Thanks Michael,
In the future please post to either snort-sigs or bleeding-sigs but not
both.
With regard to the rule you submitted below, I believe you intended it
to be "flow:from_server" because the direction is from the http_server
outbound. Please clarify why it was written this way if you still prefer
to_server.
-Blake
alert tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any(msg: "BLEEDING-EDGE
PHP osCommerce vulnerable web application extras/update.php exists";
flow:to_server,established; content:"Select an SQL file to
install";reference:url,retrogod.altervista.org/oscommerce_22_adv.html;
classtype:attempted-recon; rev:1;)
--
This email and any files transmitted with it are solely intended for the use of
the addressee(s) and may contain information that is confidential and
privileged. If you receive this email in error, please advise us by return
email immediately. Please also disregard the contents of the email, delete it
and destroy any copies immediately. Demarc Security, Inc. does not accept
liability for the views expressed in the email or for the consequences of any
computer viruses that may be transmitted with this email.
This email is also subject to copyright. No part of it should be reproduced,
adapted or transmitted without the written consent of the copyright owner.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
