Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Emerging-Sigs] request enhance old sid 3193 please

From: Matt Jonkman <jonkman () jonkmans com>
Date: Sun, 29 Jul 2012 17:40:00 -0400
Good catch, making the change now. (2103193 in the ET set)

Matt

On Sun, Jul 29, 2012 at 7:31 PM, rmkml <rmkml () yahoo fr> wrote:

Hi,
Im request on old sid 3193 to enhance pcre,

old:
 pcre:"/.cmd\x22.*\x26.*/smi";

new:
 pcre:"/\.cmd\x22.*?\x26/Ui";

Fire with this URI:
 /a.cmd"a&
 /a.cmd%22a&
 /a.cmd"a%26
 /a.cmd%22a%26

Regards
Rmkml

http://twitter.com/rmkml
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () lists emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Current!


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: