web-cgi.rules

来自「关于网络渗透技术的详细讲解」· RULES 代码 · 共 258 行 · 第 1/5 页
RULES
258 行
# (C) Copyright 2001,2002, Martin Roesch, Brian Caswell, et al.
#    All rights reserved.
# $Id$
#--------------
# WEB-CGI RULES
#--------------
#

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI HyperSeek hsx.cgi directory traversal attempt"; uricontent:"/hsx.cgi"; content:"../../"; content:"%00"; flow:to_server,established; reference:bugtraq,2314; reference:cve,CAN-2001-0253; classtype:web-application-attack; sid:803;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI HyperSeek hsx.cgi access"; uricontent:"/hsx.cgi"; flow:to_server,established; reference:bugtraq,2314; reference:cve,CAN-2001-0253; classtype:web-application-activity; sid:1607;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI SWSoft ASPSeek Overflow attempt"; flow:to_server,established; uricontent:"/s.cgi"; nocase; content:"tmpl="; reference:cve,CAN-2001-0476; reference:bugtraq,2492; classtype:web-application-attack; sid:804; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI webspeed access"; flow:to_server,established; uricontent:"/wsisa.dll/WService="; nocase; content:"WSMadmin"; nocase; reference:arachnids,467; reference:cve,CVE-2000-0127; reference:nessus,10304; classtype:attempted-user; sid:805; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI yabb.cgi directory traversal attempt"; flow:to_server,established; uricontent:"/YaBB.pl"; nocase; content: "../"; reference:cve,CVE-2000-0853; reference:arachnids,462; reference:bugtraq,1668; classtype:attempted-recon; sid:806;  rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI yabb.cgi access"; flow:to_server,established; uricontent:"/YaBB.pl"; nocase; reference:cve,CVE-2000-0853; reference:arachnids,462; reference:bugtraq,1668; classtype:attempted-recon; sid:1637;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI /wwwboard/passwd.txt access"; flow:to_server,established; uricontent:"/wwwboard/passwd.txt"; nocase; reference:arachnids,463; reference:cve,CVE-1999-0953; reference:nessus,10321; reference:bugtraq,649; classtype:attempted-recon; sid:807; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI webdriver access"; flow:to_server,established; uricontent: "/webdriver"; nocase; reference:arachnids,473; reference:bugtraq,2166; reference:nessus,10592; classtype:attempted-recon; sid:808; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI whois_raw.cgi arbitrary command execution attempt"; flow:to_server,established; uricontent: "/whois_raw.cgi?"; content: "|0a|"; reference:cve,CAN-1999-1063; reference:arachnids,466; reference:nessus,10306; classtype:web-application-attack; sid:809; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI whois_raw.cgi access"; flow:to_server,established; uricontent: "/whois_raw.cgi"; reference:cve,CAN-1999-1063; reference:arachnids,466; reference:nessus,10306; classtype:attempted-recon; sid:810; rev:7;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI websitepro path access"; flow:to_server,established; content: " /HTTP/1."; nocase; reference:cve,CAN-2000-0066; reference:arachnids,468;classtype:attempted-recon; sid:811;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI webplus version access"; flow:to_server,established; uricontent:"/webplus?about"; nocase; reference:cve,CVE-2000-0282; reference:arachnids,470; classtype:attempted-recon; sid:812;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI webplus directory traversal"; flow:to_server,established; uricontent:"/webplus?script"; nocase; content:"../"; reference:cve,CVE-2000-0282; reference:arachnids,471; classtype:web-application-attack; sid:813;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI websendmail access"; flow:to_server,established; uricontent:"/websendmail"; nocase; reference:cve,CVE-1999-0196; reference:arachnids,469; reference:bugtraq,2077; reference:nessus,10301; classtype:attempted-recon; sid:815; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI dcforum.cgi directory traversal attempt"; flow:to_server,established; uricontent:"/dcforum.cgi"; content:"forum=../.."; reference:cve,CAN-2001-0436; classtype:web-application-attack; sid:1571;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI dcforum.cgi access"; uricontent:"/dcforum.cgi"; flow:to_server,established; reference:bugtraq,2728; classtype:attempted-recon; sid:818;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI dcboard.cgi invalid user addition attempt"; flow:to_server,established; uricontent:"/dcboard.cgi"; content:"command=register"; content:"%7cadmin"; reference:bugtraq,2728; classtype:web-application-attack; sid:817;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI dcboard.cgi access"; uricontent:"/dcboard.cgi"; flow:to_server,established; reference:bugtraq,2728; classtype:attempted-recon; sid:1410;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI mmstdod.cgi access"; uricontent:"/mmstdod.cgi"; nocase; flow:to_server,established; reference:cve,CVE-2001-0021; classtype:attempted-recon; sid:819;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI anaconda directory transversal attempt"; flow:to_server,established; uricontent:"/apexec.pl"; content:"template=../"; nocase; reference:cve,CVE-2000-0975; reference:bugtraq,2388; classtype:web-application-attack; sid:820;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI imagemap.exe overflow attempt"; flow:to_server,established; uricontent:"/imagemap.exe?"; depth:32; nocase; reference:arachnids,412; reference:cve,CVE-1999-0951; classtype:web-application-attack; sid:821; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI imagemap.exe access"; flow:to_server,established; uricontent:"/imagemap.exe"; nocase; reference:cve,CVE-1999-0951; reference:arachnids,412; classtype:web-application-activity; sid:1700;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI cvsweb.cgi access"; flow:to_server,established; uricontent:"/cvsweb.cgi"; nocase; reference:cve,CVE-2000-0670; reference:bugtraq,1469;classtype:attempted-recon; sid:823;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI php.cgi access";flow:to_server,established; uricontent:"/php.cgi"; nocase; reference:cve,CAN-1999-0238; reference:bugtraq,2250; reference:arachnids,232; classtype:attempted-recon; sid:824;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI glimpse access"; flow:to_server,established; uricontent:"/glimpse"; nocase; reference:bugtraq,2026; classtype:attempted-recon; sid:825;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI htmlscript attempt";flow:to_server,established; uricontent:"/htmlscript?../.."; nocase; reference:bugtraq,2001; reference:cve,CVE-1999-0264; classtype:web-application-attack; sid:1608;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI htmlscript access";flow:to_server,established; uricontent:"/htmlscript"; nocase; reference:bugtraq,2001; reference:cve,CVE-1999-0264; classtype:attempted-recon; sid:826;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI info2www access";flow:to_server,established; uricontent:"/info2www"; nocase; reference:bugtraq,1995; reference:cve,CVE-1999-0266; classtype:attempted-recon; sid:827;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI maillist.pl access";flow:to_server,established; uricontent:"/maillist.pl"; nocase;classtype:attempted-recon; sid:828;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI nph-test-cgi access"; flow:to_server,established; uricontent:"/nph-test-cgi"; nocase; reference:nessus,10165; reference:arachnids,224; reference:cve,CVE-1999-0045; reference:bugtraq,686; classtype:attempted-recon; sid:829; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI NPH-publish access"; flow:to_server,established; uricontent:"/nph-maillist.pl"; nocase; reference:cve,CAN-2001-0400; classtype:attempted-recon; sid:1451;  rev:3;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI NPH-publish access";flow:to_server,established; uricontent:"/nph-publish"; nocase; reference:cve,CAN-1999-1177; classtype:attempted-recon; sid:830;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI rguest.exe access";flow:to_server,established; uricontent:"/rguest.exe"; nocase; reference:cve,CAN-1999-0467; reference:bugtraq,2024; classtype:attempted-recon; sid:833;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI rwwwshell.pl access";flow:to_server,established; uricontent:"/rwwwshell.pl"; nocase; reference:url,www.itsecurity.com/papers/p37.htm; classtype:attempted-recon; sid:834;  rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI test-cgi attempt"; flow:to_server,established; uricontent:"/test-cgi/*?*"; nocase; reference:nessus,10282; reference:cve,CVE-1999-0070; reference:arachnids,218; classtype:web-application-attack; sid:1644; rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI test-cgi access"; flow:to_server,established; uricontent:"/test-cgi"; nocase; reference:nessus,10282; reference:cve,CVE-1999-0070; reference:arachnids,218;classtype:attempted-recon; sid:835; rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI testcgi access"; flow:to_server,established; uricontent:"/testcgi"; nocase; classtype:web-application-activity; sid:1645;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI test.cgi access"; flow:to_server,established; uricontent:"/test.cgi"; nocase; classtype:web-application-activity; sid:1646;  rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI textcounter.pl access";flow:to_server,established; uricontent:"/textcounter.pl"; nocase; reference:cve,CAN-1999-1479; classtype:attempted-recon; sid:836;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI uploader.exe access"; flow:to_server,established; uricontent:"/uploader.exe"; nocase; reference:cve,CVE-1999-0177; reference:nessus,10291; classtype:attempted-recon; sid:837; rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI webgais access"; flow:to_server,established; uricontent:"/webgais"; nocase; reference:arachnids,472; reference:bugtraq,2058; reference:cve,CVE-1999-0176; reference:nessus,10300; classtype:attempted-recon; sid:838; rev:6;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI finger access"; flow:to_server,established; uricontent:"/finger"; nocase; reference:arachnids,221; reference:cve,CVE-1999-0612; reference:nessus,10071; classtype:attempted-recon; sid:839; rev:4;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI perlshop.cgi access";flow:to_server,established; uricontent:"/perlshop.cgi"; nocase; reference:cve,CAN-1999-1374; classtype:attempted-recon; sid:840;  rev:5;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI pfdisplay.cgi access";flow:to_server,established; uricontent:"/pfdisplay.cgi"; nocase; reference:bugtraq,64; reference:cve,CVE-1999-0270;classtype:attempted-recon; sid:841;  rev:5;)
web-cgi.rules - 源码说明

本页面展示了「关于网络渗透技术的详细讲解」中的 web-cgi.rules 源码文件，采用 RULES 编程语言编写，共 258 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。
虫虫下载站收录了大量与网络相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。
⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?