[Emerging-Sigs] Signature for w-Agora 'search.php' Local File Include and Cross Site Scripting Vulnerabilities

Matthew Jonkman jonkman at emergingthreatspro.com
Mon Oct 25 19:53:05 EDT 2010


Posting now, thanks Dave!

Matt

On Oct 25, 2010, at 2:42 AM, dave richards wrote:

> Hi Matt,
> 
> Please find the signatures for the following,
> 
> w-Agora 'search.php' Local File Include and Cross Site Scripting Vulnerabilities
> 
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Cross Site Scripting Attempt"; flow:to_server,established; uricontent:"/news/search.php3?"; nocase; uricontent:"bn="; nocase; pcre:"/bn\x3d.+(script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ui"; classtype:web-application-attack; reference:bugtraq,44370; sid:20101093; rev:1;)
>     
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/news/search.php3?"; nocase; uricontent:"bn="; nocase;  pcre:"/(..\\)/i"; classtype:web-application-attack; reference:bugtraq,44370; sid:20101094; rev:1;)
> 
> 
> -- 
> Regards,
> Dave
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Emerging-sigs mailing list