[Emerging-Sigs] StillSecure: 10 New Signatures - Jan-12 - 2009

signatures signatures at stillsecure.com
Mon Jan 12 04:13:25 EST 2009


Hi Matt,

Please find 10 New Signatures below:

1.       WEB-PHP ClaSS export.php ftype parameter Information Disclosure
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP ClaSS export.php ftype parameter Information Disclosure"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/scripts/export.php?"; nocase; content:"ftype="; nocase; pcre:"/(\.\.\/){1,}/U"; classtype:web-application-attack; reference:url,secunia.com/advisories/33222; reference:bugtraq,32929; sid:2008014; rev:1;) 

 

2.       WEB-PHP Wordpress Plugin Page Flip Image Gallery getConfig.php book_id parameter Remote File Disclosure
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Wordpress Plugin Page Flip Image Gallery getConfig.php book_id parameter Remote File Disclosure"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/books/getConfig.php?"; nocase; content:"book_id="; nocase; pcre:"/(\.\.\/){1,}/U"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/7543 <http://www.milw0rm.com/exploits/7543> ; reference:bugtraq,32966; sid:2008015; rev:1;) 

 

3.       WEB-PHP Rematic CMS referenzdetail.php id parameter SQL Injection
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Rematic CMS referenzdetail.php id parameter SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/referenzdetail.php?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/33208/; reference:url,milw0rm.com/exploits/7502; sid:2008232; rev:1;)

 

4.       WEB-PHP Rematic CMS produkte.php id parameter SQL Injection
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Rematic CMS produkte.php id parameter SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/produkte.php?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/33208/; reference:url,milw0rm.com/exploits/7502; sid:2008233; rev:1;)

 

5.       WEB-PHP WebPhotoPro art.php idm Parameter SQL Injection
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP WebPhotoPro art.php idm Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/art.php"; nocase; uricontent:"idm="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,32829; reference:url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt; sid:2008224; rev:1;)

 

6.       WEB-PHP WebPhotoPro rub.php idr Parameter SQL Injection
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP WebPhotoPro rub.php idr Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/rub.php"; nocase; uricontent:"idr="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,32829; reference:url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt; sid:2008225; rev:1;)

 

7.       WEB-PHP WebPhotoPro galeri_info.php ida Parameter SQL Injection
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP WebPhotoPro galeri_info.php ida Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/galeri_info.php?"; nocase; uricontent:"ida="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,32829; reference:url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt; sid:2008226; rev:1;)

 

8.       WEB-PHP WebPhotoPro galeri_info.php lang Parameter SQL Injection
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP WebPhotoPro galeri_info.php lang Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/galeri_info.php?"; nocase; uricontent:"lang="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,32829; reference:url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt; sid:2008226; rev:1;)

 

9.       WEB-PHP WebPhotoPro rubrika.php idr Parameter SQL Injection
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP WebPhotoPro rubrika.php idr Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/rubrika.php?"; nocase; uricontent:"idr="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,32829; reference:url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt; sid:2008227; rev:1;)

 

10.   WEB-PHP Text Lines Rearrange Script filename parameter File Disclosure
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Text Lines Rearrange Script filename parameter File Disclosure"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/download.php?"; nocase; uricontent:"filename="; nocase; pcre:"/(\.\.\/){1,}/U"; classtype:web-application-attack; reference:url,securityfocus.com/bid/32968; reference:url,milw0rm.com/exploits/7542; sid:2008571; rev:1;)

 

Looking forward for your comments if any...

 
Thanks & Regards,
StillSecure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20090112/7c6cd2d3/attachment-0001.html


More information about the Emerging-sigs mailing list