Montag, 7. Oktober 2013

Ruleset-Update: WHCMS - Exploit + JBOSS/Tomcat


[+] new sigs:
  42000318 :: web_server.rules     :: DN WEB_SERVER Possible WHMCS Exploit
  42000319 :: scanner.rules        :: DN SCAN Possible WHMCS - Scan
  42000320 :: app_server.rules     :: DN APP_SERVER Possible JBoss/Tomcat JMX InvokerServlet Auth Bypass Attempt


------------------


#
# sid: 42000318 |  date: 2013-10-07 - 22:07:29 | maker: lazydog
# 
# http://localhost.re/p/whmcs-527-vulnerability
 
MainRule "str:aes_encrypt" "msg:DN WEB_SERVER Possible WHMCS Exploit" "mz:BODY|ARGS" "s:$ATTACK:8" id:42000318 ; 

#
# sid: 42000319 |  date: 2013-10-07 - 22:07:53 | maker: lazydog
# 
# http://localhost.re/p/whmcs-527-vulnerability
 
MainRule "str:/register.php" "msg:DN SCAN Possible WHMCS - Scan" "mz:URL" "s:$UWA:8" id:42000319 ; 
#
# sid: 42000320 |  date: 2013-10-07 - 22:08:40 | maker: lazydog
# 
# http://packetstormsecurity.com/files/123510/9sg_ejb.txt
# sid 42000057
 
MainRule "str:/invoker/ejbinvokerservlet" "msg:DN APP_SERVER Possible JBoss/Tomcat JMX InvokerServlet Auth Bypass Attempt" "mz:URL|BODY" "s:$UWA:8" id:42000320 ; 


Keine Kommentare:

Kommentar veröffentlichen