-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrules.js
66 lines (64 loc) · 1.3 KB
/
rules.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
var rules = [
{
msg: 'SQL use of sleep function in HTTP header - likely SQL injection attempt',
http_header: true,
http_uri: false,
contents: [
{
name: 'User-Agent',
value: 'sleep(',
},
],
id: '38993',
},
{
msg: 'SERVER-IIS *.idc attempt',
http_header: false,
http_uri: true,
contents: ['/*.idc'],
id: '973',
},
{
msg: 'SERVER-WEBAPP rwwwshell.pl access',
http_header: false,
http_uri: true,
contents: ['/rwwwshell.pl'],
id: '834',
},
{
msg: 'SERVER-WEBAPP uploader.exe access',
http_header: false,
http_uri: true,
contents: ['/uploader.exe'],
id: '837',
},
{
msg: 'SERVER-OTHER Microsoft Frontpage services.cnf access',
http_header: false,
http_uri: true,
contents: ['/_vti_pvt/services.cnf'],
id: '961',
},
{
msg: 'SERVER-IIS cmd.exe access',
http_header: false,
http_uri: true,
contents: ['cmd.exe'],
id: '1002',
},
{
msg: 'SERVER-WEBAPP /etc/passwd file access attempt',
http_header: false,
http_uri: true,
contents: ['/etc/passwd'],
id: '1122',
},
{
msg: 'SERVER-WEBAPP Phorum admin access',
http_header: false,
http_uri: true,
contents: ['/admin.php3'],
id: '1134',
},
];
module.exports = rules;