From: Brian Caswell (bmcsnort.org)
Date: Mon May 01 2006 - 19:59:37 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On May 1, 2006, at 5:58 PM, Dave Aitel wrote:
> So this is our basic IDS tester of the week. It's in the April CANVAS
> release (that's today), and my bet is that NO IDS detects it, since
> none of them were brave enough to send me a VM to test. But now
> everyone has it, so we'll see if they have the ability to quickly pump
> out a signature. It's a easier test than the previous one, so we
> expect par time of less than one week. Less than one day is considered
> a birdy. :>

If only the wife didn't expect me to eat dinner with the family, then
help the girls with their homework.

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-
PHP horde help module arbitrary command execution attempt";
flow:established,to_server; uricontent:"/services/help/"; pcre:"/[\?
\x3b\x26]module=[a-zA-Z0-9]*[^\x3b\x26]/U"; classtype:web-application-
attack;)

Brian

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]