alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt"; flow:to_server,established; uricontent:"/cgi-bin/|3B|"; nocase; pcre:"/\x2Fcgi\x2Dbin\x2F\x3B.+[a-z]/Ui"; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,doc.emergingthreats.net/2009678; reference:url,www.dd-wrt.com/phpBB2/viewtopic.php?t=55173; reference:bid,35742; reference:cve,2009-2765; classtype:attempted-admin; sid:2009678; rev:6; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:49 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt"; flow:to_server,established; content:"/cgi-bin/|3B|"; fast_pattern:only; nocase; http_uri; pcre:"/\x2Fcgi\x2Dbin\x2F\x3B.+[a-z]/Ui"; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,doc.emergingthreats.net/2009678; reference:url,www.dd-wrt.com/phpBB2/viewtopic.php?t=55173; reference:bid,35742; reference:cve,2009-2765; classtype:attempted-admin; sid:2009678; rev:8;)

Added 2011-10-12 19:28:02 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt"; flow:to_server,established; content:"/cgi-bin/|3B|"; fast_pattern:only; nocase; http_uri; pcre:"/\x2Fcgi\x2Dbin\x2F\x3B.+[a-z]/Ui"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,doc.emergingthreats.net/2009678; reference:url,www.dd-wrt.com/phpBB2/viewtopic.php?t=55173; reference:bid,35742; reference:cve,2009-2765; sid:2009678; rev:8;)

Added 2011-09-14 22:41:19 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt"; flow:to_server,established; content:"/cgi-bin/|3B|"; fast_pattern:only; nocase; http_uri; pcre:"/\x2Fcgi\x2Dbin\x2F\x3B.+[a-z]/Ui"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,doc.emergingthreats.net/2009678; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_DD-WRT; reference:url,www.dd-wrt.com/phpBB2/viewtopic.php?t=55173; reference:bid,35742; reference:cve,2009-2765; sid:2009678; rev:8;)

Added 2011-02-04 17:29:03 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Possible DD-WRT Command Execution Attack"; flow:to_server,established; uricontent:"|2F|cgi|2D|bin|2F 3B|"; nocase; pcre:"/\x2Fcgi\x2Dbin\x2F\x3B.+[a-z]/Ui"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,www.securityfocus.com/bid/35742; reference:url,doc.emergingthreats.net/2009678; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_DD-WRT; sid:2009678; rev:5;)

Added 2009-11-10 09:21:12 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Possible DD-WRT Command Execution Attack"; flow:to_server,established; uricontent:"|2F|cgi|2D|bin|2F 3B|"; nocase; pcre:"/\x2Fcgi\x2Dbin\x2F\x3B.+[a-z]/Ui"; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,www.securityfocus.com/bid/35742; reference:url,doc.emergingthreats.net/2009678; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_DD-WRT; sid:2009678; rev:5;)

Added 2009-11-10 09:21:12 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Possible DD-WRT Command Execution Attack"; flow:to_server,established; uricontent:"/cgi-bin/\;"; nocase; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,doc.emergingthreats.net/2009678; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_DD-WRT; sid:2009678; rev:4;)

Added 2009-10-06 14:19:03 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SERVER Possible DD-WRT Command Execution Attack"; flow:to_server,established; uricontent:"/cgi-bin/\;"; nocase; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,doc.emergingthreats.net/2009678; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_DD-WRT; sid:2009678; rev:4;)

Added 2009-10-06 14:19:03 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB Possible DD-WRT Command Execution Attack"; flow:to_server,established; uricontent:"/cgi-bin/\;"; nocase; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,doc.emergingthreats.net/2009678; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_DD-WRT; sid:2009678; rev:2;)

Added 2009-07-22 20:30:36 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB Possible DD-WRT Command Execution Attack"; flow:to_server,established; uricontent:"/cgi-bin/\;"; nocase; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; reference:url,doc.emergingthreats.net/2009678; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_DD-WRT; sid:2009678; rev:2;)

Added 2009-07-22 20:30:36 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB Possible DD-WRT Command Execution Attack"; flow:to_server,established; uricontent:"/cgi-bin/\;"; nocase; classtype:attempted-admin; reference:url,isc.sans.org/diary.html?storyid=6853; reference:url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/; sid:2009678; rev:1;)

Added 2009-07-22 19:45:35 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats