ASPUpload Rule

[Jim Forster <jforster () rapidnet com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's a quick rule for people trying to hit the ASPUpload /samples 
directory/files (installs as /aspupload which points to C:\Program 
Files\Persits Software\AspUpload\Samples)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC ASPUpload 
Samples"; uricontent:"/AspUpload/"; flags: A+; nocase; 
classtype:web-application-attack;)

Information 
link:  http://archives.neohapsis.com/archives/bugtraq/2001-11/0292.html
"Attackers can easily browse and download any file on the system with the 
rights of the web server.  Attackers can upload files to the server and run 
them from executable web folders. "

Individual files in this directory are:

BothFormAndScript.asp
DirectoryListing.asp
Download.asp
DownloadScript9.asp
ExportFilesFromDB.asp
SAMPLE_INDEX.HTM
SendMailWithAttachment.asp
StoredProcedure.asp
  Test1.asp
Test10.asp
Test11.asp
Test12.asp
Test13.asp
Test2.asp
Test3.asp
Test4.asp
Test5.asp
Test6.asp
Test7.asp
Test8.asp
Test9.asp
UploadScript1.asp
UploadScript10.asp
UploadScript11.asp
UploadScript12.asp
UploadScript13.asp
UploadScript2.asp
UploadScript3.asp
UploadScript4.asp
UploadScript5.asp
UploadScript6.asp
UploadScript7.asp
UploadScript8.asp



- -----------------------------------------------------
Jim Forster
Network Administrator
RapidNet, A Golden West Company
- -----------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPA/rx4m0Gn1R8/mJEQL80gCfQWczxG2sO663b1nxZUqhZXbvM7YAoIsL
o9xUAJrqUR95U2QgE+d05J4U
=wZCt
-----END PGP SIGNATURE-----


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users