[Emerging-Sigs] Fwd: Signature for Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection Vulnerabilities

waldo kitty wkitty42 at windstream.net
Sat Oct 16 21:42:30 EDT 2010


On 10/15/2010 08:30, dave richards wrote:
> Hi Matt,
>
> Please find the signature for the following,
>
> Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection Vulnerabilities
> alert tcp $EXTERNAL_NET any ->  $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP
> Pre Projects E-Smart Cart login.asp Arbitrary SQL Command Injection
> Attempt"; flow:established,to_server; content:"POST"; depth:5;

you are still missing the space in this content depth:5 :?

it should be

    content:"POST "; depth:5;

if you want to use this format...

> uricontent:"/embadmin/login.asp"; nocase; content:"%27"; distance:0;
> classtype:web-application-attack;
> reference:url,juniper-federal.org/security/auto/vulnerabilities/vuln37418.html;
> reference:url,exploit-db.com/exploits/14376; sid:20101024; rev:1;)


More information about the Emerging-sigs mailing list