############################################################################
# exploits string
# format => "string, TRUE/FALSE"
# 
# - TRUE/FALSE indicates if this is the final string to be matched to identify 
#   the specified attack. 
#   That is, "FALSE" means the check must go on with the next string.
# - The (test) strings ignore the cases.
#
############################################################################

* Common Exploits
root.exe, TRUE
c+dir+c:\\, TRUE
system32/cmd.exe, TRUE
../cmd.exe, TRUE
tools/getdrvs.exe, TRUE
..%255c..%255c, TRUE
..%252f..%252f, TRUE
.%252e/.%252e/, TRUE
..%c0%af..%c0%af, TRUE
..%%35c..%%35c, TRUE
..%%35%63..%%35%63, TRUE
..%25%35%63..%25%35%63, TRUE
..%f0%80%80%af.., TRUE
..%fc%80%80%80%80%af.., TRUE
..%e0\\%80\\%af.., TRUE
..%e0%80%af.., TRUE
.htaccess, TRUE
.htpasswd, TRUE
add-passwd.cgi, TRUE
../../../../, TRUE
//////////, TRUE
pointsmanager/settings, TRUE

############################################################################
# This section includes strings which are to be tested only on machines
# The idea is to test more aggressively on machines, 
# because they're much more likely malicious
############################################################################

* Machine Only
formail., TRUE			# formmail 
formmail., TRUE
submit.cgi, TRUE		# submit, post : used for posting porn URLs
submit.pl, TRUE
post.cgi, TRUE
post.pl, TRUE
_vti_bin, TRUE
cmd.exe, TRUE			
getdrvs.exe, TRUE
/search/Reverse_Phone?phone=, TRUE # whitepages