alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Plone and Zope cmd Parameter Remote Command Execution Attempt"; flow:established,to_server; content:"GET"; http_method; content:"/xmltools/minidom/xml/sax/saxutils/os/popen2?"; nocase; http_uri; content:"cmd="; nocase; http_uri; pcre:"/cmd=\w/Ui"; reference:url,exploit-db.com/exploits/18262; classtype:web-application-attack; sid:2014068; rev:5; metadata:created_at 2012_01_02, updated_at 2012_01_02;)
Added 2017-08-07 21:07:23 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Plone and Zope cmd Parameter Remote Command Execution Attempt"; flow:established,to_server; content:"GET"; http_method; content:"/xmltools/minidom/xml/sax/saxutils/os/popen2?"; nocase; http_uri; content:"cmd="; nocase; http_uri; pcre:"/cmd=\w/Ui"; reference:url,exploit-db.com/exploits/18262; classtype:web-application-attack; sid:2014068; rev:4;)
Added 2012-09-28 00:08:33 UTC
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Plone and Zope cmd Parameter Remote Command Execution Attempt"; flow:established,to_server; content:"GET"; http_method; content:"/xmltools/minidom/xml/sax/saxutils/os/popen2?"; nocase; http_uri; content:"cmd="; nocase; http_uri; pcre:"/cmd=\w*/Ui"; reference:url,exploit-db.com/exploits/18262; classtype:web-application-attack; sid:2014068; rev:3;)
Added 2012-01-02 17:48:33 UTC