Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual page 951

HTTP:PHP:MANTIS-ARB-EXEC2
HTTP:PHP:MLOG-SCREEN
HTTP:PHP:NULL-CHAR-IN-TAG
HTTP:PHP:PHORUM:ADMIN-PW-CHG
HTTP:PHP:PHORUM:READ-ACCESS
HTTP:PHP:PHORUM:REMOTE-EXEC
HTTP:PHP:PHPBB:HIGHLIGHT-EXEC
HTTP:PHP:PHPBB:HIGHLIGHT-EXEC2
HTTP:PHP:PHPBB:PM_SQL_USR
Copyright © 2010, Juniper Networks, Inc.
This signature detects attempts to exploit a vulnerability in
Mantis, an open source Web-based bug tracking system.
Mantis 0.17.3 and earlier versions are vulnerable. Attackers
may send a maliciously crafted URL to cause the Web server
to download PHP code from a remote server, allowing the
attacker to execute arbitrary code with the permissions of
the user that is running the Web server daemon.
This signature detects attempts to exploit the vulnerable
mlog.phtml script. Attackers may remotely access arbitrary
files on the Web server.
This signature detects attempts to exploit a known
vulnerability in the PHP Hytertext Processor (PHP) scripting
language used on many Unix/POSIX-based web servers.
PHP does not properly check for an encoded NULL character
(%00) within parameters passed to it. Because PHP does
not properly filter the HTML for malicious content, attackers
may post HTML that contains malicious code to a
PHP-enabled web site. When other users visit the web site,
the malicious code runs on their web browser with
credentials allowed for the site by that user.
This signature detects attempts to exploit the vulnerable
admin.php3 script in Phorum. Attackers may remotely send
a maliciously crafted string to the script, change the
administrative password of the board without user
verification, and access restricted files on the local system.
This signature detects access to the vulnerable read.php3
script installed with Phorum. Because the script does not
validate input, attackers may execute arbitrary SQL
statements to modify the database contents, insert new
entries, create and drop tables, etc.
This signature detects attempts to exploit a vulnerability in
the PHP Phorum bulletin board system. Attackers may
remotely execute arbitrary commands with the privileges of
the HTTP server.
This signature detects attempts to exploit a vulnerability in
phpBB. Attackers may send a malformed HTTP request to
phpBB to force phpBB to execute arbitrary perl commands
on the server with Web server permissions.
This signature detects attempts to exploit a vulnerability in
phpBB. Attackers may send a malformed HTTP request to
phpBB to force phpBB to execute arbitrary perl commands
on the server with Web server permissions.
This signature detects attempts to inject SQL code into a
request to phpBB, a popular open-source bulletin board
application written in php. Attackers may send a maliciously
crafted request that supplies SQL commands to the
pm_sql_user parameter, changing database values and
escalating client privileges.
Appendix E: Log Entries
medium sos5.0.0
medium sos5.0.0,
sos5.1.0
medium sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.0.0,
sos5.1.0
high sos5.1.0
high sos5.1.0
low sos5.1.0
901