web-cgi.rules

来自「Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目」· RULES 代码 · 共 267 行 · 第 1/5 页

RULES
267
字号
12345
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI swc attempt"; flow:to_server,established; dsize:>1000; uricontent:"/swc"; nocase; classtype:attempted-recon; sid:1477;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI swc access"; flow:to_server,established; uricontent:"/swc"; nocase; classtype:attempted-recon; sid:1478;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI ttawebtop.cgi attempt"; flow:to_server,established; uricontent:"/ttawebtop.cgi"; nocase; content:"pg=../"; nocase; reference:cve,CVE-2001-0805; reference:bugtraq,2890; classtype:web-application-attack; sid:1479;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI ttawebtop.cgi access"; flow:to_server,established; uricontent:"/ttawebtop.cgi"; nocase; reference:cve,CVE-2001-0805; reference:bugtraq,2890; classtype:attempted-recon; sid:1480;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI upload.cgi access"; flow:to_server,established; uricontent:"/upload.cgi"; nocase; classtype:attempted-recon; sid:1481;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI view_source access"; flow:to_server,established; uricontent:"/view_source"; nocase; classtype:attempted-recon; sid:1482;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI ustorekeeper.pl directory traversal attempt"; flow:to_server,established; uricontent:"/ustorekeeper.pl"; nocase; content:"file=../../"; nocase; classtype:web-application-attack; sid:1730;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI ustorekeeper.pl access"; flow:to_server,established; uricontent:"/ustorekeeper.pl"; nocase; classtype:web-application-activity; sid:1483;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI icat access"; flow:to_server,established; uricontent:"/icat"; classtype:web-application-activity; reference:cve,CAN-1999-1069; sid:1606;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Bugzilla doeditvotes.cgi access"; flow:to_server,established; uricontent:"/doeditvotes.cgi"; classtype:web-application-activity; reference:cve,CAN-2002-0011; sid:1617;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI htsearch arbitrary configuration file attempt"; flow:to_server,established; uricontent:"/htsearch?-c"; nocase; classtype:web-application-attack; reference:cve,CVE-2000-0208; sid:1600;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI htsearch arbitrary file read attempt"; flow:to_server,established; uricontent:"/htsearch?exclude=`"; nocase; classtype:web-application-attack; reference:cve,CVE-2000-0208; sid:1601;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI htsearch access"; flow:to_server,established; uricontent:"/htsearch"; nocase; classtype:web-application-activity; reference:cve,CVE-2000-0208; sid:1602;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI a1stats a1disp3.cgi directory traversal attempt"; flow:to_server,established; uricontent:"/a1disp3.cgi?/../../"; reference:cve,CAN-2001-0561; classtype:web-application-attack; sid:1501;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI a1stats a1disp3.cgi access"; flow:to_server,established; uricontent:"/a1disp3.cgi"; reference:cve,CAN-2001-0561; classtype:web-application-activity; sid:1502;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI a1stats access"; flow:to_server,established; uricontent:"/a1stats/"; reference:cve,CAN-2001-0561; classtype:web-application-activity; sid:1731;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI admentor admin.asp access"; flow:to_server,established; uricontent:"/admentor/admin/admin.asp"; reference:bugtraq,4152; reference:url,www.securiteam.com/windowsntfocus/5DP0N1F6AW.html; classtype:web-application-activity; sid:1503;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI alchemy http server PRN arbitrary command execution attempt"; flow:to_server,established; uricontent:"/PRN/../../"; classtype:web-application-activity; reference:cve,CAN-2001-0871; sid:1505;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI alchemy http server NUL arbitrary command execution attempt"; flow:to_server,established; uricontent:"/NUL/../../"; classtype:web-application-activity; reference:cve,CAN-2001-0871; sid:1506;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI alibaba.pl arbitrary command execution attempt"; flow:to_server,established; uricontent:"/alibaba.pl\|"; classtype:web-application-attack; reference:cve,CAN-1999-0885; sid:1507;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI alibaba.pl access"; flow:to_server,established; uricontent:"/alibaba.pl"; classtype:web-application-activity; reference:cve ,CAN-1999-0885; sid:1508;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI AltaVista Intranet Search directory traversal attempt"; flow:to_server,established; uricontent:"/query?mss=.."; classtype:web-application-attack; reference:cve,CVE-2000-0039; sid:1509;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI test.bat arbitrary command execution attempt"; flow:to_server,established; uricontent:"/test.bat\|"; classtype:web-application-attack; reference:cve,CVE-1999-0947; sid:1510;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI test.bat access"; flow:to_server,established; uricontent:"/test.bat"; classtype:web-application-activity; reference:cve,CVE-1999-0947; sid:1511;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI input.bat arbitrary command execution attempt"; flow:to_server,established; uricontent:"/input.bat\|"; classtype:web-application-attack; reference:cve,CVE-1999-0947; sid:1512;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI input.bat access"; flow:to_server,established; uricontent:"/input.bat"; classtype:web-application-activity; reference:cve,CVE-1999-0947; sid:1513;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI input2.bat arbitrary command execution attempt"; flow:to_server,established; uricontent:"/input2.bat\|"; classtype:web-application-attack; reference:cve,CVE-1999-0947; sid:1514;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI input2.bat access"; flow:to_server,established; uricontent:"/input2.bat"; classtype:web-application-activity; reference:cve,CVE-1999-0947; sid:1515;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI envout.bat arbitrary command execution attempt"; flow:to_server,established; uricontent:"/envout.bat\|"; classtype:web-application-attack; reference:cve,CVE-1999-0947; sid:1516;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI envout.bat access"; flow:to_server,established; uricontent:"/envout.bat"; classtype:web-application-activity; reference:cve,CVE-1999-0947; sid:1517;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI echo.bat arbitrary command execution attempt"; flow:to_server,established; uricontent:"/echo.bat"; content:"&"; classtype:web-application-attack; sid:1705;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI echo.bat access"; flow:to_server,established; uricontent:"/echo.bat"; classtype:web-application-activity; sid:1706;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI hello.bat arbitrary command execution attempt"; flow:to_server,established; uricontent:"/hello.bat"; content:"&"; classtype:web-application-attack; sid:1707;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI hello.bat access"; flow:to_server,established; uricontent:"/hello.bat"; classtype:web-application-activity; sid:1708;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI tst.bat access"; flow:to_server,established; uricontent:"/tst.bat"; classtype:web-application-activity; reference:cve,CAN-1999-0885; reference:bugtraq,770; sid:1650;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI /cgi-bin/ls access"; flow:to_server,established; uricontent:"/cgi-bin/ls"; nocase; reference:cve,CAN-2000-0079; reference:bugtraq,936; classtype:web-application-activity; sid:1539;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI cgimail access"; flow:to_server,established; uricontent:"/cgimail"; nocase; reference:cve,CVE-2000-0726; classtype:web-application-activity; sid:1542;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI cgiwrap access"; flow:to_server,established; uricontent:"/cgiwrap"; nocase; reference:cve,CVE-1999-1530; reference:cve,CVE-2000-0431; reference:cve,CVE-2001-0987; classtype:web-application-activity; sid:1543;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI csSearch.cgi arbitrary command execution attempt"; flow:to_server,established; uricontent:"/csSearch.cgi"; content:"setup="; content:" `"; reference:bugtraq,4368; classtype:web-application-attack; sid:1547; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI csSearch.cgi access"; flow:to_server,established; uricontent:"/csSearch.cgi"; reference:bugtraq,4368; classtype:web-application-activity; sid:1548;  rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI /cart/cart.cgi access"; flow:to_server,established; uricontent:"/cart/cart.cgi"; reference:cve,CVE-2000-0252; classtype:web-application-activity; sid:1553;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI dbman db.cgi access"; flow:to_server,established; uricontent:"/dbman/db.cgi"; reference:cve,CVE-2000-0381; classtype:web-application-activity; sid:1554;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI DCShop access"; flow:to_server,established; uricontent:"/dcshop"; nocase; reference:cve,CAN-2001-0821; classtype:web-application-activity; sid:1555;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI DCShop orders.txt access"; flow:to_server,established; uricontent:"/orders/orders.txt"; nocase; reference:cve,CAN-2001-0821; classtype:web-application-activity; sid:1556;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI DCShop auth_user_file.txt access"; flow:to_server,established; uricontent:"/auth_data/auth_user_file.txt"; nocase; reference:cve,CAN-2001-0821; classtype:web-application-activity; sid:1557;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI eshop.pl arbitrary commane execution attempt"; flow:to_server,established; uricontent:"/eshop.pl?seite=\;"; nocase; reference:cve,CAN-2001-1014; classtype:web-application-attack; sid:1565;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI eshop.pl access"; flow:to_server,established; uricontent:"/eshop.pl"; nocase; reference:cve,CAN-2001-1014; classtype:web-application-activity; sid:1566;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI loadpage.cgi directory traversal attempt"; flow:to_server,established; uricontent:"/loadpage.cgi"; content:"file=../"; nocase; classtype:web-application-attack; sid:1569;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI loadpage.cgi access"; flow:to_server,established; uricontent:"/loadpage.cgi"; nocase; classtype:web-application-activity; sid:1570;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI faqmanager.cgi arbitrary file access attempt"; flow:to_server,established; uricontent:"/faqmanager.cgi?toc="; uricontent:"%00"; nocase; classtype:web-application-attack; reference:bugtraq,3810; sid:1590;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI faqmanager.cgi access"; flow:to_server,established; uricontent:"/faqmanager.cgi"; nocase; classtype:web-application-activity; reference:bugtraq,3810; sid:1591;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI /fcgi-bin/echo.exe access"; flow:to_server,established; uricontent:"/fcgi-bin/echo.exe"; nocase; classtype:web-application-activity; sid:1592;  rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI FormHandler.cgi directory traversal attempt attempt"; flow:to_server,established; uricontent:"/FormHandler.cgi"; nocase; content:"reply_message_attach="; nocase; content:"/../"; reference:cve,CAN-1999-1050; classtype:web-application-attack; sid:1628;  rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI FormHandler.cgi external site redirection attempt"; flow:to_server,established; uricontent:"/FormHandler.cgi"; nocase; content:"redirect=http"; classtype:web-application-attack; sid:1593;  rev:4;)
12345

web-cgi.rules - 源码说明

本页面展示了「Firestorm NIDS是一个性能非常高的网络入侵检测系统 (NIDS)。目前」中的 web-cgi.rules 源码文件,采用 RULES 编程语言编写,共 267 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与NIDS相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?