alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER SELECT INSTR in URI, Possible ORACLE Related Blind SQL Injection Attempt"; flow:established,to_server; content:"SELECT"; nocase; http_uri; content:"INSTR"; nocase; http_uri; pcre:"/SELECT.+INSTR/Ui"; reference:url,www.psoug.org/reference/substr_instr.html; reference:url,www.easywebtech.com/artical/Oracle_INSTR.html; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,msdn.microsoft.com/en-us/library/ms161953.aspx; reference:url,doc.emergingthreats.net/2010284; classtype:web-application-attack; sid:2010284; rev:3;)

Added 2011-10-12 19:29:23 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER SELECT INSTR in URI, Possible ORACLE Related Blind SQL Injection Attempt"; flow:established,to_server; content:"SELECT"; nocase; http_uri; content:"INSTR"; nocase; http_uri; pcre:"/SELECT.+INSTR/Ui"; classtype:web-application-attack; reference:url,www.psoug.org/reference/substr_instr.html; reference:url,www.easywebtech.com/artical/Oracle_INSTR.html; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,msdn.microsoft.com/en-us/library/ms161953.aspx; reference:url,doc.emergingthreats.net/2010284; sid:2010284; rev:3;)

Added 2011-09-14 22:42:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER SELECT INSTR in URI, Possible ORACLE Related Blind SQL Injection Attempt"; flow:established,to_server; content:"SELECT"; nocase; http_uri; content:"INSTR"; nocase; http_uri; pcre:"/SELECT.+INSTR/Ui"; classtype:web-application-attack; reference:url,www.psoug.org/reference/substr_instr.html; reference:url,www.easywebtech.com/artical/Oracle_INSTR.html; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,msdn.microsoft.com/en-us/library/ms161953.aspx; reference:url,doc.emergingthreats.net/2010284; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SQL_Injection_Monster_List; sid:2010284; rev:3;)

Added 2011-02-04 17:29:46 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER SELECT INSTR in URI, Possible ORACLE Related Blind SQL Injection Attempt"; flow:established,to_server; uricontent:"SELECT"; nocase; uricontent:"INSTR"; nocase; pcre:"/SELECT.+INSTR/Ui"; classtype:web-application-attack; reference:url,www.psoug.org/reference/substr_instr.html; reference:url,www.easywebtech.com/artical/Oracle_INSTR.html; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,msdn.microsoft.com/en-us/library/ms161953.aspx; reference:url,doc.emergingthreats.net/2010284; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SQL_Injection_Monster_List; sid:2010284; rev:2;)

Added 2009-11-18 21:00:43 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER SELECT INSTR in URI, Possible ORACLE Related Blind SQL Injection Attempt"; flow:established,to_server; uricontent:"SELECT"; nocase; uricontent:"INSTR"; nocase; pcre:"/SELECT.+INSTR/Ui"; classtype:web-application-attack; reference:url,www.psoug.org/reference/substr_instr.html; reference:url,www.easywebtech.com/artical/Oracle_INSTR.html; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,msdn.microsoft.com/en-us/library/ms161953.aspx; reference:url,doc.emergingthreats.net/2010284; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_SQL_Injection_Monster_List; sid:2010284; rev:2;)

Added 2009-11-18 21:00:43 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER SELECT INSTR in URI, Possible ORACLE Related Blind SQL Injection Attempt"; flow:established,to_server; uricontent:"SELECT"; nocase; uricontent:"INSTR"; nocase; pcre:"/SELECT.+INSTR/Ui"; classtype:web-application-attack; reference:url,www.psoug.org/reference/substr_instr.html; reference:url,www.easywebtech.com/artical/Oracle_INSTR.html; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,msdn.microsoft.com/en-us/library/ms161953.aspx; sid:2010284; rev:1;)

Added 2009-11-10 09:21:12 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats