Freitag, 11. Oktober 2013

Rules-Update: vBulletin Exploit


[+] new sigs:
  42000321 :: scanner.rules        :: DN SCAN probably Malicous UA
  42000322 :: web_apps.rules       :: DN WEB_APPS Potential vBulletin Exploit (v5+)
  42000323 :: scanner.rules        :: DN SCAN vBulletinBoard-Scan
  42000324 :: web_apps.rules       :: DN WEB_APPS Potential vBulletin Exploit (v4+)

#
# sid: 42000321 |  date: 2013-10-12 - 00:30:51 | maker: lazydog
# 
# http://www.webmasterworld.com/search_engine_spiders/4058096.htm
# http://serverfault.com/questions/544523/apache-ddos-prevention/544531#544531
 
MainRule "str:mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)" "msg:DN SCAN probably Malicous UA " "mz:$HEADERS_VAR:User-Agent" "s:$ATTACK:8" id:42000321; 
#
# sid: 42000322 |  date: 2013-10-12 - 00:31:23 | maker: lazydog
# 
# http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5
# 
# http://www.vbulletin.org/forum/showthread.php?p=2443431
# 
# 
 
MainRule "str:/core/install/upgrade.php" "msg:DN WEB_APPS Potential vBulletin Exploit (v5+)" "mz:URL" "s:$UWA:8" id:42000322 ; 



#
# sid: 42000323 |  date: 2013-10-12 - 00:30:26 | maker: lazydog
# 
# http://www.vbulletin.org/forum/showthread.php?p=2443431
 
MainRule "str:/core/install/" "msg:DN SCAN vBulletinBoard-Scan " "mz:URL" "s:$UWA:8" id:42000323 ; 



#
# sid: 42000324 |  date: 2013-10-12 - 00:30:05 | maker: lazydog
# 
# http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5
# 
# http://www.vbulletin.org/forum/showthread.php?p=2443431
 
MainRule "str:/install/upgrade.php" "msg:DN WEB_APPS Potential vBulletin Exploit (v4+)" "mz:URL" "s:$ATTACK:8" id:42000324 ; 


Keine Kommentare:

Kommentar veröffentlichen