##alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt"; flow:established,to_server; uricontent:"/php-calendar-1.1/update"; nocase; uricontent:"configfile="; nocase; content:".php"; nocase; pcre:"/\x2Fphp-calendar-1.1\x2Fupdate(08|10)\x2Ephp(\x3F|.*(\x26|\x3B))configfile=[^\x26\x3B]*[^a-zA-Z0-9_]/Ui"; reference:url,securitytracker.com/alerts/2009/Dec/1023375.html; reference:cve,2009-3702; reference:url,doc.emergingthreats.net/2010531; classtype:web-application-attack; sid:2010531; rev:2;)

Added 2011-10-12 19:29:58 UTC


##alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt"; flow:established,to_server; uricontent:"/php-calendar-1.1/update"; nocase; uricontent:"configfile="; nocase; content:".php"; nocase; pcre:"/\x2Fphp-calendar-1.1\x2Fupdate(08|10)\x2Ephp(\x3F|.*(\x26|\x3B))configfile=[^\x26\x3B]*[^a-zA-Z0-9_]/Ui"; classtype:web-application-attack; reference:url,securitytracker.com/alerts/2009/Dec/1023375.html; reference:cve,2009-3702; reference:url,doc.emergingthreats.net/2010531; sid:2010531; rev:2;)

Added 2011-09-14 22:43:11 UTC


##alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt"; flow:established,to_server; uricontent:"/php-calendar-1.1/update"; nocase; uricontent:"configfile="; nocase; content:".php"; nocase; pcre:"/\x2Fphp-calendar-1.1\x2Fupdate(08|10)\x2Ephp(\x3F|.*(\x26|\x3B))configfile=[^\x26\x3B]*[^a-zA-Z0-9_]/Ui"; classtype:web-application-attack; reference:url,securitytracker.com/alerts/2009/Dec/1023375.html; reference:cve,2009-3702; reference:url,doc.emergingthreats.net/2010531; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHPCalendar; sid:2010531; rev:2;)

Added 2011-02-04 17:30:06 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt"; flow:established,to_server; uricontent:"/php-calendar-1.1/update"; nocase; uricontent:"configfile="; nocase; content:".php"; nocase; pcre:"/\x2Fphp-calendar-1.1\x2Fupdate(08|10)\x2Ephp(\x3F|.*(\x26|\x3B))configfile=[^\x26\x3B]*[^a-zA-Z0-9_]/Ui"; classtype:web-application-attack; reference:url,securitytracker.com/alerts/2009/Dec/1023375.html; reference:cve,2009-3702; reference:url,doc.emergingthreats.net/2010531; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHPCalendar; sid:2010531; rev:2;)

Added 2009-12-21 10:30:44 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt"; flow:established,to_server; uricontent:"/php-calendar-1.1/update"; nocase; uricontent:"configfile="; nocase; content:".php"; nocase; pcre:"/\x2Fphp-calendar-1.1\x2Fupdate(08|10)\x2Ephp(\x3F|.*(\x26|\x3B))configfile=[^\x26\x3B]*[^a-zA-Z0-9_]/Ui"; classtype:web-application-attack; reference:url,securitytracker.com/alerts/2009/Dec/1023375.html; reference:cve,2009-3702; reference:url,doc.emergingthreats.net/2010531; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHPCalendar; sid:2010531; rev:2;)

Added 2009-12-21 10:30:44 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt"; flow:established,to_server; uricontent:"/php-calendar-1.1/update"; nocase; uricontent:".php?configfile="; nocase; content:".php"; nocase; pcre:"/\x2Fphp-calendar-1.1\x2Fupdate(08|10)\x2Ephp\x3Fconfigfile=.+\x2Ephp/Ui"; classtype:web-application-attack; reference:url,securitytracker.com/alerts/2009/Dec/1023375.html; reference:cve,2009-3702; sid:2010531; rev:1;)

Added 2009-12-21 10:00:46 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats