##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; file_data; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; reference:url,milw0rm.com/exploits/6699; reference:url,doc.emergingthreats.net/2008673; classtype:web-application-attack; sid:2008673; rev:12;)

Added 2012-04-05 20:07:02 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; file_data; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; reference:url,milw0rm.com/exploits/6699; reference:url,doc.emergingthreats.net/2008673; classtype:web-application-attack; sid:2008673; rev:11;)

Added 2011-10-12 19:25:35 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; file_data; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/6699; reference:url,doc.emergingthreats.net/2008673; sid:2008673; rev:11;)

Added 2011-09-14 22:39:03 UTC


##alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; file_data; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/6699; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS_Picturepusher; sid:2008673; rev:11;)

Added 2011-02-04 17:27:51 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS_Picturepusher; sid:2008673; rev:7;)

Added 2009-10-06 14:19:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS_Picturepusher; sid:2008673; rev:7;)

Added 2009-10-06 14:19:02 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS_Picturepusher; sid:2008673; rev:7;)

Added 2009-10-06 14:15:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS_Picturepusher; sid:2008673; rev:7;)

Added 2009-10-06 14:15:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS_Picturepusher; sid:2008673; rev:6;)

Added 2009-10-05 10:30:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_MS_Picturepusher; sid:2008673; rev:6;)

Added 2009-10-05 10:30:36 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS_Picturepusher; sid:2008673; rev:4;)

Added 2009-02-16 21:46:09 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS_Picturepusher; sid:2008673; rev:4;)

Added 2009-02-16 21:46:09 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS_Picturepusher; sid:2008673; rev:4;)

Added 2009-02-16 21:45:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008673; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_MS_Picturepusher; sid:2008673; rev:4;)

Added 2009-02-16 21:45:24 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; sid:2008673; rev:3;)

Added 2008-11-26 09:17:04 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_ACTIVEX Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; sid:2008673; rev:3;)

Added 2008-11-26 09:17:04 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; sid:2008673; rev:2;)

Added 2008-10-24 00:30:21 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; flow:from_server,established; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; sid:2008673; rev:2;)

Added 2008-10-24 00:30:21 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET EXPLOIT Microsoft PicturePusher? ActiveX? Cross Site File Upload Attack"; content:"clsid"; nocase; content:"507813C3-0B26-47AD-A8C0-D483C7A21FA7"; nocase; pcre:"/http\://.*?[\w]{4,}=1/i"; nocase; pcre:"/(PostURL?|AddSeperator|AddString|Post)/i"; nocase; reference:url,milw0rm.com/exploits/6699; classtype:web-application-attack; sid:2008673; rev:1;)

Added 2008-10-17 16:15:21 UTC


Topic revision: r1 - 2012-04-06 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats