EmergingThreats> Main Web>2002681 (revision 1)EditAttach

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Mambo Exploit"; flow:established,to_server; uricontent:".php"; nocase; pcre:"/mosConfig_absolute_path=(http|ftp)\:\//Ui"; reference:url,seclists.org/lists/fulldisclosure/2005/Nov/0528.html; reference:url,isc.sans.org/diary.php?storyid=869; reference:url,www.us-cert.gov/cas/bulletins/SB07-106.html; classtype:web-application-attack; sid:2002681; rev:6;)

Added 2007-04-17 00:45:25 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Mambo Exploit"; flow:established,to_server; uricontent:"index"; nocase; pcre:"/index(2?)\.php\?/iU"; uricontent:"_REQUEST"; nocase; pcre:"/mosConfig_absolute_path=(http|ftp)\:\//Ui"; reference:url,seclists.org/lists/fulldisclosure/2005/Nov/0528.html; reference:url,isc.sans.org/diary.php?storyid=869; classtype:web-application-attack; sid:2002681; rev:5;)



Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2007-04-17 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats