Hi all, I create a rule to detect the php5-cgi exploit[1] created by the researcher Kingcope, follow in attach the sampler to test.
<group name="web,appsec,attack">
<rule id="160001" level="6">
<if_sid>31100</if_sid>
<url>/cgi-bin/php</url>
<regex>"POST /cgi-bin/php</regex>
<description>php5-cgi exploit
(http://www.exploit-db.com/exploits/29290/).</description>
</rule>
</group>
More info about the PHP5-CGI issue and the exploit in
http://www.exploit-db.com/exploit/29290/
New suggestions are welcome. =)
Best,
Alexos
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
acme.access.log.rar
Description: Binary data
