Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1:1000001
Rule detects a command injection attempt on the language parameter of the /cgi-bin/luci script present on device
1:1000000
This rule detects the attempted creating of an "exec" type monitor via the GoCast HTTP API. As of version 1.1.3 this API does not support authentication and will directly execute any command sent via this monitor type.
1:63598
This rule looks for specific characters that may get remapped by PHP and permit this command injection to occur.
1:63587
This rule checks to see if the Content-Length of a request sent to a Windows Server Service is overly large and if at least 30 of these requests have been seen in 1 second
1:63536
This rule looks for
1:63455
This rule alerts on traffic that exploits the vulnerability outlined in CVE-2022-40022. It is looking for characters that can indicate an attempted command injection in the vulnerable parameter.