Main Webalert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Asp-Audit Web Scan Detected"; flow:to_server,established; content:"GET /?<//STYLE=x|3a|e/**/xpression(alert('asp-audit'))>"; depth:80; classtype:attempted-recon; reference:url,www.hacker-soft.net/Soft/Soft_2895.htm; reference:url,wiki.remote-exploit.org/backtrack/wiki/asp-audit; reference:url,doc.emergingthreats.net/2009479; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_AspAudit; sid:2009479; rev:3;) Added 2009-07-01 21:45:34 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Asp-Audit Web Scan Detected"; flow:to_server,established; content:"GET /?<//STYLE=x|3a|e/**/xpression(alert('asp-audit'))>"; depth:80; classtype:attempted-recon; reference:url,www.hacker-soft.net/Soft/Soft_2895.htm; reference:url,wiki.remote-exploit.org/backtrack/wiki/asp-audit; reference:url,doc.emergingthreats.net/2009479; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_AspAudit; sid:2009479; rev:3;) Added 2009-07-01 21:45:34 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Asp-Audit Web Scan Detected"; flow:to_server,established; content:"GET /?<//STYLE=x:e/**/xpression(alert('asp-audit'))>"; depth:80; classtype:attempted-recon; reference:url,www.hacker-soft.net/Soft/Soft_2895.htm; reference:url,wiki.remote-exploit.org/backtrack/wiki/asp-audit; reference:url,doc.emergingthreats.net/2009479; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_AspAudit; sid:2009479; rev:2;) Added 2009-07-01 20:03:01 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Asp-Audit Web Scan Detected"; flow:to_server,established; content:"GET /?<//STYLE=x:e/**/xpression(alert('asp-audit'))>"; depth:80; classtype:attempted-recon; reference:url,www.hacker-soft.net/Soft/Soft_2895.htm; reference:url,wiki.remote-exploit.org/backtrack/wiki/asp-audit; reference:url,doc.emergingthreats.net/2009479; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_AspAudit; sid:2009479; rev:2;) Added 2009-07-01 20:03:01 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN Asp-Audit Web Scan Detected"; flow:to_server,established; content:"GET /?<//STYLE=x:e/**/xpression(alert('asp-audit'))>"; depth:80; classtype:attempted-recon; reference:url,www.hacker-soft.net/Soft/Soft_2895.htm; reference:url,wiki.remote-exploit.org/backtrack/wiki/asp-audit; sid:2009479; rev:1;) Added 2009-07-01 10:30:35 UTC
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback