alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER IIS 8.3 Filename With Wildcard (Possible File/Dir Bruteforce)"; flow:established,to_server; content:"~1"; http_uri; fast_pattern:only; pcre:"/([\*\?]~1|~1\.?[\*\?]|\/~1\/)/U"; reference:url,soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf; classtype:network-scan; sid:2015023; rev:2;)

Added 2012-07-03 22:29:18 UTC


Topic revision: r1 - 2012-07-04 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats