The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.

Latest rule documents - Search
Rule detects a command injection attempt on the language parameter of the /cgi-bin/luci script present on device
This rule detects the attempted creating of an "exec" type monitor via the GoCast HTTP API. As of version 1.1.3 this API does not support authentication and will directly execute any command sent via this monitor type.
This rule looks for specific characters that may get remapped by PHP and permit this command injection to occur.
This rule checks to see if the Content-Length of a request sent to a Windows Server Service is overly large and if at least 30 of these requests have been seen in 1 second
This rule looks for
This rule alerts on traffic that exploits the vulnerability outlined in CVE-2022-40022. It is looking for characters that can indicate an attempted command injection in the vulnerable parameter.