[Snort-users] More Talensoft and SmartWIn CyberOffice Sigs

Keith Pachulski Keith.Pachulski at ...222...
Tue Oct 3 10:11:06 EDT 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"Talentsoft Web+ File
Disclosure Vulnerability";flags:PA;
content:"webplus.cgi?Script=/webplus/webping/webping.wml";)

alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"Talentsoft Web+ Source
Code Disclosure Vulnerability";flags:PA;
content:"webplus.exe?script=test.wml";)

alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"Talentsoft Web+
Internal IP Address Disclosure Vulnerability";flags:PA;
content:"webplus.exe?about";)

alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"SmartWin CyberOffice
Shopping Cart 2.0 Information Disclosure Vulnerability";flags:PA;
content:"_private/shopping_cart.mdb";)

- -----Original Message-----
From: Joseph Nicholas Yarbrough [mailto:nyarbrough at ...262...]
Sent: Friday, September 29, 2000 12:59 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Talenttsoft Web+ exploit signature



Here is a snort signature for the recent Talentsoft Web+ exploit.

Snort standard rule:
alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"WEB-CGI-WEB-PLUS -
possible Talentsoft Web+ exploit attempt"; flags:PA;
content:"webplus.cgi?Script=/webplus/webping/webping.wml";)

Snort "any" rule:
alert tcp any any -> any 80 (msg:"WEB-CGI-WEB-PLUS - possible
Talentsoft Web+ exploit attempt";flags:PA;
content:"webplus.cgi?Script=/webplus/webping/webping.wml";)


- -Nick

Joseph Nicholas Yarbrough
Network Security Analyst
LURHQ Corporation
==========================>
nyarbrough at ...262...

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOdnp1OGTq6qVSXTQEQIQCACeJZInDdhU24fEtYSucneirrjpOUYAnRTd
RomC9TnuZ4Xh1crdnZsIBYN8
=v+l2
-----END PGP SIGNATURE-----



More information about the Snort-users mailing list