web-cgi.rules

来自「Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目」· RULES 代码 · 共 267 行 · 第 1/5 页

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI MachineInfo access";flow:to_server,established; uricontent:"/MachineInfo"; nocase; reference:cve,CAN-1999-1067; classtype:attempted-recon; sid:893;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bb-hist.sh attempt";flow:to_server,established; uricontent:"/bb-hist.sh?HISTFILE=../.."; nocase; reference:cve,CAN-1999-1462; reference:bugtraq,142; classtype:web-application-attack; sid:1531;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bb-hist.sh access";flow:to_server,established; uricontent:"/bb-hist.sh"; nocase; reference:cve,CAN-1999-1462; reference:bugtraq,142; classtype:attempted-recon; sid:894;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bb-histlog.sh access";flow:to_server,established; uricontent:"/bb-histlog.sh"; nocase; reference:bugtraq,142; reference:cve,CAN-1999-1462; classtype:attempted-recon; sid:1459;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bb-histsvc.sh access";flow:to_server,established; uricontent:"/bb-histsvc.sh"; nocase; reference:bugtraq,142; reference:cve,CAN-1999-1462; classtype:attempted-recon; sid:1460;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bb-hostscv.sh attempt"; flow:to_server,established; uricontent:"/bb-hostsvc.sh?HOSTSVC?../.."; nocase; reference:cve,CVE-2000-0638; classtype:web-application-attack; sid:1532;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bb-hostscv.sh access"; flow:to_server,established; uricontent:"/bb-hostsvc.sh"; nocase; reference:cve,CVE-2000-0638; classtype:web-application-activity; sid:1533;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bb-rep.sh access";flow:to_server,established; uricontent:"/bb-rep.sh"; nocase; reference:bugtraq,142; reference:cve,CAN-1999-1462; classtype:attempted-recon; sid:1461;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bb-replog.sh access";flow:to_server,established; uricontent:"/bb-replog.sh"; nocase; reference:bugtraq,142; reference:cve,CAN-1999-1462; classtype:attempted-recon; sid:1462;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI redirect access";flow:to_server,established; uricontent:"/redirect"; nocase;reference:bugtraq,1179; reference:cve,CVE-2000-0382; classtype:attempted-recon; sid:895;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wayboard attempt"; uricontent:"/way-board/way-board.cgi"; content:"db="; content:"../.."; nocase; flow:to_server,established; reference:bugtraq,2370; reference:cve,CAN-2001-0214; classtype:web-application-attack; sid:1397;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wayboard access"; uricontent:"/way-board"; nocase; flow:to_server,established; reference:bugtraq,2370;  reference:cve,CAN-2001-0214; classtype:web-application-activity; sid:896;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI pals-cgi arbitrary file read attempt"; flow:to_server,established; uricontent:"/pals-cgi"; nocase; content:"documentName="; classtype:web-application-attack; reference:cve,CAN-2001-0217; reference:bugtraq,2372; sid:1222;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI pals-cgi access"; uricontent:"/pals-cgi"; nocase; flow:to_server,established; reference:cve,CAN-2001-0216; reference:cve,CAN-2001-0217; reference:bugtraq,2372; classtype:attempted-recon; sid:897;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI commerce.cgi attempt"; uricontent:"/commerce.cgi?page=../.."; nocase; flow:to_server,established; reference:bugtraq,2361; reference:cve,CAN-2001-0210; classtype:attempted-recon; sid:1572;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI commerce.cgi access"; uricontent:"/commerce.cgi"; nocase; flow:to_server,established; reference:bugtraq,2361; reference:cve,CAN-2001-0210; classtype:attempted-recon; sid:898;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Amaya templates sendtemp.pl directory traversal attempt"; uricontent:"/sendtemp.pl"; nocase; content:"templ="; nocase; flow:to_server,established; reference:bugtraq,2504; reference:cve,CAN-2001-0272; classtype:web-application-attack; sid:899;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Amaya templates sendtemp.pl access"; uricontent:"/sendtemp.pl"; nocase; flow:to_server,established; reference:bugtraq,2504; reference:cve,CAN-2001-0272; classtype:web-application-activity; sid:1702;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI webspirs directory traversal attempt"; uricontent:"/webspirs.cgi"; nocase; content:"../../"; nocase; flow:to_server,established; reference:cve,CAN-2001-0211; reference:bugtraq,2362; classtype:web-application-attack; sid:900;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI webspirs access"; uricontent:"/webspirs.cgi"; nocase; flow:to_server,established; reference:cve,CAN-2001-0211; reference:bugtraq,2362; classtype:attempted-recon; sid:901;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI tstisapi.dll access"; uricontent:"tstisapi.dll"; nocase; flow:to_server,established; reference:cve,CAN-2001-0302; classtype:attempted-recon; sid:902;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI sendmessage.cgi access"; uricontent:"/sendmessage.cgi"; nocase; flow:to_server,established; classtype:attempted-recon; sid:1308;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI lastlines.cgi access"; uricontent:"/lastlines.cgi"; nocase; flow:to_server,established; reference:bugtraq,3755; reference:bugtraq,3754; classtype:attempted-recon; sid:1392;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI zml.cgi attempt"; flow:to_server,established; uricontent:"/zml.cgi"; content:"file=../"; reference:cve,CAN-2001-1209; reference:bugtraq,3759; classtype:web-application-activity; sid:1395;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI zml.cgi access"; flow:to_server,established; uricontent:"/zml.cgi"; reference:cve,CAN-2001-1209; reference:bugtraq,3759; classtype:web-application-activity; sid:1396;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI AHG search.cgi access"; uricontent:"/publisher/search.cgi"; nocase; content:"template="; nocase; flow:to_server,established; reference:bugtraq,3985; classtype:web-application-activity; sid:1405;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI agora.cgi attempt"; flow:to_server,established; uricontent:"/store/agora.cgi?cart_id=<SCRIPT>"; nocase; reference:cve,CAN-2001-1199; reference:bugtraq,3976; classtype:web-application-attack; sid:1534;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI agora.cgi access"; flow:to_server,established; uricontent:"/store/agora.cgi"; nocase; reference:cve,CAN-2001-1199; reference:bugtraq,3976; classtype:web-application-activity; sid:1406;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI rksh access";flow:to_server,established; uricontent:"/rksh"; nocase; reference:url,www.cert.org/advisories/CA-1996-11.html; reference:cve,CAN-1999-0509; classtype:attempted-recon; sid:877;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bash access";flow:to_server,established; uricontent:"/bash"; nocase; reference:cve,CAN-1999-0509; reference:url,www.cert.org/advisories/CA-1996-11.html; classtype:web-application-activity; sid:885; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI perl.exe command attempt";flow:to_server,established; uricontent:"/perl.exe?"; nocase; reference:cve,CAN-1999-0509; reference:url,www.cert.org/advisories/CA-1996-11.html; reference:arachnids,219;classtype:attempted-recon; sid:1648;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI perl.exe access";flow:to_server,established; uricontent:"/perl.exe"; nocase; reference:cve,CAN-1999-0509; reference:url,www.cert.org/advisories/CA-1996-11.html; reference:arachnids,219;classtype:attempted-recon; sid:832;  rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI perl command attempt";flow:to_server,established; uricontent:"/perl?"; nocase; reference:cve,CAN-1999-0509; reference:url,www.cert.org/advisories/CA-1996-11.html; reference:arachnids,219; classtype:attempted-recon; sid:1649;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI zsh access";flow:to_server,established; uricontent:"/zsh"; nocase; reference:url,www.cert.org/advisories/CA-1996-11.html; reference:cve,CAN-1999-0509; classtype:attempted-recon; sid:1309;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI csh access";flow:to_server,established; uricontent:"/csh"; nocase; reference:url,www.cert.org/advisories/CA-1996-11.html; reference:cve,CAN-1999-0509;classtype:attempted-recon; sid:862;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI tcsh access";flow:to_server,established; uricontent:"/tcsh"; nocase; reference:url,www.cert.org/advisories/CA-1996-11.html; reference:cve,CAN-1999-0509;classtype:attempted-recon; sid:872;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI rsh access";flow:to_server,established; uricontent:"/rsh"; nocase; reference:cve,CAN-1999-0509; reference:url,www.cert.org/advisories/CA-1996-11.html; classtype:attempted-recon; sid:868;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI ksh access";flow:to_server,established; uricontent:"/ksh"; nocase; reference:url,www.cert.org/advisories/CA-1996-11.html; reference:cve,CAN-1999-0509;classtype:attempted-recon; sid:865;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI auktion.cgi directory traversal attempt"; flow:to_server,established; uricontent:"/auktion.cgi"; nocase; content:"menue=../../"; nocase; reference:bugtraq,2367; reference:cve,CAN-2001-0212; classtype:web-application-attack; sid:1703;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI auktion.cgi access"; flow:to_server,established; uricontent:"/auktion.cgi"; nocase; reference:bugtraq,2367; reference:cve,CAN-2001-0212; classtype:web-application-activity; sid:1465;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI cgiforum.pl attempt"; flow:to_server,established; uricontent:"/cgiforum.pl?thesection=../.."; nocase; reference:bugtraq,1963; reference:cve,CVE-2000-1171; classtype:web-application-attack; sid:1573;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI cgiforum.pl access"; flow:to_server,established; uricontent:"/cgiforum.pl"; nocase; reference:bugtraq,1963; reference:cve,CVE-2000-1171; classtype:web-application-activity; sid:1466;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI directorypro.cgi attempt"; flow:to_server,established; uricontent:"/directorypro.cgi"; content:"show=../.."; nocase; reference:cve,CAN-2001-0780; classtype:web-application-attack; sid:1574;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI directorypro.cgi access"; flow:to_server,established; uricontent:"/directorypro.cgi"; nocase; reference:cve,CAN-2001-0780; classtype:web-application-activity; sid:1467;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Web Shopper shopper.cgi attempt"; flow:to_server,established; uricontent:"/shopper.cgi"; nocase; content:"newpage=../"; nocase; reference:cve,CVE-2000-0922; reference:bugtraq,1776; classtype:web-application-attack; sid:1468;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Web Shopper shopper.cgi access"; flow:to_server,established; uricontent:"/shopper.cgi"; nocase; reference:cve,CVE-2000-0922; reference:bugtraq,1776; classtype:attempted-recon; sid:1469;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI listrec.pl access"; flow:to_server,established; uricontent:"/listrec.pl"; nocase; reference:cve,CAN-2001-0997; classtype:attempted-recon; sid:1470;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI mailnews.cgi access"; flow:to_server,established; uricontent:"/mailnews.cgi"; nocase; reference:cve,CAN-2001-0271; classtype:attempted-recon; sid:1471;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI book.cgi access"; flow:to_server,established; uricontent:"/book.cgi"; nocase; reference:cve,CVE-2001-1114; reference:bugtraq,3178; classtype:attempted-recon; sid:1472;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI newsdesk.cgi access"; flow:to_server,established; uricontent:"/newsdesk.cgi"; nocase; reference:cve,CAN-2001-0232; classtype:attempted-recon; sid:1473;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI cal_make.pl directory traversal attempt"; flow:to_server,established; uricontent:"/cal_make.pl"; nocase; content:"p0=../../"; nocase; reference:cve,CVE-2001-0463; reference:bugtraq,2663; classtype:web-application-attack; sid:1704;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI cal_make.pl access"; flow:to_server,established; uricontent:"/cal_make.pl"; nocase; reference:cve,CVE-2001-0463; reference:bugtraq,2663; classtype:web-application-activity; sid:1474;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI mailit.pl access"; flow:to_server,established; uricontent:"/mailit.pl"; nocase; classtype:attempted-recon; sid:1475;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI sdbsearch.cgi access"; flow:to_server,established; uricontent:"/sdbsearch.cgi"; nocase; reference:cve,CAN-2001-1130; classtype:attempted-recon; sid:1476;  rev:3;)