Which may be found at http://www.grotto-group.com/~gulfie/projects... maybe
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules Fri Dec 2 01:26:21 2005 | |
|---|---|
| Filename : line | Rules |
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 1 | # Copyright 2005 Sourcefire, Inc. All Rights Reserved.
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 2 | # These rules are licensed under the GNU General Public License.
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 3 | # Please see the file LICENSE in this directory for more details.
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 4 | # $Id: community-sql-injection.rules,v 1.8 2005/11/16 15:35:30 akirk Exp $
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 5 |
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 6 | alert tcp $EXTERNAL_NET any - > $HOME_NET $HTTP_PORTS (msg:"COMMUNITY SQL-INJECTION Microsoft BizTalk Server 2002 rawdocdata.asp"; flow:to_server,established; uricontent:"/rawdocdata.asp?"; nocase; pcre:"/rawdocdata.asp\x3F[^\r\n]*exec/Ui"; classtype:web-application-attack; reference:bugtraq,7470; reference:cve,2003-0118; reference:url,www.microsoft.com/technet/security/bulletin/MS03-016.mspx; sid:100000106; rev:1;)
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 7 | alert tcp $EXTERNAL_NET any - > $HOME_NET $HTTP_PORTS (msg:"COMMUNITY SQL-INJECTION Microsoft BizTalk Server 2002 RawCustomSearchField.asp"; flow:to_server,established; uricontent:"/rawdocdata.asp?"; nocase; pcre:"/RawCustomSearchField.asp\x3F[^\r\n]*exec/Ui"; classtype:web-application-attack; reference:bugtraq,7470; reference:cve,2003-0118; reference:url,www.microsoft.com/technet/security/bulletin/MS03-016.mspx; sid:100000107; rev:1;)
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 8 | alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY SQL-INJECTION OpenBB board.php"; flow:to_server,established; uricontent:"/board.php"; pcre:"/board.php\x3F\w+\x3D[0-9]+\s/Ui"; classtype:web-application-attack; reference:bugtraq,7404; sid:100000108; rev:1;)
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 9 | alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY SQL-INJECTION OpenBB member.php"; flow:to_server,established; uricontent:"/member.php"; pcre:"/member.php\x3F\w+\x3D[0-9]+\s/Ui"; classtype:web-application-attack; reference:bugtraq,7404; sid:100000109; rev:1;)
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 10 | #Rules submitted by rmkml
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 11 | alert tcp $EXTERNAL_NET any - > $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY SQL-INJECTION WIZZ ForumTopicDetails Sql Injection attempt"; content:"GET"; nocase; depth:3; uricontent:"/ForumTopicDetails.php"; nocase; uricontent:"TopicID|3D|"; nocase; uricontent:"union"; nocase; uricontent:"select"; nocase; uricontent:"from"; nocase; uricontent:"ForumUser"; nocase; uricontent:"where"; nocase; reference:bugtraq,15410; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=20846; classtype:web-application-attack; sid:100000192; rev:1;)
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 12 | alert tcp $EXTERNAL_NET any - > $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY SQL-INJECTION WIZZ ForumAuthDetails Sql Injection attempt"; content:"GET"; nocase; depth:3; uricontent:"/ForumAuthDetails.php"; nocase; uricontent:"AuthID|3D|"; nocase; uricontent:"union"; nocase; uricontent:"select"; nocase; uricontent:"from"; nocase; uricontent:"ForumUser"; nocase; uricontent:"where"; nocase; reference:bugtraq,15410; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=20845; classtype:web-application-attack; sid:100000193; rev:1;)
|
| ./snortrules-COMM-2.4/rules/community-sql-injection.rules : 13 | alert tcp $EXTERNAL_NET any - > $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY SQL-INJECTION WIZZ ForumReply Sql Injection attempt"; content:"GET"; nocase; depth:3; uricontent:"/ForumReply.php"; nocase; uricontent:"TopicID|3D|"; nocase; uricontent:"union"; nocase; uricontent:"select"; nocase; uricontent:"from"; nocase; uricontent:"ForumUser"; nocase; uricontent:"where"; nocase; reference:bugtraq,15410; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=20847; classtype:web-application-attack; sid:100000194; rev:1;)
|