[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Mon Dec 21 10:32:23 EST 2009


[***] Results from Oinkmaster started Mon Dec 21 10:32:23 2009 [***]

[///]     Modified active rules:     [///]

 2010513 - ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source) (emerging-web_server.rules)
 2010514 - ET WEB_CLIENT Possible HTTP 401 XSS Attempt (External Source) (emerging-web_client.rules)
 2010515 - ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source) (emerging-web_server.rules)
 2010516 - ET WEB_CLIENT Possible HTTP 403 XSS Attempt (External Source) (emerging-web_client.rules)
 2010517 - ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source) (emerging-web_server.rules)
 2010518 - ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) (emerging-web_client.rules)
 2010519 - ET WEB_SERVER Possible HTTP 405 XSS Attempt (Local Source) (emerging-web_server.rules)
 2010520 - ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source) (emerging-web_client.rules)
 2010521 - ET WEB_SERVER Possible HTTP 406 XSS Attempt (Local Source) (emerging-web_server.rules)
 2010522 - ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source) (emerging-web_client.rules)
 2010524 - ET WEB_SERVER Possible HTTP 500 XSS Attempt (Internal Source) (emerging-web_server.rules)
 2010525 - ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source) (emerging-web_client.rules)
 2010526 - ET WEB_SERVER Possible HTTP 503 XSS Attempt (Internal Source) (emerging-web_server.rules)
 2010527 - ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source) (emerging-web_client.rules)
 2010528 - ET WEB_SPECIFIC_APPS Joomla MyRemote Video Gallery (user_id) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010529 - ET WEB_SPECIFIC_APPS Joomla component com_jinc (newsid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010530 - ET WEB_SPECIFIC_APPS Loggix Project RFI Attempt (emerging-web_specific_apps.rules)
 2010531 - ET WEB_SPECIFIC_APPS Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt (emerging-web_specific_apps.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (18):
        2010513 || ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010513
        2010514 || ET WEB_CLIENT Possible HTTP 401 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010514
        2010515 || ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010515
        2010516 || ET WEB_CLIENT Possible HTTP 403 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010516
        2010517 || ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010517
        2010518 || ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010518
        2010519 || ET WEB_SERVER Possible HTTP 405 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010519
        2010520 || ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010520
        2010521 || ET WEB_SERVER Possible HTTP 406 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010521
        2010522 || ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010522
        2010524 || ET WEB_SERVER Possible HTTP 500 XSS Attempt (Internal Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010524
        2010525 || ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010525
        2010526 || ET WEB_SERVER Possible HTTP 503 XSS Attempt (Internal Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010526
        2010527 || ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010527
        2010528 || ET WEB_SPECIFIC_APPS Joomla MyRemote Video Gallery (user_id) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010528 || url,milw0rm.org/exploits/9733
        2010529 || ET WEB_SPECIFIC_APPS Joomla component com_jinc (newsid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010529 || url,lhacky.org/jextensions/index.php?option=com_content&view=article&id=18:how-to-use&catid=12:jinc-documentation&Itemid=28 || url,milw0rm.org/exploits/9732
        2010530 || ET WEB_SPECIFIC_APPS Loggix Project RFI Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Loggix || url,doc.emergingthreats.net/2010530 || url,milw0rm.org/exploits/9729
        2010531 || ET WEB_SPECIFIC_APPS Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHPCalendar || url,doc.emergingthreats.net/2010531 || cve,2009-3702 || url,securitytracker.com/alerts/2009/Dec/1023375.html

     -> Added to emerging-sid-msg.map.txt (18):
        2010513 || ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010513
        2010514 || ET WEB_CLIENT Possible HTTP 401 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010514
        2010515 || ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010515
        2010516 || ET WEB_CLIENT Possible HTTP 403 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010516
        2010517 || ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010517
        2010518 || ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010518
        2010519 || ET WEB_SERVER Possible HTTP 405 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010519
        2010520 || ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010520
        2010521 || ET WEB_SERVER Possible HTTP 406 XSS Attempt (Local Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010521
        2010522 || ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010522
        2010524 || ET WEB_SERVER Possible HTTP 500 XSS Attempt (Internal Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010524
        2010525 || ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010525
        2010526 || ET WEB_SERVER Possible HTTP 503 XSS Attempt (Internal Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Error_XSS || url,doc.emergingthreats.net/2010526
        2010527 || ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Error_XSS || url,doc.emergingthreats.net/2010527
        2010528 || ET WEB_SPECIFIC_APPS Joomla MyRemote Video Gallery (user_id) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010528 || url,milw0rm.org/exploits/9733
        2010529 || ET WEB_SPECIFIC_APPS Joomla component com_jinc (newsid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010529 || url,lhacky.org/jextensions/index.php?option=com_content&view=article&id=18:how-to-use&catid=12:jinc-documentation&Itemid=28 || url,milw0rm.org/exploits/9732
        2010530 || ET WEB_SPECIFIC_APPS Loggix Project RFI Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Loggix || url,doc.emergingthreats.net/2010530 || url,milw0rm.org/exploits/9729
        2010531 || ET WEB_SPECIFIC_APPS Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHPCalendar || url,doc.emergingthreats.net/2010531 || cve,2009-3702 || url,securitytracker.com/alerts/2009/Dec/1023375.html

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (18):
        2010513 || ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source)
        2010514 || ET WEB_CLIENT Possible HTTP 401 XSS Attempt (External Source)
        2010515 || ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source)
        2010516 || ET WEB_CLIENT Possible HTTP 403 XSS Attempt (External Source)
        2010517 || ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source)
        2010518 || ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source)
        2010519 || ET WEB_SERVER Possible HTTP 405 XSS Attempt (Local Source)
        2010520 || ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source)
        2010521 || ET WEB_SERVER Possible HTTP 406 XSS Attempt (Local Source)
        2010522 || ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source)
        2010524 || ET WEB_SERVER Possible HTTP 500 XSS Attempt (Internal Source)
        2010525 || ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source)
        2010526 || ET WEB_SERVER Possible HTTP 503 XSS Attempt (Internal Source)
        2010527 || ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source)
        2010528 || ET WEB_SPECIFIC_APPS Joomla MyRemote Video Gallery (user_id) Blind SQL Injection Attempt || url,milw0rm.org/exploits/9733
        2010529 || ET WEB_SPECIFIC_APPS Joomla component com_jinc (newsid) Blind SQL Injection Attempt || url,lhacky.org/jextensions/index.php?option=com_content&view=article&id=18:how-to-use&catid=12:jinc-documentation&Itemid=28 || url,milw0rm.org/exploits/9732
        2010530 || ET WEB_SPECIFIC_APPS Loggix Project RFI Attempt || url,milw0rm.org/exploits/9729
        2010531 || ET WEB_SPECIFIC_APPS Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt || cve,2009-3702 || url,securitytracker.com/alerts/2009/Dec/1023375.html

     -> Removed from emerging-sid-msg.map.txt (18):
        2010513 || ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source)
        2010514 || ET WEB_CLIENT Possible HTTP 401 XSS Attempt (External Source)
        2010515 || ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source)
        2010516 || ET WEB_CLIENT Possible HTTP 403 XSS Attempt (External Source)
        2010517 || ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source)
        2010518 || ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source)
        2010519 || ET WEB_SERVER Possible HTTP 405 XSS Attempt (Local Source)
        2010520 || ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source)
        2010521 || ET WEB_SERVER Possible HTTP 406 XSS Attempt (Local Source)
        2010522 || ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source)
        2010524 || ET WEB_SERVER Possible HTTP 500 XSS Attempt (Internal Source)
        2010525 || ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source)
        2010526 || ET WEB_SERVER Possible HTTP 503 XSS Attempt (Internal Source)
        2010527 || ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source)
        2010528 || ET WEB_SPECIFIC_APPS Joomla MyRemote Video Gallery (user_id) Blind SQL Injection Attempt || url,milw0rm.org/exploits/9733
        2010529 || ET WEB_SPECIFIC_APPS Joomla component com_jinc (newsid) Blind SQL Injection Attempt || url,lhacky.org/jextensions/index.php?option=com_content&view=article&id=18:how-to-use&catid=12:jinc-documentation&Itemid=28 || url,milw0rm.org/exploits/9732
        2010530 || ET WEB_SPECIFIC_APPS Loggix Project RFI Attempt || url,milw0rm.org/exploits/9729
        2010531 || ET WEB_SPECIFIC_APPS Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt || cve,2009-3702 || url,securitytracker.com/alerts/2009/Dec/1023375.html



More information about the Emerging-updates mailing list