[Emerging-Sigs] Fwd: Signature for Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection Vulnerabilities

dave richards dave.richards0319 at gmail.com
Sat Oct 16 23:17:25 EDT 2010


Hi,

Please find the modified signature,
Note: Space given for content:"POST "

Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection Vulnerabilities
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP
Pre Projects E-Smart Cart login.asp Arbitrary SQL Command Injection
Attempt"; flow:established,to_server; content:"POST "; depth:5;
uricontent:"/embadmin/login.asp"; nocase; content:"%27"; distance:0;
classtype:web-application-attack;
reference:url,
juniper-federal.org/security/auto/vulnerabilities/vuln37418.html;
reference:url,exploit-db.com/exploits/14376; sid:20101024; rev:1;)
--
On Sun, Oct 17, 2010 at 7:12 AM, waldo kitty <wkitty42 at windstream.net>wrote:

> On 10/15/2010 08:30, dave richards wrote:
>
>> Hi Matt,
>>
>> Please find the signature for the following,
>>
>> Pre Projects E-Smart Cart 'embadmin/login.asp' SQL Injection
>> Vulnerabilities
>> alert tcp $EXTERNAL_NET any ->  $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP
>> Pre Projects E-Smart Cart login.asp Arbitrary SQL Command Injection
>> Attempt"; flow:established,to_server; content:"POST"; depth:5;
>>
>
> you are still missing the space in this content depth:5 :?
>
> it should be
>
>   content:"POST "; depth:5;
>
> if you want to use this format...
>
>
> uricontent:"/embadmin/login.asp"; nocase; content:"%27"; distance:0;
>> classtype:web-application-attack;
>> reference:url,
>> juniper-federal.org/security/auto/vulnerabilities/vuln37418.html;
>> reference:url,exploit-db.com/exploits/14376; sid:20101024; rev:1;)
>>
>


-- 
Regards,
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101017/1d936f0a/attachment.html


More information about the Emerging-sigs mailing list