[Snort-sigs] false positive for WEB-ATTACKS rm command attempt

DH dchenders at ...3231...
Fri May 26 05:05:18 EDT 2006


GEN:SID 	1:1365 
Message 	WEB-ATTACKS rm command attempt 
Summary 	Attempted rm command access via web
Impact 	Attempt to delete files on a webserver.	
--
False Positives:
here are some examples of a false positive
 
120 : 72 3D 73 6C 76 31 2D 63 63 6C 65 26 70 3D 75 6E   r=slv1-ccle&p=un
130 : 69 66 6F 72 6D 25 32 30 61 63 72 6F 73 73 25 32   iform%20across%2
030 : 74 69 6F 6E 3D 4C 4F 4E 47 25 32 30 54 45 52 4D   tion=LONG%20TERM
040 : 25 32 30 44 52 55 47 25 32 30 54 48 45 52 41 50   %20DRUG%20THERAP
030 : 74 69 6F 6E 3D 53 48 4F 52 54 25 32 30 41 52 4D   tion=SHORT%20ARM
040 : 25 32 30 53 50 4C 49 4E 54 20 48 54 54 50 2F 31   %20SPLINT HTTP/1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20060526/b29a17e6/attachment.html>


More information about the Snort-sigs mailing list