Snort mailing list archives
ASPUpload Rule
From: Jim Forster <jforster () rapidnet com>
Date: Thu, 06 Dec 2001 15:05:59 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's a quick rule for people trying to hit the ASPUpload /samples directory/files (installs as /aspupload which points to C:\Program Files\Persits Software\AspUpload\Samples) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ASPUpload Samples"; uricontent:"/AspUpload/"; flags: A+; nocase; classtype:web-application-attack;) Information link: http://archives.neohapsis.com/archives/bugtraq/2001-11/0292.html "Attackers can easily browse and download any file on the system with the rights of the web server. Attackers can upload files to the server and run them from executable web folders. " Individual files in this directory are: BothFormAndScript.asp DirectoryListing.asp Download.asp DownloadScript9.asp ExportFilesFromDB.asp SAMPLE_INDEX.HTM SendMailWithAttachment.asp StoredProcedure.asp Test1.asp Test10.asp Test11.asp Test12.asp Test13.asp Test2.asp Test3.asp Test4.asp Test5.asp Test6.asp Test7.asp Test8.asp Test9.asp UploadScript1.asp UploadScript10.asp UploadScript11.asp UploadScript12.asp UploadScript13.asp UploadScript2.asp UploadScript3.asp UploadScript4.asp UploadScript5.asp UploadScript6.asp UploadScript7.asp UploadScript8.asp - ----------------------------------------------------- Jim Forster Network Administrator RapidNet, A Golden West Company - ----------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPA/rx4m0Gn1R8/mJEQL80gCfQWczxG2sO663b1nxZUqhZXbvM7YAoIsL o9xUAJrqUR95U2QgE+d05J4U =wZCt -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ASPUpload Rule Jim Forster (Dec 06)