2326.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
2326

--
Summary:
This event is generated when a cross-site scripting attack is being 
attempted against the SGDynamo web application.

--
Impact:
Successful cross-site scripting attacks generally target the users of 
a web site. Attackers can potentially gain access to a users' cookies 
or session identification credentials, allowing the attacker to
impersonate the user.

--
Detailed Information:
The SGDynamo web application does not correctly filter script code in
URL supplied parameters. It is possible for an attacker to place code of
their choosing in a link supplied to the application. The code is then
executed in the browser of a user who clicks on the link.

The error occurs in checking the parameters supplied via the HTNAME
parameter in the application.

--
Affected Systems:
Many older versions of web server software are affected, as are numerous
web applications.

--
Attack Scenarios:
The most common avenue of attack is for the attacker to send an HTML 
formatted email to the victim. The email will contain a link to a 
specially crafted URL which contains the exploit. When the victim clicks
on the link, they are directed to the vulnerable web site and the attack
code is executed by their browser.

--
Affected Systems:
	Ecometry SGDynamo 5.32 U
	Ecometry SGDynamo 5.32 T
	Ecometry SGDynamo 6.1
	Ecometry SGDynamo 7.0

--
Ease of Attack:
Simple.

--
False Positives:
None known

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--