948.txt

来自「This is the snapshot of Snot Latest Rule」· 文本 代码 · 共 73 行

Rule:

--
Sid:
948

--

Summary:
This event is generated when an attempt is made to access a file with 
Microsoft Frontpage form results.

--

Impact:
If successful, the attacker can read sensitive data users have posted 
via forms within the Frontpage web.

--

Detailed Information:
On systems running Microsoft Frontpage Extensions on IIS or Apache web 
servers users can insert forms into web pages and have their data saved 
into a text file (/_private/form_results.txt) which can later be read or
emailed to the user. If direct access to the file is possible, the 
attacker may read the sensitive data posted from the form.

--

Affected Systems:
All systems running FPSE.

--

Attack Scenarios:
An attacker can request the file from its standard location, entering 
the exact URL.

--

Ease of Attack:
Simple. No exploit software required.

--

False Positives:
None known

--

False Negatives:
None known.

--

Corrective Action:
Disable direct access to the file /_private/form_results.txt

Restrict access to the file using password protection.

--

Contributors:
Original Rule Writer Unknown
Snort documentation contributed by Chaos <c@aufbix.org>

-- 

Additional References:


--