3690.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
3690

--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in the web application Nucleus CMS.

--
Impact:
SQL Injection is possible leading to a complete compromise of the data
in the application database.

--
Detailed Information:
This event is generated when an attempt is made to exploit a known 
vulnerability in the Nucleus CMS web application running on a server.

Insufficient checks are made on user input supplied to the script
"action.php", exploitation of this issue could present an attacker
with the opportunity to inject SQL code of their choosing into a
vulnerable system.

--
Affected Systems:
	 Nucleus CMS 3.0

--
Attack Scenarios:
An attacker can supply code of their choice by including it in the
URI that calls on action.php.

--
Ease of Attack:
Simple. No exploit software required.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.

Consider reviewing the database permissions for the application.

--
Contributors:
Sourcefire Research Team
Alex Kirk <akirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--