#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DELETED Possible GRANT TO SQL Injection Attempt"; flow:established,to_server; content:"GRANT"; nocase; http_uri; content:"TO"; nocase; http_uri; pcre:"/GRANT.{1,5}TO/Ui"; reference:url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm; classtype:web-application-attack; sid:2013068; rev:4; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2011_06_20, updated_at 2016_07_01;)
Added 2017-08-07 21:06:18 UTC
#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DELETED Possible GRANT TO SQL Injection Attempt"; flow:established,to_server; content:"GRANT"; nocase; http_uri; content:"TO"; nocase; http_uri; pcre:"/GRANT.{1,5}TO/Ui"; reference:url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm; classtype:web-application-attack; sid:2013068; rev:4;)
Added 2016-04-25 18:11:18 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible GRANT TO SQL Injection Attempt"; flow:established,to_server; content:"GRANT"; nocase; http_uri; content:"TO"; nocase; http_uri; pcre:"/GRANT.{1,5}TO/Ui"; reference:url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm; classtype:web-application-attack; sid:2013068; rev:2;)
Added 2011-10-12 19:35:57 UTC
A lot of false positives for this rule. It gets triggered even when the GET requests are like:
/wp-json/oembed/1.0/embed?url=http%3A%2F%2Flibrary.aaa.bb%2Fblog%2F2010%2F04%2Flibrary-receives-nhprc-grant-to-digitize-messersmith-papers%2F&format=xml
/blog/2012/04/library-receives-nhprc-grant-to-digitize-xxxsss-papers/
/features/dare/2014-seagrant-monitoring.jpg
--
FatemaWala - 2016-04-22
FatemaWala, we've reviewed this sig at your suggestion and have decided to remove it. It will be gone in the next update cycle.
Thanks!
--
TravisGreen - 2016-04-22
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible GRANT TO SQL Injection Attempt"; flow:established,to_server; content:"GRANT"; nocase; http_uri; content:"TO"; nocase; http_uri; pcre:"/GRANT.{1,5}TO/Ui"; classtype:web-application-attack; reference:url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm; sid:2013068; rev:2;)
Added 2011-07-13 15:18:50 UTC
Added 2011-06-21 18:09:30 UTC
Added 2011-06-21 18:07:52 UTC