TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1039
Signature Description: This rule hits when http request argument consists of HTML tag format. Cross site scripting is
possible by passing html tags via http request argument to the server, then server creates a page based on the passed
data and returns that page with malicious web-page, or may redirected to some other person or attacker. Successful
attack may view sensitive information of the affected system
Signature ID: 37042
Javascript injection
Threat Level: Warning
Industry ID: CVE-2008-2496
Signature Description: Cross Site Script execution is possible on any postfield values of http request by using
javascript function. An attacker can execute his own javascript by putting malformed postfield value as javascript,
within this function attacker can place his javascript code. and javascript is protocol which allows users to execute
javascript code from browser's address bar. attacker passes this by putting this in anchor tag, or in any form which calls
external sources. attack will look like javascript: <attacker's script>. Using this technique attacker can steal user's
sensitive information.
Signature ID: 37043
HTML Tags injection with HTML Tag HTML Closing string
Threat Level: Warning
Industry ID: CVE-2008-2646
Signature Description: In HTML /> pattern is used to close HTML tag. An attacker execute his own script by putting
/> pattern in the http request argument values. after this he can place his script or his HTML code to gain the access on
the affected system or to redirect the web-pages
Signature ID: 37044
HTML Comment in HTTP request Line
Threat Level: Warning
Signature Description: Cross Site Scripting is Possible by putting html comment tags in the http request argument
values. An attacker can comment the script provided in the original page by putting less than and exclamation marks
after the http request argument value. and the attacker can insert his own code.
Signature ID: 37045
Cross Site Scripting with HTML Comment tag
Threat Level: Warning
Signature Description: An Attacker can execute his own script by putting forward/backword slash followed with
greater than(Close of HTML Code) in the http request argument value.In general in the http request or post data there
will be any comment statements. attacker injects his script or code after html end-of comment tags.
Signature ID: 37046
HTML Comment tag in HTTP request
Threat Level: Warning
Signature Description: An Attacker can execute his own script by putting end-of-comment tag(html ex: hyphon-
hyphon-greater than) in the http request argument value.In general in the http request or post data there will be any
comment statements. attacker injects his script or code after html end-of comment tags.
Signature ID: 37047
Cross Site Scripting with eval or expression Script functions
Threat Level: Severe
Signature Description: An Attacker can Inject his Own Script or He Can inject SQL Statements by putting expression