITY WEB-PHP MiniBB com_minibb.php remote file include
100000837 || COMMUNITY WEB-PHP MiniBB index.php remote file include
100000838 || COMMUNITY WEB-PHP PhotoCycle photocycle.php xss attempt
100000839 || COMMUNITY WEB-PHP PHP Event Calendar calendar.php remote 
file include
100000840 || COMMUNITY WEB-PHP FlatNuke index.php remote file include
100000841 || COMMUNITY WEB-PHP PerForms performs.php remote file include
100000842 || COMMUNITY WEB-PHP PHPBB 3 memberlist.php SQL injection attempt
100000843 || COMMUNITY WEB-PHP Koobi Pro index.php xss attempt
100000844 || COMMUNITY WEB-PHP Koobi Pro index.php SQL injection attempt
100000845 || COMMUNITY WEB-PHP Invision Power Board ipsclass.php SQL 
injection attempt
100000846 || COMMUNITY WEB-PHP Subberz Lite user-func.php remote file 
100000847 || COMMUNITY WEB-PHP Sitemap sitemap.xml.php remote file include
100000848 || COMMUNITY WEB-PHP PhpWebGallery XSS attempt

More information about the Snort-sigs mailing list