25 lines
1.3 KiB
Plaintext
25 lines
1.3 KiB
Plaintext
|
|
###############################
|
|
# CONTEXT SPECIFIC SIGNATURES
|
|
#
|
|
# During some injection tests we might not be able to determine that
|
|
# the server is vulnerable. However, some server messages can give away
|
|
# the fact that the underlying logic can likely be abused. The signatures
|
|
# in this file look for such messages and are all linked to individual
|
|
# injection tests. For example: we look for I/O errors during local file
|
|
# disclosure attacks.
|
|
|
|
#####################################################
|
|
# Signatures for check 8: File inclusion / disclosure
|
|
|
|
# PHP errors for include(), fopen(), include_once(), file_get_contents(), etc
|
|
id:51001; sev:2; check:8; content:"[<a href='function."; content:"</a>]: failed to open stream:"; depth:100; memo:"PHP inclusion errors (during traversal tests)";
|
|
id:51002; sev:2; check:8; content:"Warning: "; content:": failed to open stream: "; depth:100; memo:"PHP inclusion errors (during traversal tests)";
|
|
|
|
# Java IO exception
|
|
id:51003; sev:2; check:8; content:"java.io.FileNotFoundException: "; content:"at java.io."; depth:200; memo:"Java FileNotFound exception (during traversal tests)";
|
|
|
|
# Python IO exception
|
|
id:51004; sev:2; check:8; content:"Traceback (most recent call last):"; content:"No such file or directory: "; depth:512; memo:"Python IO backtrace (during traversal tests)";
|
|
|