[Snort-users] Talenttsoft Web+ exploit signature

Joseph Nicholas Yarbrough nyarbrough at ...262...
Fri Sep 29 12:58:40 EDT 2000


Here is a snort signature for the recent Talentsoft Web+ exploit.

Snort standard rule:
alert tcp !$HOME_NET any -> $HOME_NET 80 (msg:"WEB-CGI-WEB-PLUS - possible Talentsoft Web+ exploit attempt"; flags:PA; content:"webplus.cgi?Script=/webplus/webping/webping.wml";)

Snort "any" rule:
alert tcp any any -> any 80 (msg:"WEB-CGI-WEB-PLUS - possible Talentsoft Web+ exploit attempt";flags:PA; content:"webplus.cgi?Script=/webplus/webping/webping.wml";)


-Nick

Joseph Nicholas Yarbrough
Network Security Analyst
LURHQ Corporation
==========================>
nyarbrough at ...262...




More information about the Snort-users mailing list