EmergingThreats> Main Web>2005384 (revision 1)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Generic Password Stealer Checkin URL Detected"; flow:established,to_server; uricontent:"method=get"; nocase; uricontent:"&port="; nocase; uricontent:"&id="; nocase; uricontent:"&type="; nocase; uricontent:"&winver="; nocase; uricontent:"&ver="; nocase; classtype:trojan-activity; sid:2005384; rev:1;)

Added 2007-07-09 04:02:18 UTC

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Xoops SQL Injection Attempt -- table_broken.php lid SELECT"; flow:established,to_server; uricontent:"/class/table_broken.php?"; nocase; uricontent:"lid="; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0377; reference:url,www.securityfocus.com/bid/22399; sid:2005384; rev:1;)

Added 2007-06-18 00:54:33 UTC

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2007-07-09 - MattJonkman
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats