⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 web-iis.rules

📁 This is the snapshot of Snot Latest Rules
💻 RULES
📖 第 1 页 / 共 4 页
字号:
🔍
1234 
# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS Battleaxe Forum login.asp access"; flow:to_server,established; uricontent:"myaccount/login.asp"; nocase; metadata:service http; reference:bugtraq,7416; reference:cve,2003-0215; reference:nessus,11548; classtype:web-application-activity; sid:2117; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS nsiislog.dll access"; flow:to_server,established; uricontent:"/nsiislog.dll"; nocase; metadata:service http; reference:bugtraq,8035; reference:cve,2003-0227; reference:cve,2003-0349; reference:nessus,11664; reference:url,www.microsoft.com/technet/security/bulletin/ms03-018.mspx; classtype:web-application-activity; sid:2129; rev:13;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS IISProtect siteadmin.asp access"; flow:to_server,established; uricontent:"/iisprotect/admin/SiteAdmin.asp"; nocase; metadata:service http; reference:bugtraq,7675; reference:cve,2003-0377; reference:nessus,11662; classtype:web-application-activity; sid:2130; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS IISProtect globaladmin.asp access"; flow:to_server,established; uricontent:"/iisprotect/admin/GlobalAdmin.asp"; nocase; metadata:service http; reference:nessus,11661; classtype:web-application-activity; sid:2157; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS IISProtect access"; flow:to_server,established; uricontent:"/iisprotect/admin/"; nocase; metadata:service http; reference:nessus,11661; classtype:web-application-activity; sid:2131; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS Synchrologic Email Accelerator userid list access attempt"; flow:to_server,established; uricontent:"/en/admin/aggregate.asp"; nocase; metadata:service http; reference:nessus,11657; classtype:web-application-activity; sid:2132; rev:4;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS MS BizTalk server access"; flow:to_server,established; uricontent:"/biztalkhttpreceive.dll"; nocase; metadata:service http; reference:bugtraq,7469; reference:bugtraq,7470; reference:cve,2003-0117; reference:cve,2003-0118; reference:nessus,11638; reference:url,www.microsoft.com/technet/security/bulletin/MS03-016.mspx; classtype:web-application-activity; sid:2133; rev:9;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS register.asp access"; flow:to_server,established; uricontent:"/register.asp"; nocase; metadata:service http; reference:nessus,11621; classtype:web-application-activity; sid:2134; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS UploadScript11.asp access"; flow:to_server,established; uricontent:"/UploadScript11.asp"; nocase; metadata:service http; reference:bugtraq,3608; reference:cve,2001-0938; reference:nessus,11746; classtype:web-application-activity; sid:2247; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS DirectoryListing.asp access"; flow:to_server,established; uricontent:"/DirectoryListing.asp"; nocase; metadata:service http; reference:cve,2001-0938; classtype:web-application-activity; sid:2248; rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS /pcadmin/login.asp access"; flow:to_server,established; uricontent:"/pcadmin/login.asp"; nocase; metadata:service http; reference:bugtraq,8103; reference:nessus,11785; classtype:web-application-activity; sid:2249; rev:6;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS foxweb.exe access"; flow:to_server,established; uricontent:"/foxweb.exe"; nocase; metadata:service http; reference:nessus,11939; classtype:web-application-activity; sid:2321; rev:4;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS foxweb.dll access"; flow:to_server,established; uricontent:"/foxweb.dll"; nocase; metadata:service http; reference:nessus,11939; classtype:web-application-activity; sid:2322; rev:4;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS VP-ASP shopsearch.asp access"; flow:to_server,established; uricontent:"/shopsearch.asp"; nocase; metadata:service http; reference:bugtraq,9133; reference:bugtraq,9134; reference:nessus,11942; classtype:web-application-activity; sid:2324; rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS VP-ASP ShopDisplayProducts.asp access"; flow:to_server,established; uricontent:"/ShopDisplayProducts.asp"; nocase; metadata:service http; reference:bugtraq,9133; reference:bugtraq,9134; reference:nessus,11942; classtype:web-application-activity; sid:2325; rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS sgdynamo.exe access"; flow:to_server,established; uricontent:"/sgdynamo.exe"; nocase; metadata:service http; reference:bugtraq,4720; reference:cve,2002-0375; reference:nessus,11955; classtype:web-application-activity; sid:2326; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS NTLM ASN1 vulnerability scan attempt"; flow:to_server,established; content:"Authorization|3A| Negotiate YIQAAABiBoMAAAYrBgEFBQKgggBTMIFQoA4wDAYKKwYBBAGCNwICCqM"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:bugtraq,9633; reference:bugtraq,9635; reference:cve,2003-0818; reference:nessus,12052; reference:nessus,12055; reference:nessus,12065; reference:url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx; classtype:attempted-dos; sid:2386; rev:14;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access"; flow:to_server,established; uricontent:"/frmGetAttachment.aspx"; nocase; metadata:service http; reference:bugtraq,9805; classtype:web-application-activity; sid:2571; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt"; flow:to_server,established; uricontent:"/login.aspx"; nocase; content:"txtusername="; isdataat:980,relative; content:!"|0A|"; within:980; nocase; metadata:service http; reference:bugtraq,9805; classtype:web-application-attack; sid:2572; rev:5;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS SmarterTools SmarterMail frmCompose.asp access"; flow:to_server,established; uricontent:"/frmCompose.aspx"; metadata:service http; reference:bugtraq,9805; classtype:web-application-activity; sid:2573; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ping.asp access"; flow:to_server,established; uricontent:"/ping.asp"; nocase; metadata:service http; reference:nessus,10968; classtype:web-application-activity; sid:2667; rev:4;)alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS w3who.dll buffer overflow attempt"; flow:to_server,established; uricontent:"/w3who.dll?"; nocase; pcre:"/w3who.dll\x3F[^\r\n]{519}/i"; metadata:service http; reference:bugtraq,11820; reference:cve,2004-1134; classtype:attempted-admin; sid:3087; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .cmd executable file parsing attack"; flow:established,to_server; uricontent:".cmd|22|"; nocase; pcre:"/.cmd\x22.*\x26.*/smi"; metadata:service http; reference:bugtraq,1912; reference:cve,2000-0886; classtype:web-application-attack; sid:3193; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS .bat executable file parsing attack"; flow:established,to_server; uricontent:".bat|22|"; nocase; pcre:"/.bat\x22.*\x26.*/smi"; metadata:service http; reference:bugtraq,1912; reference:cve,2000-0886; classtype:web-application-attack; sid:3194; rev:4;)alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS httpodbc.dll access - nimda"; flow:to_server,established; uricontent:"/httpodbc.dll"; nocase; metadata:service http; reference:bugtraq,2708; reference:cve,2001-0333; classtype:web-application-activity; sid:3201; rev:4;)alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS SQLXML content type overflow"; flow:to_server,established; pcre:"/\.x[sm]l/Ui"; uricontent:"contenttype="; pcre:"/contenttype=[^\r\n\x3b\x38]{100}/smiU"; metadata:service http; reference:bugtraq,5004; reference:cve,2002-0186; reference:nessus,11304; reference:url,www.microsoft.com/technet/security/bulletin/MS02-030.mspx; reference:url,www.westpoint.ltd.uk/advisories/wp-02-0007.txt; classtype:attempted-admin; sid:3150; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS web agent redirect overflow attempt"; flow:to_server,established; uricontent:"/WebID/IISWebAgentIF.dll"; nocase; pcre:"/\x2fWebID\x2fIISWebAgentIF.dll[^\n\x26\x3f]*\x3fRedirect\x3furl=[^\n\x26\x3f]{1024}/smi"; metadata:service http; reference:bugtraq,13524; reference:cve,2005-1471; classtype:web-application-attack; sid:5695; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS frontpage server extensions 2002 cross site scripting attempt"; flow:to_server,established; content:"_vti_bin/_vti_adm/fpadmdll.dll"; nocase; content:"name=|22|command|22|"; nocase; content:"value=|22|-->"; nocase; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service http; reference:bugtraq,17452; reference:cve,2006-0015; reference:url,www.microsoft.com/technet/security/bulletin/ms06-017.mspx; classtype:attempted-user; sid:7028; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS frontpage server extensions 2002 cross site scripting attempt"; flow:to_server,established; content:"_vti_bin/_vti_adm/fpadmdll.dll"; nocase; content:"name=|22|operation|22|"; nocase; content:"value=|22|-->"; nocase; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service http; reference:bugtraq,17452; reference:cve,2006-0015; reference:url,www.microsoft.com/technet/security/bulletin/ms06-017.mspx; classtype:attempted-user; sid:7027; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS frontpage server extensions 2002 cross site scripting attempt"; flow:to_server,established; content:"_vti_bin/_vti_adm/fpadmdll.dll"; nocase; content:"name=|22|name|22|"; nocase; content:"value=|22|-->"; nocase; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop, service http; reference:bugtraq,17452; reference:cve,2006-0015; reference:url,www.microsoft.com/technet/security/bulletin/ms06-017.mspx; classtype:attempted-user; sid:7029; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS Indexing Service ciRestriction cross-site scripting attempt"; flow:to_server,established; content:"default.idq"; nocase; content:"ciRestriction"; distance:0; nocase; content:"script"; distance:0; nocase; pcre:"/default.idq[^\r\n]*ciRestriction[^\r\n]*script/smi"; metadata:service http; reference:bugtraq,19927; reference:cve,2006-0032; reference:url,www.microsoft.com/technet/security/Bulletin/MS06-053.mspx; classtype:misc-attack; sid:8349; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS ASP.NET 2.0 cross-site scripting attempt"; flow:to_server,established; content:"__LASTFOCUS="; nocase; pcre:"/__LASTFOCUS=(?!([_a-z]\w*|)([\x26\x3B]|$))/i"; metadata:service http; reference:bugtraq,20337; reference:cve,2006-3436; reference:url,www.microsoft.com/technet/security/bulletin/MS06-056.mspx; classtype:attempted-user; sid:8700; rev:2;)alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-IIS Microsoft Content Management Server memory corruption"; flow:to_server,established; uricontent:"/NR/exeres/"; nocase; uricontent:"frameless"; uricontent:!",frameless"; metadata:service http; reference:bugtraq,22861; reference:cve,2007-0938; reference:url,www.microsoft.com/technet/security/bulletin/ms07-018.mspx; classtype:attempted-user; sid:11191; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS malicious ASP file upload attempt"; flow:established,to_server; content:"Content-Disposition|3A| form-data"; pcre:"/filename\x3d\x22[^\x22]*asp/im"; pcre:"/\x3c\x21\x2d\x2d\x23include\s+file[^(\x2d\x2d\x3e)]{250,}/"; reference:bugtraq,18858; reference:cve,2006-0026; reference:url,www.microsoft.com/technet/security/bulletin/ms06-034.mspx; classtype:attempted-user; sid:12595; rev:1;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS w3svc _vti_bin null pointer dereference attempt"; flow:established,to_server; content:"/_vti_bin/.dll/"; pcre:"/\/_vti_bin\/\.dll\/(%(0[1-9]|1[0-f])|%3f|\x22|\x2a|\x3a|<|>)[\\\/]~[0-9]/Ui"; metadata:service http; reference:bugtraq,15921; reference:cve,2005-4360; reference:url,www.microsoft.com/technet/security/bulletin/ms07-041.mspx; classtype:attempted-dos; sid:12064; rev:4;)
1234

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -