web-cgi.rules

来自「Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目」· RULES 代码 · 共 267 行 · 第 1/5 页

RULES
267
字号
12345
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI args.cmd access";flow:to_server,established; uricontent:"/args.cmd"; nocase; reference:cve,CAN-1999-1374; classtype:attempted-recon; sid:1452;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI AT-admin.cgi access";flow:to_server,established; uricontent:"/AT-admin.cgi"; nocase; reference:cve,CAN-1999-1072; classtype:attempted-recon; sid:845;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI AT-generated.cgi access";flow:to_server,established; uricontent:"/AT-generated.cgi"; nocase; reference:cve,CAN-1999-1072; classtype:attempted-recon; sid:1453;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bnbform.cgi access";flow:to_server,established; uricontent:"/bnbform.cgi"; nocase; reference:cve,CVE-1999-0937; reference:bugtraq,1469; classtype:attempted-recon; sid:846;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI campas access";flow:to_server,established; uricontent:"/campas"; nocase; reference:cve,CVE-1999-0146; reference:bugtraq,1975; classtype:attempted-recon; sid:847;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI view-source directory traversal";flow:to_server,established; uricontent:"/view-source"; nocase; content:"../"; nocase; reference:cve,CVE-1999-0174;classtype:web-application-attack; sid:848;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI view-source access";flow:to_server,established; uricontent:"/view-source"; nocase; reference:cve,CVE-1999-0174;classtype:attempted-recon; sid:849;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wais.pl access";flow:to_server,established; uricontent:"/wais.pl"; nocase; classtype:attempted-recon; sid:850;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wwwwais access";flow:to_server,established; uricontent:"/wwwwais"; nocase; reference:cve,CAN-2001-0223; classtype:attempted-recon; sid:1454;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI files.pl access";flow:to_server,established; uricontent:"/files.pl"; nocase; reference:cve,CAN-1999-1081; classtype:attempted-recon; sid:851;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wguest.exe access";flow:to_server,established; uricontent:"/wguest.exe"; nocase; reference:cve,CAN-1999-0467; reference:bugtraq,2024; classtype:attempted-recon; sid:852;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wrap access"; flow:to_server,established; uricontent: "/wrap"; reference:bugtraq,373; reference:arachnids,234; reference:cve,CVE-1999-0149;classtype:attempted-recon; sid:853;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI classifieds.cgi access";flow:to_server,established; uricontent:"/classifieds.cgi"; nocase; reference:bugtraq,2020; reference:cve,CVE-1999-0934;classtype:attempted-recon; sid:854;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI environ.cgi access";flow:to_server,established; uricontent:"/environ.cgi"; nocase;classtype:attempted-recon; sid:856;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI faxsurvey attempt (full path)"; flow:to_server,established; uricontent:"/faxsurvey?/"; nocase; reference:cve,CVE-1999-0262; reference:bugtraq,2056; classtype:web-application-attack; sid:1647;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI faxsurvey attempt"; flow:to_server,established; uricontent:"/faxsurvey?cat%20"; nocase; reference:cve,CVE-1999-0262; reference:bugtraq,2056; classtype:web-application-attack; sid:1609;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI faxsurvey access"; flow:to_server,established; uricontent:"/faxsurvey"; nocase; reference:cve,CVE-1999-0262; reference:bugtraq,2056; classtype:web-application-activity; sid:857;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI filemail access"; flow:to_server,established; uricontent:"/filemail.pl"; nocase; reference:cve,CAN-1999-1154; classtype:attempted-recon; sid:858;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI man.sh access"; flow:to_server,established; uricontent:"/man.sh"; nocase; reference:cve,CAN-1999-1179; classtype:attempted-recon; sid:859;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI snork.bat access";flow:to_server,established; uricontent:"/snork.bat"; nocase; reference:bugtraq,1053; reference:cve,CVE-2000-0169; reference:arachnids,220;classtype:attempted-recon; sid:860;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI w3-msql access";flow:to_server,established; uricontent:"/w3-msql/"; nocase; reference:bugtraq,591; reference:cve,CVE-1999-0276; reference:arachnids,210;classtype:attempted-recon; sid:861;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI day5datacopier.cgi access";flow:to_server,established; uricontent:"/day5datacopier.cgi"; nocase; reference:cve,CAN-1999-1232; classtype:attempted-recon; sid:863;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI day5datanotifier.cgi access"; flow:to_server,established; uricontent:"/day5datanotifier.cgi"; nocase; reference:cve,CAN-1999-1232; classtype:attempted-recon; sid:864;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI post-query access"; flow:to_server,established; uricontent:"/post-query"; nocase; reference:cve,CAN-2001-0291; classtype:attempted-recon; sid:866;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI visadmin.exe access";flow:to_server,established; uricontent:"/visadmin.exe"; nocase; reference:bugtraq,1808; reference:cve,CAN-1999-1970;classtype:attempted-recon; sid:867;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI dumpenv.pl access";flow:to_server,established; uricontent:"/dumpenv.pl"; nocase; reference:cve,CAN-1999-1178; classtype:attempted-recon; sid:869;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI calendar_admin.pl arbitrary command execution attempt"; flow:to_server,established; uricontent:"/calendar_admin.pl?config=\|"; classtype:web-application-attack; reference:cve,CVE-2000-0432; sid:1536;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI calendar_admin.pl access"; flow:to_server,established; uricontent:"/calendar_admin.pl"; classtype:web-application-activity; reference:cve,CVE-2000-0432; sid:1537;  rev:4;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI calender_admin.pl access"; flow:to_server,established; uricontent:"/calender_admin.pl"; nocase; reference:cve,CVE-2000-0432; classtype:attempted-recon; sid:1456;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI calendar-admin.pl access"; flow:to_server,established; uricontent:"/calendar-admin.pl"; nocase; reference:bugtraq,1215; classtype:web-application-activity; sid:1701;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI calender.pl access"; flow:to_server,established; uricontent:"/calender.pl"; nocase; reference:cve,CVE-2000-0432; classtype:attempted-recon; sid:1455;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI calendar access";flow:to_server,established; uricontent:"/calendar"; nocase; classtype:attempted-recon; sid:882;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI user_update_admin.pl access"; flow:to_server,established; uricontent:"/user_update_admin.pl"; nocase; reference:cve,CVE-2000-0627; classtype:attempted-recon; sid:1457;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI user_update_passwd.pl access"; flow:to_server,established; uricontent:"/user_update_passwd.pl"; nocase; reference:cve,CVE-2000-0627; classtype:attempted-recon; sid:1458;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI snorkerz.cmd access";flow:to_server,established; uricontent:"/snorkerz.cmd"; nocase;classtype:attempted-recon; sid:870;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI survey.cgi access";flow:to_server,established; uricontent:"/survey.cgi"; nocase; reference:bugtraq,1817; reference:cve,CVE-1999-0936; classtype:attempted-recon; sid:871;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI scriptalias access"; flow:to_server,established; uricontent: "///"; reference:cve,CVE-1999-0236; reference:bugtraq,2300; reference:arachnids,227; classtype:attempted-recon; sid:873;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI w3-msql solaris x86  access"; flow:to_server,established; uricontent: "/bin/shA-cA/usr/openwin"; nocase; reference:cve,CVE-1999-0276; reference:arachnids,211;classtype:attempted-recon; sid:874;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI win-c-sample.exe access"; flow:to_server,established; uricontent: "/win-c-sample.exe"; nocase; reference:bugtraq,2078; reference:arachnids,231; reference:cve,CVE-1999-0178;classtype:attempted-recon; sid:875;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI w3tvars.pm access";flow:to_server,established; uricontent:"/w3tvars.pm"; nocase; classtype:attempted-recon; sid:878;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI admin.pl access";flow:to_server,established; uricontent:"/admin.pl"; nocase; reference:url,online.securityfocus.com/archive/1/249355; reference:bugtraq,3839; classtype:attempted-recon; sid:879;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI LWGate access";flow:to_server,established; uricontent:"/LWGate"; nocase; reference:url,www.netspace.org/~dwb/lwgate/lwgate-history.html; reference:url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm; classtype:attempted-recon; sid:880;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI archie access";flow:to_server,established; uricontent:"/archie"; nocase; classtype:attempted-recon; sid:881;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI flexform access";flow:to_server,established; uricontent:"/flexform"; nocase; reference:url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm; classtype:attempted-recon; sid:883;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI formmail attempt"; flow:to_server,established; uricontent:"/formmail"; nocase; content:"%0a"; nocase; reference:bugtraq,1187; reference:cve,CVE-1999-0172; reference:arachnids,226; classtype:web-application-attack; sid:1610;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI formmail access";flow:to_server,established; uricontent:"/formmail"; nocase; reference:bugtraq,1187; reference:cve,CVE-1999-0172; reference:arachnids,226; classtype:web-application-activity; sid:884;  rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI phf arbitrary command execution attempt";flow:to_server,established; uricontent:"/phf"; nocase; content:"QALIAS"; nocase; content:"%0a/"; reference:bugtraq,629; reference:arachnids,128; reference:cve,CVE-1999-0067; classtype:web-application-attack; sid:1762; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI phf access";flow:to_server,established; uricontent:"/phf"; nocase; reference:bugtraq,629; reference:arachnids,128; reference:cve,CVE-1999-0067;  classtype:web-application-activity; sid:886; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI www-sql access";flow:to_server,established; uricontent:"/www-sql"; nocase; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=88704258804054&w=2; classtype:attempted-recon; sid:887;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wwwadmin.pl access";flow:to_server,established; uricontent:"/wwwadmin.pl"; nocase; classtype:attempted-recon; sid:888;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI ppdscgi.exe access";flow:to_server,established; uricontent:"/ppdscgi.exe"; nocase; reference:bugtraq,491; reference:url,online.securityfocus.com/archive/1/16878; classtype:attempted-recon; sid:889;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI sendform.cgi access";flow:to_server,established; uricontent:"/sendform.cgi"; nocase; reference:url,www.scn.org/help/sendform.txt; classtype:attempted-recon; sid:890;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI upload.pl access";flow:to_server,established; uricontent:"/upload.pl"; nocase; classtype:attempted-recon; sid:891;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI AnyForm2 access";flow:to_server,established; uricontent:"/AnyForm2"; nocase; reference:bugtraq,719; reference:cve,CVE-1999-0066; classtype:attempted-recon; sid:892;  rev:6;)
12345

web-cgi.rules - 源码说明

本页面展示了「Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前」中的 web-cgi.rules 源码文件,采用 RULES 编程语言编写,共 267 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与NIDS相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?