github.com/rvaralda/deis@v1.4.1/router/firewall/web_apps.rules (about) 1 2 ########################################################################## 3 # 4 # doxi_rulesets - rules fo nginx+naxsi 5 # desc : WEB_APPS 6 # file : web_apps.rules 7 # created : 2014-09-28 - 12:29 8 # by : nginx-goodies 9 # download : https://bitbucket.org/lazy_dogtown/doxi-rules 10 # 11 ########################################################################### 12 13 # 14 # sid: 42000276 | date: 2013-07-21 - 10:19 15 # 16 # https://www.owasp.org/index.php/HTTP_Request_Smuggling 17 # 18 MainRule "str:get http" "msg:HTTP - Smuggling-Attempt (Proxy-GET in Headers)" "mz:HEADERS" "s:$EVADE:8" id:42000276 ; 19 20 21 # 22 # sid: 42000239 | date: 2013-01-24 - 17:30 23 # 24 # typo3-standard-featurte, DONTWANT 25 # 26 MainRule "str:jumpurl=" "msg:Typo3-JumpURL-Access " "mz:ARGS" "s:$UWA:8" id:42000239 ; 27 28 29 # 30 # sid: 42000126 | date: 2012-12-25 - 12:28 31 # 32 # http://www.securityfocus.com/bid/53787/info 33 # http://downloads.securityfocus.com/vulnerabilities/exploits/53787.php 34 # 35 MainRule "str:/uploadify/uploadify.php" "msg:WordPress Uploadify-Access" "mz:URL" "s:$ATTACK:8" id:42000126 ; 36 37 38 # 39 # sid: 42000125 | date: 2012-12-25 - 11:49 40 # 41 # http://seclists.org/fulldisclosure/2012/Dec/242 42 # http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh 43 # 44 MainRule "str:/w3tc/dbcache" "msg:WordPress TotalCache-DBCache-Access" "mz:URL" "s:$UWA:8" id:42000125 ; 45 46 47 # 48 # sid: 42000123 | date: 2012-12-21 - 13:59 49 # 50 # http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/ 51 # http://packetstormsecurity.org/files/view/105240/timthumb-exec.txt 52 # 53 MainRule "str:/timthumbdir/cache" "msg:WP TimThumb - Cache - Access " "mz:URL" "s:$ATTACK:8" id:42000123 ; 54 55 56 # 57 # sid: 42000089 | date: 2012-12-18 - 14:14 58 # 59 # 60 # 61 MainRule "str:/xmlrpc.php" "msg:XMLRPC - Access detected (misc Wordpress/Magento-Vulns)" "mz:URL" "s:$UWA:8" id:42000089 ; 62 63 64 # 65 # sid: 42000088 | date: 2012-12-18 - 12:03 66 # 67 # http://seclists.org/bugtraq/2012/Dec/101 68 # https://github.com/FireFart/WordpressPingbackPortScanner 69 # http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/ 70 # 71 MainRule "str:pingback.ping" "msg:Possible WordpressPingbackPortScanner" "mz:BODY" "s:$ATTACK:8,$UWA:8" id:42000088 ; 72 73 74 # 75 # sid: 42000086 | date: 2012-11-27 - 18:47 76 # 77 # http://piwik.org/blog/2012/11/security-report-piwik-org-webserver-hacked-for-a-few-hours-on-2012-nov-26th/ 78 # http://forum.piwik.org/read.php?2,97666 79 # 80 MainRule "str:/core/datatable/filter/megre.php" "msg:PIWIK-RemoteShell Access" "mz:URL" "s:$ATTACK:8,$UWA:8" id:42000086 ; 81 82 83 # 84 # sid: 42000085 | date: 2012-11-27 - 18:46 85 # 86 # http://piwik.org/blog/2012/11/security-report-piwik-org-webserver-hacked-for-a-few-hours-on-2012-nov-26th/ 87 # http://forum.piwik.org/read.php?2,97666 88 # 89 MainRule "str:/core/loader.php" "msg:PIWIK-Backdoor-Access " "mz:URL" "s:$ATTACK:8,$UWA:8" id:42000085 ; 90 91 92 # 93 # sid: 42000071 | date: 2012-10-18 - 09:37 94 # 95 # http://www.securityfocus.com/bid/34236/info 96 # 97 MainRule "str:/scripts/setup.php" "msg:PHPMYADMIN setup.php - Access " "mz:URL" "s:$ATTACK:8" id:42000071 ; 98 99 100 # 101 # sid: 42000065 | date: 2012-10-18 - 09:16 102 # 103 # www.magentocommerce.com/blog/comments/important-security-update-zend-platform-vulnerability/ 104 # www.magentocommerce.com/blog/update-zend-framework-vulnerability-security-update 105 # www.exploit-db.com/exploits/19793/ 106 # 107 MainRule "str:/api/xmlrpc" "msg:Magento XMLRPC-Exploit Attempt" "mz:URL|BODY" "s:$ATTACK:8" id:42000065 ; 108 109 110 111 # 112 # sid: 42000055 | date: 2012-10-17 - 16:39 113 # 114 # http://www.exploit-db.com/exploits/21851/ 115 # 116 MainRule "str:/file/show.cgi/bin/" "msg:WEBMIN /file/show.cgi Remote Command Execution" "mz:URL" "s:$ATTACK:8,$UWA:8" id:42000055 ; 117 118