⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 web-cgi.rules

📁 This is the snapshot of Snot Latest Rules
💻 RULES
📖 第 1 页 / 共 5 页
字号:
🔍
12345 
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI glimpse access"; flow:to_server,established; uricontent:"/glimpse"; nocase; metadata:service http; reference:bugtraq,2026; reference:cve,1999-0147; reference:nessus,10095; classtype:attempted-recon; sid:825; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI htmlscript attempt"; flow:to_server,established; uricontent:"/htmlscript?../.."; nocase; metadata:service http; reference:bugtraq,2001; reference:cve,1999-0264; reference:nessus,10106; classtype:web-application-attack; sid:1608; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI htmlscript access"; flow:to_server,established; uricontent:"/htmlscript"; nocase; metadata:service http; reference:bugtraq,2001; reference:cve,1999-0264; reference:nessus,10106; classtype:attempted-recon; sid:826; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI info2www access"; flow:to_server,established; uricontent:"/info2www"; nocase; metadata:service http; reference:bugtraq,1995; reference:cve,1999-0266; reference:nessus,10127; classtype:attempted-recon; sid:827; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI maillist.pl access"; flow:to_server,established; uricontent:"/maillist.pl"; nocase; metadata:service http; classtype:attempted-recon; sid:828; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI nph-test-cgi access"; flow:to_server,established; uricontent:"/nph-test-cgi"; nocase; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:arachnids,224; reference:bugtraq,686; reference:cve,1999-0045; reference:nessus,10165; classtype:attempted-recon; sid:829; rev:12;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI NPH-publish access"; flow:to_server,established; uricontent:"/nph-maillist.pl"; nocase; metadata:service http; reference:bugtraq,2563; reference:cve,2001-0400; reference:nessus,10164; classtype:attempted-recon; sid:1451; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI rguest.exe access"; flow:to_server,established; uricontent:"/rguest.exe"; nocase; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:bugtraq,2024; reference:cve,1999-0287; reference:cve,1999-0467; classtype:attempted-recon; sid:833; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI rwwwshell.pl access"; flow:to_server,established; uricontent:"/rwwwshell.pl"; nocase; metadata:service http; reference:url,www.itsecurity.com/papers/p37.htm; classtype:attempted-recon; sid:834; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI test-cgi attempt"; flow:to_server,established; uricontent:"/test-cgi/*?*"; nocase; metadata:service http; reference:arachnids,218; reference:bugtraq,2003; reference:cve,1999-0070; reference:nessus,10282; classtype:web-application-attack; sid:1644; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI test-cgi access"; flow:to_server,established; uricontent:"/test-cgi"; nocase; metadata:service http; reference:arachnids,218; reference:bugtraq,2003; reference:cve,1999-0070; reference:nessus,10282; classtype:attempted-recon; sid:835; rev:10;)# testcgi is *one* of many scripts to look for.  this *ALSO* triggers on testcgi.exe.alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI testcgi access"; flow:to_server,established; uricontent:"/testcgi"; nocase; metadata:service http; reference:bugtraq,7214; reference:nessus,11610; classtype:web-application-activity; sid:1645; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI test.cgi access"; flow:to_server,established; uricontent:"/test.cgi"; nocase; metadata:service http; classtype:web-application-activity; sid:1646; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI textcounter.pl access"; flow:to_server,established; uricontent:"/textcounter.pl"; nocase; metadata:service http; reference:bugtraq,2265; reference:cve,1999-1479; reference:nessus,11451; classtype:attempted-recon; sid:836; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI uploader.exe access"; flow:to_server,established; uricontent:"/uploader.exe"; nocase; metadata:service http; reference:bugtraq,1611; reference:cve,1999-0177; reference:cve,2000-0769; reference:nessus,10291; classtype:attempted-recon; sid:837; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI webgais access"; flow:to_server,established; uricontent:"/webgais"; nocase; metadata:service http; reference:arachnids,472; reference:bugtraq,2058; reference:cve,1999-0176; reference:nessus,10300; classtype:attempted-recon; sid:838; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI finger access"; flow:to_server,established; uricontent:"/finger"; nocase; metadata:service http; reference:arachnids,221; reference:cve,1999-0612; reference:nessus,10071; classtype:attempted-recon; sid:839; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI perlshop.cgi access"; flow:to_server,established; uricontent:"/perlshop.cgi"; nocase; metadata:service http; reference:cve,1999-1374; classtype:attempted-recon; sid:840; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI aglimpse access"; flow:to_server,established; uricontent:"/aglimpse"; nocase; metadata:service http; reference:bugtraq,2026; reference:cve,1999-0147; reference:nessus,10095; classtype:attempted-recon; sid:842; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI anform2 access"; flow:to_server,established; uricontent:"/AnForm2"; nocase; metadata:service http; reference:arachnids,225; reference:bugtraq,719; reference:cve,1999-0066; classtype:attempted-recon; sid:843; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI args.bat access"; flow:to_server,established; uricontent:"/args.bat"; nocase; metadata:service http; reference:cve,1999-1180; reference:nessus,11465; classtype:attempted-recon; sid:844; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI args.cmd access"; flow:to_server,established; uricontent:"/args.cmd"; nocase; metadata:service http; reference:cve,1999-1180; reference:nessus,11465; classtype:attempted-recon; sid:1452; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI AT-admin.cgi access"; flow:to_server,established; uricontent:"/AT-admin.cgi"; nocase; metadata:service http; reference:cve,1999-1072; classtype:attempted-recon; sid:845; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI AT-generated.cgi access"; flow:to_server,established; uricontent:"/AT-generated.cgi"; nocase; metadata:service http; reference:cve,1999-1072; classtype:attempted-recon; sid:1453; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI bnbform.cgi access"; flow:to_server,established; uricontent:"/bnbform.cgi"; nocase; metadata:service http; reference:bugtraq,2147; reference:cve,1999-0937; classtype:attempted-recon; sid:846; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI campas access"; flow:to_server,established; uricontent:"/campas"; nocase; metadata:service http; reference:bugtraq,1975; reference:cve,1999-0146; reference:nessus,10035; classtype:attempted-recon; sid:847; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI view-source directory traversal"; flow:to_server,established; uricontent:"/view-source"; nocase; content:"../"; nocase; metadata:service http; reference:bugtraq,2251; reference:bugtraq,8883; reference:cve,1999-0174; classtype:web-application-attack; sid:848; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI view-source access"; flow:to_server,established; uricontent:"/view-source"; nocase; metadata:service http; reference:bugtraq,2251; reference:bugtraq,8883; reference:cve,1999-0174; classtype:attempted-recon; sid:849; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wais.pl access"; flow:to_server,established; uricontent:"/wais.pl"; nocase; metadata:service http; classtype:attempted-recon; sid:850; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wwwwais access"; flow:to_server,established; uricontent:"/wwwwais"; nocase; metadata:service http; reference:cve,2001-0223; reference:nessus,10597; classtype:attempted-recon; sid:1454; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI files.pl access"; flow:to_server,established; uricontent:"/files.pl"; nocase; metadata:service http; reference:cve,1999-1081; classtype:attempted-recon; sid:851; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wguest.exe access"; flow:to_server,established; uricontent:"/wguest.exe"; nocase; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:bugtraq,2024; reference:cve,1999-0287; reference:cve,1999-0467; classtype:attempted-recon; sid:852; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI wrap access"; flow:to_server,established; uricontent:"/wrap"; metadata:service http; reference:arachnids,234; reference:bugtraq,373; reference:cve,1999-0149; reference:nessus,10317; classtype:attempted-recon; sid:853; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI classifieds.cgi access"; flow:to_server,established; uricontent:"/classifieds.cgi"; nocase; metadata:service http; reference:bugtraq,2020; reference:cve,1999-0934; classtype:attempted-recon; sid:854; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI environ.cgi access"; flow:to_server,established; uricontent:"/environ.cgi"; nocase; metadata:service http; classtype:attempted-recon; sid:856; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI faxsurvey access"; flow:to_server,established; uricontent:"/faxsurvey"; nocase; metadata:service http; reference:bugtraq,2056; reference:cve,1999-0262; reference:nessus,10067; classtype:web-application-activity; sid:857; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI filemail access"; flow:to_server,established; uricontent:"/filemail.pl"; nocase; metadata:service http; reference:cve,1999-1154; classtype:attempted-recon; sid:858; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI man.sh access"; flow:to_server,established; uricontent:"/man.sh"; nocase; metadata:service http; reference:bugtraq,2276; reference:cve,1999-1179; classtype:attempted-recon; sid:859; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI snork.bat access"; flow:to_server,established; uricontent:"/snork.bat"; nocase; metadata:service http; reference:arachnids,220; reference:bugtraq,2023; reference:cve,1999-0233; classtype:attempted-recon; sid:860; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI w3-msql access"; flow:to_server,established; uricontent:"/w3-msql/"; nocase; metadata:service http; reference:arachnids,210; reference:bugtraq,591; reference:bugtraq,898; reference:cve,1999-0276; reference:cve,1999-0753; reference:cve,2000-0012; reference:nessus,10296; classtype:attempted-recon; sid:861; rev:13;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI day5datacopier.cgi access"; flow:to_server,established; uricontent:"/day5datacopier.cgi"; nocase; metadata:service http; reference:cve,1999-1232; classtype:attempted-recon; sid:863; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI day5datanotifier.cgi access"; flow:to_server,established; uricontent:"/day5datanotifier.cgi"; nocase; metadata:service http; reference:cve,1999-1232; classtype:attempted-recon; sid:864; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI post-query access"; flow:to_server,established; uricontent:"/post-query"; nocase; metadata:service http; reference:bugtraq,6752; reference:cve,2001-0291; classtype:attempted-recon; sid:866; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI visadmin.exe access"; flow:to_server,established; uricontent:"/visadmin.exe"; nocase; metadata:service http; reference:bugtraq,1808; reference:cve,1999-0970; reference:nessus,10295; classtype:attempted-recon; sid:867; rev:11;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI dumpenv.pl access"; flow:to_server,established; uricontent:"/dumpenv.pl"; nocase; metadata:service http; reference:cve,1999-1178; reference:nessus,10060; classtype:attempted-recon; sid:869; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI calendar_admin.pl arbitrary command execution attempt"; flow:to_server,established; uricontent:"/calendar_admin.pl?config=|7C|"; metadata:service http; reference:bugtraq,1215; reference:cve,2000-0432; reference:nessus,10506; classtype:web-application-attack; sid:1536; rev:11;)
12345

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -