Generated by : ../snort_rule_urlchecker version Thu Dec 1 22:06:24 PST 2005

Which may be found at http://www.grotto-group.com/~gulfie/projects... maybe

./snortrules-COMM-2.4/rules/community-web-php.rules Fri Dec 2 01:23:57 2005
Filename : line Rules
./snortrules-COMM-2.4/rules/community-web-php.rules : 1 # Copyright 2005 Sourcefire, Inc. All Rights Reserved. # These rules are licensed under the GNU General Public License.
./snortrules-COMM-2.4/rules/community-web-php.rules : 2 # Please see the file LICENSE in this directory for more details.
./snortrules-COMM-2.4/rules/community-web-php.rules : 3 # $Id: community-web-php.rules,v 1.3 2005/11/16 15:35:30 akirk Exp $
./snortrules-COMM-2.4/rules/community-web-php.rules : 4
./snortrules-COMM-2.4/rules/community-web-php.rules : 5 #Rules submitted by rmkml
./snortrules-COMM-2.4/rules/community-web-php.rules : 6 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP piranha default passwd attempt"; flow:to_server,established; uricontent:"/piranha/secure/control.php3"; content:"Authorization|3A| Basic cGlyYW5oYTp"; reference:bugtraq,1148; reference:cve,2000-0248; reference:nessus,10381; classtype:attempted-recon; sid:100000151; rev:2;)
./snortrules-COMM-2.4/rules/community-web-php.rules : 7 alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpinfo access"; flow:to_server,established; uricontent:"/phpinfo.php"; nocase; reference:bugtraq,5789; reference:cve,2002-1149; reference:osvdb,3356; classtype:successful-recon-limited; sid:100000186; rev:1;)
./snortrules-COMM-2.4/rules/community-web-php.rules : 8 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP XSS attempt"; content:"GET"; nocase; depth:3; uricontent:"|2E|php"; nocase; uricontent:"|3C|script|3E|"; nocase; uricontent:"|3C 2F|script|3E|"; nocase; classtype:web-application-attack; sid:100000187; rev:1;)
./snortrules-COMM-2.4/rules/community-web-php.rules : 9 alert tcp $EXTERNAL_NET any - > $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Vubb Path attempt"; flow:to_server,established; uricontent:"/forum/index.php"; nocase; content:"|26 66 3D 27|"; reference:cve,2005-3513; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=113087965608496&w=2; classtype:web-application-attack; sid:100000188; rev:1;)
./snortrules-COMM-2.4/rules/community-web-php.rules : 10 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP _SERVER HTTP_ACCEPT_LANGUAGE access"; content:"GET"; nocase; depth:3; uricontent:"|2E|php"; nocase; uricontent:"|5F|SERVER|5B|HTTP|5F|ACCEPT|5F|LANGUAGE|5D|"; nocase; reference:bugtraq,15414; reference:cve,2005-3347; classtype:web-application-attack; sid:100000195; rev:1;)