alert http any any -> $HTTP_SERVERS any (msg:"ET EXPLOIT SolusVM? 1.13.03 SQL injection"; flow:established,to_server; content:"POST"; http_method; content:"/centralbackup.php?"; http_uri; fast_pattern:only; content:"_v="; content:"deleteid="; classtype:trojan-activity; sid:2017060; rev:4; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2013_06_24, updated_at 2016_07_01;)

Added 2017-12-05 16:50:38 UTC


alert http $HOME_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT SolusVM? 1.13.03 SQL injection"; flow:established,to_server; content:"POST"; http_method; content:"/centralbackup.php?"; http_uri; fast_pattern:only; content:"_v="; content:"deleteid="; classtype:trojan-activity; sid:2017060; rev:3; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2013_06_24, updated_at 2016_07_01;)

Added 2017-08-07 21:10:55 UTC


alert tcp $HOME_NET any -> $HTTP_SERVERS [5353,5656,80] (msg:"ET EXPLOIT SolusVM? 1.13.03 SQL injection"; flow:established,to_server; content:"POST "; depth:5; content:"/centralbackup.php?"; fast_pattern:only; content:"_v="; content:"deleteid="; classtype:trojan-activity; sid:2017060; rev:2;)

Added 2013-06-24 20:00:56 UTC


Topic revision: r1 - 2017-12-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats