#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DELETED Possible GRANT TO SQL Injection Attempt"; flow:established,to_server; content:"GRANT"; nocase; http_uri; content:"TO"; nocase; http_uri; pcre:"/GRANT.{1,5}TO/Ui"; reference:url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm; classtype:web-application-attack; sid:2013068; rev:4;)

Added 2016-04-25 18:11:18 UTC

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible GRANT TO SQL Injection Attempt"; flow:established,to_server; content:"GRANT"; nocase; http_uri; content:"TO"; nocase; http_uri; pcre:"/GRANT.{1,5}TO/Ui"; reference:url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm; classtype:web-application-attack; sid:2013068; rev:2;)

Added 2011-10-12 19:35:57 UTC

A lot of false positives for this rule. It gets triggered even when the GET requests are like: /wp-json/oembed/1.0/embed?url=http%3A%2F%2Flibrary.aaa.bb%2Fblog%2F2010%2F04%2Flibrary-receives-nhprc-grant-to-digitize-messersmith-papers%2F&format=xml /blog/2012/04/library-receives-nhprc-grant-to-digitize-xxxsss-papers/ /features/dare/2014-seagrant-monitoring.jpg

-- FatemaWala - 2016-04-22

FatemaWala, we've reviewed this sig at your suggestion and have decided to remove it. It will be gone in the next update cycle. Thanks!

-- TravisGreen - 2016-04-22

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible GRANT TO SQL Injection Attempt"; flow:established,to_server; content:"GRANT"; nocase; http_uri; content:"TO"; nocase; http_uri; pcre:"/GRANT.{1,5}TO/Ui"; classtype:web-application-attack; reference:url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm; sid:2013068; rev:2;)

Added 2011-07-13 15:18:50 UTC

Added 2011-06-21 18:09:30 UTC

Added 2011-06-21 18:07:52 UTC