alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine? ADSelfService? Captcha Bypass Attempt"; flow:established,to_server; content:"POST"; http_method; nocase; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; http_uri; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:1;)

Added 2011-10-12 19:35:41 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine? ADSelfService? Captcha Bypass Attempt"; flow:established,to_server; content:"POST"; http_method; nocase; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; http_uri; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; classtype:web-application-attack; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; sid:2012979; rev:1;)

Added 2011-06-08 23:52:21 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats