[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Tue Jun 27 16:22:26 EDT 2006


This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000448-100000685. These rules cover remote file inclusion attacks and SQL injection attacks against a large number of web applications, as well as detection of the Dremn Trojan.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000448 || COMMUNITY WEB-MISC OfficeFlow default.asp xss attempt
100000449 || COMMUNITY WEB-MISC OfficeFlow files.asp MSSQL injection attempt
100000450 || COMMUNITY WEB-MISC VanillaSoft Helpdesk default.asp xss attempt
100000451 || COMMUNITY WEB-MISC KAPhotoservice album.asp xss attempt
100000452 || COMMUNITY WEB-MISC KAPhotoservice album.asp xss attempt
100000453 || COMMUNITY WEB-MISC KAPhotoservice edtalbum.asp xss attempt
100000454 || COMMUNITY WEB-MISC KAPhotoservice edtalbum.asp xss attempt
100000455 || COMMUNITY WEB-MISC Axent Forum viewposts.cfm xss attempt
100000456 || COMMUNITY WEB-MISC SSPwiz index.cfm xss attempt
100000457 || COMMUNITY WEB-MISC ASP Stats pages.asp MSSQL injection attempt
100000458 || COMMUNITY WEB-MISC DPVision Tradingeye Shop details.cfm xss attempt
100000459 || COMMUNITY WEB-MISC WeBBoA yeni_host.asp MSSQL injection attempt
100000460 || COMMUNITY WEB-MISC AZureus index.tmpl xss attempt
100000461 || COMMUNITY WEB-MISC Open WebMail openwebmail-read.pl xss attempt
100000462 || COMMUNITY WEB-MISC Open WebMail openwebmail-read.pl xss attempt
100000463 || COMMUNITY WEB-PHP Joomla joomla.php remote file include
100000464 || COMMUNITY WEB-PHP LoveCompass AEPartner design.inc.php remote file include
100000465 || COMMUNITY WEB-PHP Empris sql_fcnsOLD.php remote file include
100000466 || COMMUNITY WEB-PHP Free QBoard post.php remote file include
100000467 || COMMUNITY WEB-PHP WebprojectDB nav.php remote file include
100000468 || COMMUNITY WEB-PHP WebprojectDB lang.php remote file include
100000469 || COMMUNITY WEB-PHP iFoto index.php xss attempt
100000470 || COMMUNITY WEB-PHP Foing manage_songs.php remote file include
100000471 || COMMUNITY WEB-PHP VBZoom show.php SQL injection attempt
100000472 || COMMUNITY WEB-PHP VBZoom show.php SQL injection attempt
100000473 || COMMUNITY WEB-PHP VBZoom language.php SQL injection attempt
100000474 || COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt
100000475 || COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt
100000476 || COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt
100000477 || COMMUNITY WEB-PHP VBZoom subject.php SQL injection attempt
100000478 || COMMUNITY WEB-PHP aWebNews visview.php remote file include
100000479 || COMMUNITY WEB-PHP CzarNews headlines.php remote file include
100000480 || COMMUNITY WEB-PHP Somery team.php remote file include
100000481 || COMMUNITY WEB-PHP Hinton Design PHPHG signed.php remote file include
100000482 || COMMUNITY WEB-PHP BoastMachine vote.php remote file include
100000483 || COMMUNITY WEB-PHP Wheatblog view_links.php remote file include
100000484 || COMMUNITY WEB-PHP Confixx ftp_index.php xss attempt
100000485 || COMMUNITY WEB-PHP RahnemaCo page.php remote file include
100000486 || COMMUNITY WEB-PHP PhpBlueDragon CMS template.php remote file include
100000487 || COMMUNITY WEB-PHP ISPConfig server.inc.php remote file include
100000488 || COMMUNITY WEB-PHP ISPConfig app.inc.php remote file include
100000489 || COMMUNITY WEB-PHP ISPConfig login.php remote file include
100000490 || COMMUNITY WEB-PHP ISPConfig trylogin.php remote file include
100000491 || COMMUNITY WEB-PHP DeluxeBB posting.php remote file include
100000492 || COMMUNITY WEB-PHP DeluxeBB newpm.php remote file include
100000493 || COMMUNITY WEB-PHP DeluxeBB postreply.php remote file include
100000494 || COMMUNITY WEB-PHP Zeroboard write_ok.php xss attempt
100000495 || COMMUNITY WEB-PHP Zeroboard write_ok.php xss attempt
100000496 || COMMUNITY WEB-PHP Chipmailer index.php SQL injection attempt
100000497 || COMMUNITY WEB-PHP Calendarix cal_event.php SQL injection attempt
100000498 || COMMUNITY WEB-PHP Calendarix cal_popup.php SQL injection attempt
100000499 || COMMUNITY WEB-PHP PictureDis thumstbl.php remote file include
100000500 || COMMUNITY WEB-PHP PictureDis wpfiles.php remote file include
100000501 || COMMUNITY WEB-PHP PictureDis wallpapr.php remote file include
100000502 || COMMUNITY WEB-PHP Ji-Takz tag.class.php remote file include
100000503 || COMMUNITY WEB-PHP Nucleus CMS action.php remote file include
100000504 || COMMUNITY WEB-PHP Nucleus CMS media.php remote file include
100000505 || COMMUNITY WEB-PHP Nucleus CMS server.php remote file include
100000506 || COMMUNITY WEB-PHP Nucleus CMS api_metaweblog.inc.php remote file include
100000507 || COMMUNITY WEB-PHP FlashChat adminips.php remote file include
100000508 || COMMUNITY WEB-PHP Wikkawiki wakka.php access
100000509 || COMMUNITY WEB-PHP RahnemaCo page.php remote file include
100000510 || COMMUNITY WEB-PHP VBZoom rank.php SQL injection attempt
100000511 || COMMUNITY WEB-PHP VBZoom message.php SQL injection attempt
100000512 || COMMUNITY WEB-PHP VBZoom lng.php SQL injection attempt
100000513 || COMMUNITY WEB-PHP SAPHPLesson showcat.php SQL injection attempt
100000514 || COMMUNITY WEB-PHP SAPHPLesson misc.php SQL injection attempt
100000515 || COMMUNITY WEB-PHP CMS Faethon header.php xss attempt
100000516 || COMMUNITY WEB-PHP CMS Faethon footer.php xss attempt
100000517 || COMMUNITY WEB-PHP e107 search.php xss attempt
100000518 || COMMUNITY WEB-PHP PHP Live Helper initiate.php remote file include
100000519 || COMMUNITY WEB-PHP VUBB index.php SQL injection attempt
100000520 || COMMUNITY WEB-PHP Xarancms xaramcms_haupt.php SQL injection attempt
100000521 || COMMUNITY WEB-PHP TPL Design TplShop category.php SQL injection attempt
100000522 || COMMUNITY WEB-PHP The Edge eCommerce Shop productDetail.php xss attempt
100000523 || COMMUNITY WEB-PHP CavoxCms index.php SQL injection attempt
100000524 || COMMUNITY WEB-PHP Micro CMS microcms-include.php remote file include
100000525 || COMMUNITY WEB-PHP PHPMyDirectory offer-pix.php xss attempt
100000526 || COMMUNITY WEB-PHP PHPMyDirectory index.php xss attempt
100000527 || COMMUNITY WEB-PHP AssoCIateD index.php xss attempt
100000528 || COMMUNITY WEB-PHP PHPMyForum topic.php xss attempt
100000529 || COMMUNITY WEB-PHP NC Linklist index.php xss attempt
100000530 || COMMUNITY WEB-PHP NC Linklist index.php xss attempt
100000531 || COMMUNITY WEB-PHP BtitTracker torrents.php SQL injection attempt
100000532 || COMMUNITY WEB-PHP BtitTracker torrents.php SQL injection attempt
100000533 || COMMUNITY WEB-PHP VUBB functions.php SQL injection attempt
100000534 || COMMUNITY WEB-PHP VUBB english.php xss attempt
100000535 || COMMUNITY WEB-PHP IMGallery galeria.php SQL injection attempt
100000536 || COMMUNITY WEB-PHP IMGallery galeria.php SQL injection attempt
100000537 || COMMUNITY WEB-PHP thinkWMS index.php SQL injection attempt
100000538 || COMMUNITY WEB-PHP thinkWMS index.php SQL injection attempt
100000539 || COMMUNITY WEB-PHP thinkWMS printarticle.php SQL injection attempt
100000540 || COMMUNITY WEB-PHP Enterprise Groupware index.php xss attempt
100000541 || COMMUNITY WEB-PHP Dating Agent picture.php SQL injection attempt
100000542 || COMMUNITY WEB-PHP Dating Agent mem.php SQL injection attempt
100000543 || COMMUNITY WEB-PHP Dating Agent search.php SQL injection attempt
100000544 || COMMUNITY WEB-PHP Dating Agent search.php SQL injection attempt
100000545 || COMMUNITY WEB-PHP PHP Blue Dragon CMS team_admin.php remote file include
100000546 || COMMUNITY WEB-PHP PHP Blue Dragon CMS rss_admin.php remote file include
100000547 || COMMUNITY WEB-PHP PHP Blue Dragon CMS manual_admin.php remote file include
100000548 || COMMUNITY WEB-PHP PHP Blue Dragon CMS forum_admin.php remote file include
100000549 || COMMUNITY WEB-PHP Custom Datin Biz user_view.php xss attempt
100000550 || COMMUNITY WEB-PHP Project Eros BBSEngine comment.php access
100000551 || COMMUNITY WEB-PHP Project Eros BBSEngine aolbonics.php access
100000552 || COMMUNITY WEB-PHP SmartSiteCMS inc_foot.php remote file include
100000553 || COMMUNITY WEB-PHP PHPMySMS gateway.php remote file include
100000554 || COMMUNITY WEB-PHP VebiMiau error.php xss attempt
100000555 || COMMUNITY WEB-PHP VebiMiau error.php xss attempt
100000556 || COMMUNITY WEB-PHP VebiMiau error.php xss attempt
100000557 || COMMUNITY WEB-PHP VebiMiau index.php xss attempt
100000558 || COMMUNITY WEB-PHP VebiMiau messages.php xss attempt
100000559 || COMMUNITY WEB-PHP Infinite Core Technologies ICT index.php SQL injection attempt
100000560 || COMMUNITY WEB-PHP eNpaper1 root_header.php remote file include
100000561 || COMMUNITY WEB-PHP dotProject ui.class.php xss attempt
100000562 || COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt
100000563 || COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt
100000564 || COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt
100000565 || COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt
100000566 || COMMUNITY WEB-PHP XennoBB messages.php xss attempt
100000567 || COMMUNITY WEB-PHP Qdig index.php xss attempt
100000568 || COMMUNITY WEB-PHP Qdig index.php xss attempt
100000569 || COMMUNITY WEB-PHP Indexu app_change_email.php remote file include
100000570 || COMMUNITY WEB-PHP Indexu app_change_pwd.php remote file include
100000571 || COMMUNITY WEB-PHP Indexu app_mod_rewrite.php remote file include
100000572 || COMMUNITY WEB-PHP Indexu app_page_caching.php remote file include
100000573 || COMMUNITY WEB-PHP Indexu app_setup.php remote file include
100000574 || COMMUNITY WEB-PHP Indexu cat_add.php remote file include
100000575 || COMMUNITY WEB-PHP Indexu cat_delete.php remote file include
100000576 || COMMUNITY WEB-PHP Indexu cat_edit.php remote file include
100000577 || COMMUNITY WEB-PHP Indexu cat_path_update.php remote file include
100000578 || COMMUNITY WEB-PHP Indexu cat_search.php remote file include
100000579 || COMMUNITY WEB-PHP Indexu cat_struc.php remote file include
100000580 || COMMUNITY WEB-PHP Indexu cat_view.php remote file include
100000581 || COMMUNITY WEB-PHP Indexu cat_view_hidden.php remote file include
100000582 || COMMUNITY WEB-PHP Indexu cat_view_hierarchy.php remote file include
100000583 || COMMUNITY WEB-PHP Indexu cat_view_registered_only.php remote file include
100000584 || COMMUNITY WEB-PHP Indexu checkurl_web.php remote file include
100000585 || COMMUNITY WEB-PHP Indexu db_alter.php remote file include
100000586 || COMMUNITY WEB-PHP Indexu db_alter_change.php remote file include
100000587 || COMMUNITY WEB-PHP Indexu db_backup.php remote file include
100000588 || COMMUNITY WEB-PHP Indexu db_export.php remote file include
100000589 || COMMUNITY WEB-PHP Indexu db_import.php remote file include
100000590 || COMMUNITY WEB-PHP Indexu editor_add.php remote file include
100000591 || COMMUNITY WEB-PHP Indexu editor_delete.php remote file include
100000592 || COMMUNITY WEB-PHP Indexu editor_validate.php remote file include
100000593 || COMMUNITY WEB-PHP Indexu head.php remote file include
100000594 || COMMUNITY WEB-PHP Indexu index.php remote file include
100000595 || COMMUNITY WEB-PHP Indexu inv_config.php remote file include
100000596 || COMMUNITY WEB-PHP Indexu inv_config_payment.php remote file include
100000597 || COMMUNITY WEB-PHP Indexu inv_create.php remote file include
100000598 || COMMUNITY WEB-PHP Indexu inv_delete.php remote file include
100000599 || COMMUNITY WEB-PHP Indexu inv_edit.php remote file include
100000600 || COMMUNITY WEB-PHP Indexu inv_markpaid.php remote file include
100000601 || COMMUNITY WEB-PHP Indexu inv_markunpaid.php remote file include
100000602 || COMMUNITY WEB-PHP Indexu inv_overdue.php remote file include
100000603 || COMMUNITY WEB-PHP Indexu inv_paid.php remote file include
100000604 || COMMUNITY WEB-PHP Indexu inv_send.php remote file include
100000605 || COMMUNITY WEB-PHP Indexu inv_unpaid.php remote file include
100000606 || COMMUNITY WEB-PHP Indexu lang_modify.php remote file include
100000607 || COMMUNITY WEB-PHP Indexu link_add.php remote file include
100000608 || COMMUNITY WEB-PHP Indexu link_bad.php remote file include
100000609 || COMMUNITY WEB-PHP Indexu link_bad_delete.php remote file include
100000610 || COMMUNITY WEB-PHP Indexu link_checkurl.php remote file include
100000611 || COMMUNITY WEB-PHP Indexu link_delete.php remote file include
100000612 || COMMUNITY WEB-PHP Indexu link_duplicate.php remote file include
100000613 || COMMUNITY WEB-PHP Indexu link_edit.php remote file include
100000614 || COMMUNITY WEB-PHP Indexu link_premium_listing.php remote file include
100000615 || COMMUNITY WEB-PHP Indexu link_premium_sponsored.php remote file include
100000616 || COMMUNITY WEB-PHP Indexu link_search.php remote file include
100000617 || COMMUNITY WEB-PHP Indexu link_sponsored_listing.php remote file include
100000618 || COMMUNITY WEB-PHP Indexu link_validate.php remote file include
100000619 || COMMUNITY WEB-PHP Indexu link_validate_edit.php remote file include
100000620 || COMMUNITY WEB-PHP Indexu link_view.php remote file include
100000621 || COMMUNITY WEB-PHP Indexu log_search.php remote file include
100000622 || COMMUNITY WEB-PHP Indexu mail_modify.php remote file include
100000623 || COMMUNITY WEB-PHP Indexu menu.php remote file include
100000624 || COMMUNITY WEB-PHP Indexu message_create.php remote file include
100000625 || COMMUNITY WEB-PHP Indexu message_delete.php remote file include
100000626 || COMMUNITY WEB-PHP Indexu message_edit.php remote file include
100000627 || COMMUNITY WEB-PHP Indexu message_send.php remote file include
100000628 || COMMUNITY WEB-PHP Indexu message_subscriber.php remote file include
100000629 || COMMUNITY WEB-PHP Indexu message_view.php remote file include
100000630 || COMMUNITY WEB-PHP Indexu review_validate.php remote file include
100000631 || COMMUNITY WEB-PHP Indexu review_validate_edit.php remote file include
100000632 || COMMUNITY WEB-PHP Indexu summary.php remote file include
100000633 || COMMUNITY WEB-PHP Indexu template_active.php remote file include
100000634 || COMMUNITY WEB-PHP Indexu template_add_custom.php remote file include
100000635 || COMMUNITY WEB-PHP Indexu template_delete.php remote file include
100000636 || COMMUNITY WEB-PHP Indexu template_delete_file.php remote file include
100000637 || COMMUNITY WEB-PHP Indexu template_duplicate.php remote file include
100000638 || COMMUNITY WEB-PHP Indexu template_export.php remote file include
100000639 || COMMUNITY WEB-PHP Indexu template_import.php remote file include
100000640 || COMMUNITY WEB-PHP Indexu template_manager.php remote file include
100000641 || COMMUNITY WEB-PHP Indexu template_modify.php remote file include
100000642 || COMMUNITY WEB-PHP Indexu template_modify_file.php remote file include
100000643 || COMMUNITY WEB-PHP Indexu template_rename.php remote file include
100000644 || COMMUNITY WEB-PHP Indexu user_add.php remote file include
100000645 || COMMUNITY WEB-PHP Indexu user_delete.php remote file include
100000646 || COMMUNITY WEB-PHP Indexu user_edit.php remote file include
100000647 || COMMUNITY WEB-PHP Indexu user_search.php remote file include
100000648 || COMMUNITY WEB-PHP Indexu whos.php remote file include
100000649 || COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt
100000650 || COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt
100000651 || COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt
100000652 || COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt
100000653 || COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt
100000654 || COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt
100000655 || COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt
100000656 || COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt
100000657 || COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt
100000658 || COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt
100000659 || COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt
100000660 || COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt
100000661 || COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt
100000662 || COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt
100000663 || COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt
100000664 || COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt
100000665 || COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt
100000666 || COMMUNITY WEB-PHP Harpia files.php remote file include
100000667 || COMMUNITY WEB-PHP Harpia files.php remote file include
100000668 || COMMUNITY WEB-PHP Harpia pheader.php remote file include
100000669 || COMMUNITY WEB-PHP Harpia headlines.php remote file include
100000670 || COMMUNITY WEB-PHP Harpia web_statsConfig.php remote file include
100000671 || COMMUNITY WEB-PHP Harpia preload.php remote file include
100000672 || COMMUNITY WEB-PHP Harpia users.php remote file include
100000673 || COMMUNITY WEB-PHP Harpia web_statsConfig.php remote file include
100000674 || COMMUNITY WEB-PHP Harpia footer.php remote file include
100000675 || COMMUNITY WEB-PHP Harpia pfooter.php remote file include
100000676 || COMMUNITY WEB-PHP Harpia missing.php remote file include
100000677 || COMMUNITY WEB-PHP Harpia topics.php remote file include
100000678 || COMMUNITY WEB-PHP Harpia header.php remote file include
100000679 || COMMUNITY WEB-PHP Harpia index.php remote file include
100000680 || COMMUNITY WEB-PHP Harpia search.php remote file include
100000681 || COMMUNITY WEB-PHP Harpia header.php remote file include
100000682 || COMMUNITY WEB-PHP Harpia email.php remote file include
100000683 || COMMUNITY WEB-PHP cPanel select.html xss attempt
100000684 || COMMUNITY VIRUS OutBound Dremn Trojan Beacon
100000685 || COMMUNITY VIRUS Answering Dremn Trojan Server






More information about the Snort-sigs mailing list