⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 web-php.rules

📁 This is the snapshot of Snot Latest Rules
💻 RULES
📖 第 1 页 / 共 4 页
字号:
🔍
1234 
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP remote include path"; flow:established,to_server; uricontent:".php"; nocase; content:"path="; nocase; pcre:"/path=(https?|ftps?|php)/i"; metadata:service http; classtype:web-application-attack; sid:2002; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Phorum admin access"; flow:to_server,established; uricontent:"/admin.php3"; nocase; metadata:service http; reference:arachnids,205; reference:bugtraq,2271; classtype:attempted-recon; sid:1134; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP piranha passwd.php3 access"; flow:to_server,established; uricontent:"/passwd.php3"; metadata:service http; reference:arachnids,272; reference:bugtraq,1149; reference:cve,2000-0322; classtype:attempted-recon; sid:1161; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Phorum read access"; flow:to_server,established; uricontent:"/read.php3"; nocase; metadata:service http; reference:arachnids,208; classtype:attempted-recon; sid:1178; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Phorum violation access"; flow:to_server,established; uricontent:"/violation.php3"; nocase; metadata:service http; reference:arachnids,209; reference:bugtraq,2272; classtype:attempted-recon; sid:1179; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Phorum code access"; flow:to_server,established; uricontent:"/code.php3"; nocase; metadata:service http; reference:arachnids,207; classtype:attempted-recon; sid:1197; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP admin.php file upload attempt"; flow:to_server,established; uricontent:"/admin.php"; nocase; content:"file_name="; metadata:service http; reference:bugtraq,3361; reference:cve,2001-1032; classtype:attempted-admin; sid:1300; rev:8;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP admin.php access"; flow:to_server,established; uricontent:"/admin.php"; nocase; metadata:service http; reference:bugtraq,3361; reference:bugtraq,7532; reference:bugtraq,9270; reference:cve,2001-1032; classtype:attempted-recon; sid:1301; rev:12;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP smssend.php access"; flow:to_server,established; uricontent:"/smssend.php"; metadata:service http; reference:bugtraq,3982; reference:cve,2002-0220; classtype:web-application-activity; sid:1407; rev:9;)# alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP PHP-Nuke remote file include attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; content:"file="; pcre:"/file=(https?|ftps?|php)/i"; metadata:service http; reference:bugtraq,3889; reference:cve,2002-0206; classtype:web-application-attack; sid:1399; rev:14;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Phorum /support/common.php attempt"; flow:to_server,established; uricontent:"/support/common.php"; content:"ForumLang=../"; metadata:service http; reference:bugtraq,1997; classtype:web-application-attack; sid:1490; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Phorum /support/common.php access"; flow:to_server,established; uricontent:"/support/common.php"; metadata:service http; reference:bugtraq,1997; reference:bugtraq,9361; classtype:web-application-attack; sid:1491; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Phorum authentication access"; flow:to_server,established; content:"PHP_AUTH_USER=boogieman"; nocase; metadata:service http; reference:arachnids,206; reference:bugtraq,2274; classtype:attempted-recon; sid:1137; rev:10;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP strings overflow"; flow:to_server,established; content:"|BA|I|FE FF FF F7 D2 B9 BF FF FF FF F7 D1|"; metadata:service http; reference:arachnids,431; reference:bugtraq,802; classtype:web-application-attack; sid:1085; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP strings overflow"; flow:to_server,established; uricontent:"?STRENGUR"; metadata:service http; reference:arachnids,430; reference:bugtraq,1786; reference:cve,2000-0967; classtype:web-application-attack; sid:1086; rev:13;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP PHPLIB remote command attempt"; flow:to_server,established; content:"_PHPLIB[libdir]"; metadata:service http; reference:bugtraq,3079; reference:cve,2001-1370; reference:nessus,14910; classtype:attempted-user; sid:1254; rev:10;)alert tcp $HTTP_SERVERS any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-PHP PHPLIB remote command attempt"; flow:to_server,established; uricontent:"/db_mysql.inc"; metadata:service http; reference:bugtraq,3079; reference:cve,2001-1370; classtype:attempted-user; sid:1255; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Mambo uploadimage.php upload php file attempt"; flow:to_server,established; uricontent:"/uploadimage.php"; content:"userfile_name="; content:".php"; distance:1; metadata:service http; reference:bugtraq,6572; reference:cve,2003-1204; reference:nessus,16315; classtype:web-application-attack; sid:2074; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Mambo upload.php upload php file attempt"; flow:to_server,established; uricontent:"/upload.php"; content:"userfile_name="; content:".php"; distance:1; metadata:service http; reference:bugtraq,6572; reference:cve,2003-1204; reference:nessus,16315; classtype:web-application-attack; sid:2075; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Mambo uploadimage.php access"; flow:to_server,established; uricontent:"/uploadimage.php"; metadata:service http; reference:bugtraq,6572; reference:cve,2003-1204; reference:nessus,16315; classtype:web-application-activity; sid:2076; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Mambo upload.php access"; flow:to_server,established; uricontent:"/upload.php"; metadata:service http; reference:bugtraq,6572; reference:cve,2003-1204; reference:nessus,16315; classtype:web-application-activity; sid:2077; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP phpBB privmsg.php access"; flow:to_server,established; uricontent:"/privmsg.php"; metadata:service http; reference:bugtraq,6634; classtype:web-application-activity; sid:2078; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP p-news.php access"; flow:to_server,established; uricontent:"/p-news.php"; metadata:service http; reference:nessus,11669; classtype:web-application-activity; sid:2140; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP shoutbox.php directory traversal attempt"; flow:to_server,established; uricontent:"/shoutbox.php"; content:"conf="; content:"../"; distance:0; metadata:service http; reference:nessus,11668; classtype:web-application-attack; sid:2141; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP shoutbox.php access"; flow:to_server,established; uricontent:"/shoutbox.php"; metadata:service http; reference:nessus,11668; classtype:web-application-activity; sid:2142; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt"; flow:to_server,established; uricontent:"/gm-2-b2.php"; content:"b2inc="; pcre:"/b2inc=(https?|ftps?|php)/i"; metadata:service http; reference:nessus,11667; classtype:web-application-attack; sid:2143; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP b2 cafelog gm-2-b2.php access"; flow:to_server,established; uricontent:"/gm-2-b2.php"; metadata:service http; reference:nessus,11667; classtype:web-application-activity; sid:2144; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP TextPortal admin.php default password admin attempt"; flow:to_server,established; uricontent:"/admin.php"; content:"op=admin_enter"; content:"password=admin"; metadata:service http; reference:bugtraq,7673; reference:nessus,11660; classtype:web-application-activity; sid:2145; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP TextPortal admin.php default password 12345 attempt"; flow:to_server,established; uricontent:"/admin.php"; content:"op=admin_enter"; content:"password=12345"; metadata:service http; reference:bugtraq,7673; reference:nessus,11660; classtype:web-application-activity; sid:2146; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP BLNews objects.inc.php4 remote file include attempt"; flow:to_server,established; uricontent:"/objects.inc.php4"; content:"Server[path]="; pcre:"/Server\x5bpath\x5d=(https?|ftps?|php)/"; metadata:service http; reference:bugtraq,7677; reference:cve,2003-0394; reference:nessus,11647; classtype:web-application-attack; sid:2147; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP BLNews objects.inc.php4 access"; flow:to_server,established; uricontent:"/objects.inc.php4"; metadata:service http; reference:bugtraq,7677; reference:cve,2003-0394; reference:nessus,11647; classtype:web-application-activity; sid:2148; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Turba status.php access"; flow:to_server,established; uricontent:"/turba/status.php"; metadata:service http; reference:nessus,11646; classtype:web-application-activity; sid:2149; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP ttCMS header.php remote file include attempt"; flow:to_server,established; uricontent:"/admin/templates/header.php"; content:"admin_root="; pcre:"/admin_root=(https?|ftps?|php)/"; metadata:service http; reference:bugtraq,7542; reference:bugtraq,7543; reference:bugtraq,7625; reference:nessus,11636; classtype:web-application-attack; sid:2150; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP ttCMS header.php access"; flow:to_server,established; uricontent:"/admin/templates/header.php"; metadata:service http; reference:bugtraq,7542; reference:bugtraq,7543; reference:bugtraq,7625; reference:nessus,11636; classtype:web-application-activity; sid:2151; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP test.php access"; flow:to_server,established; uricontent:"/test.php"; metadata:service http; reference:nessus,11617; classtype:web-application-activity; sid:2152; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP autohtml.php directory traversal attempt"; flow:to_server,established; uricontent:"/autohtml.php"; content:"name="; content:"../../"; distance:0; metadata:service http; reference:nessus,11630; classtype:web-application-attack; sid:2153; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP autohtml.php access"; flow:to_server,established; uricontent:"/autohtml.php"; metadata:service http; reference:nessus,11630; classtype:web-application-activity; sid:2154; rev:2;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP ttforum remote file include attempt"; flow:to_server,established; uricontent:"forum/index.php"; content:"template="; pcre:"/template=(https?|ftps?|php)/i"; metadata:service http; reference:bugtraq,7542; reference:bugtraq,7543; reference:nessus,11615; classtype:web-application-attack; sid:2155; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP pmachine remote file include attempt"; flow:to_server,established; uricontent:"lib.inc.php"; content:"pm_path="; pcre:"/pm_path=(https?|ftps?|php)/"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:bugtraq,7919; reference:nessus,11739; classtype:web-application-attack; sid:2226; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP forum_details.php access"; flow:to_server,established; uricontent:"forum_details.php"; metadata:service http; reference:bugtraq,7933; reference:nessus,11760; classtype:web-application-attack; sid:2227; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP phpMyAdmin db_details_importdocsql.php access"; flow:to_server,established; uricontent:"db_details_importdocsql.php"; metadata:service http; reference:bugtraq,7962; reference:bugtraq,7965; reference:nessus,11761; classtype:web-application-attack; sid:2228; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP viewtopic.php access"; flow:to_server,established; uricontent:"viewtopic.php"; metadata:service http; reference:bugtraq,7979; reference:cve,2003-0486; reference:nessus,11767; classtype:web-application-attack; sid:2229; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP UpdateClasses.php access"; flow:to_server,established; uricontent:"/UpdateClasses.php"; nocase; metadata:service http; reference:bugtraq,9057; classtype:web-application-activity; sid:2279; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Title.php access"; flow:to_server,established; uricontent:"/Title.php"; nocase; metadata:service http; reference:bugtraq,9057; classtype:web-application-activity; sid:2280; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Setup.php access"; flow:to_server,established; uricontent:"/Setup.php"; nocase; metadata:service http; reference:bugtraq,9057; classtype:web-application-activity; sid:2281; rev:3;)
1234

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -