[Phpida-cvs] ida/rules sqlinjection.txt, NONE, 1.1 badUa.txt, NONE, 1.1 xss.txt, NONE, 1.1 .htacces

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phpida/ida/rules
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22197/rules

Added Files:
	sqlinjection.txt badUa.txt xss.txt .htaccess munin.txt 
Log Message:
Initail revsiosion of the "new" Ida

--- NEW FILE: .htaccess ---
Deny From All
--- NEW FILE: sqlinjection.txt ---
$rev:0.2;changed:Sun, 08 Oct 2006 16:13:21 +0200
####################################################################
#
# Created by Audun Larsen (aud...@lk...)
#
# Copyright 2006 Larsen Konsult (www.lkonsult.no)
# 
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#
####################################################################
#
# Data set		Where (regex)		Search for (regex)			Action	Log msg
#
###############################################################################################################################

HTTP_POST	""			"((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"			block	SQL injection in POST data
HTTP_GET	""			"((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"			block	SQL injection in GET data
HTTP_COOKIE	""			"((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"			block	SQL injection in GET data
HTTP_HEADERS    "^HTTP_REFERER$        	"((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"                 block	SQL injection in HTTP_REFERER
--- NEW FILE: munin.txt ---
$rev:2.79;changed:Mon, 09 Oct 2006 17:04:01 +0200
####################################################################
#
# Created by Audun Larsen (aud...@lk...)
#
# Copyright 2006 Larsen Konsult (www.lkonsult.no)
# 
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#
####################################################################
#
# Data set			Where (regex)		Search for (regex)			Action	Log msg
#
###############################################################################################################################

#HTTP_POST			"^(?!fil)"		"all"					pass	Test rule (Drupal)
HTTP_HEADERS                    ""                      ".htaccess"                             block   .htaccess
HTTP_HEADERS                    ""                      ".htpasswd"                             block   .htpasswd

HTTP_HEADERS                    "^REQUEST_METHOD$"      "^(?!POST|GET)"                         pass     Illegal HTTP request method

HTTP_GET                        ""                      "^http:\/"                              block    HTTP in GET param, possible allow_url_fopen attack

HTTP_GET                        ""                      "\.\.\/"                                block    Possible path traversal attempt in GET data
HTTP_POST                       ""                      "\.\.\/"                                block    Possible path traversal attempt in POST data
HTTP_COOKIE                     ""                      "\.\.\/"                                block    Possible path traversal attempt in COOKIE data

## Bad IPS
HTTP_HEADERS                    "^REMOTE_ADDRESS$"     "^205.134.172"                        block    Spamhost
--- NEW FILE: badUa.txt ---
$rev:0.16;changed:Sun, 08 Oct 2006 16:13:09 +0200
####################################################################
#
# Created by Audun Larsen (aud...@lk...)
#
# Copyright 2006 Larsen Konsult (www.lkonsult.no)
# 
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#
####################################################################
#
# Data set		Where (regex)		Search for (regex)				Action	Log msg
#
###############################################################################################################################

HTTP_HEADERS		"^HTTP_USER_AGENT$"	"^spybot"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Mosiac 1.*"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Brutus\/AET"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"cgichk"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"DataCha0s\/2.0"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Morzilla"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"xmlrpc exploit"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Wordpress Hash Grabber"			block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"lwp"   					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Web Downloader"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"WebZIP"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"WebCopier"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Webster"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"WebStripper"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"teleport pro"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"combine"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Black Hole"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"SiteSnagger"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"ProWebWalker"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"CheeseBot"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Mozilla\/(4|5).0$"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"FooBar\/42"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Microsoft Internet Explorer\/5.0$"		block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Nessus"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Nikto" 					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Faxobot"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Crescent Internet ToolPak"			block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"WebBandit"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"WEBMOLE"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Telesoft"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"WebEMailExtractor"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"CherryPicker"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"NICErsPRO"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Advanced Email Extractor"			block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"EmailSiphon"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Extractorpro"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"webbandit"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"EmailCollector"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"WebEMailExtrac"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"EmailWolf"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"CopyRightCheck"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"CopyGuard"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Digimarc WebReader"				block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"DTS Agent"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"WISEbot"					block	Bad user-agent
HTTP_HEADERS		"^HTTP_USER_AGENT$"	"Missigua"					block	Bad user-agent

--- NEW FILE: xss.txt ---
$rev:0.17;changed:Sun, 08 Oct 2006 16:13:31 +0200
####################################################################
#
# Created by Audun Larsen (aud...@lk...)
#
# Copyright 2006 Larsen Konsult (www.lkonsult.no)
# 
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#
####################################################################
#
# Data set			Where (regex)		Search for (regex)			          Action	Log msg
#
###############################################################################################################################

HTTP_POST			""			"<script|<about|<applet|<activex|<chrome|<object" pass	XSS in POST data
HTTP_GET			""			"<script|<about|<applet|<activex|<chrome|<object" block	XSS in GET data
HTTP_COOKIE			""			"<script|<about|<applet|<activex|<chrome|<object" block	XSS in cookie data
HTTP_HEADERS                    "^HTTP_USER_AGENT$"     "<script|<about|<applet|<activex|<chrome|<object" block XSS in user-agent
HTTP_HEADERS                    "^HTTP_REFERER$"        "<script|<about|<applet|<activex|<chrome|<object" block XSS in REFERER

[Phpida-cvs] ida/rules sqlinjection.txt, NONE, 1.1 badUa.txt, NONE, 1.1 xss.txt, NONE, 1.1 .htacces

[Phpida-cvs] ida/rules sqlinjection.txt, NONE, 1.1 badUa.txt, NONE, 1.1 xss.txt, NONE, 1.1 .htaccess, NONE, 1.1 munin.txt, NONE, 1.1