alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine? ADSelfService? Captcha Bypass Attempt"; flow:established,to_server; content:"POST"; http_method; nocase; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; http_uri; fast_pattern; content:"&Hide_Captcha=0"; nocase; http_client_body; content:"&LOGIN_NAME="; nocase; distance:0; http_client_body; content:"&quesList="; nocase; distance:0; http_client_body; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:3; metadata:created_at 2011_06_08, updated_at 2020_11_06;)

Added 2020-11-06 19:13:16 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine? ADSelfService? Captcha Bypass Attempt"; flow:established,to_server; content:"POST"; http_method; nocase; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; http_uri; fast_pattern; content:"&Hide_Captcha=0"; nocase; http_client_body; content:"&LOGIN_NAME="; nocase; distance:0; http_client_body; content:"&quesList="; nocase; distance:0; http_client_body; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:3; metadata:created_at 2011_06_08, updated_at 2020_03_11;)

Added 2020-03-12 00:25:49 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine? ADSelfService? Captcha Bypass Attempt"; flow:established,to_server; content:"POST"; http_method; nocase; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; http_uri; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:2; metadata:created_at 2011_06_08, updated_at 2011_06_08;)

Added 2018-09-13 19:43:02 UTC


Added 2018-09-13 17:55:35 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine? ADSelfService? Captcha Bypass Attempt"; flow:established,to_server; content:"POST"; http_method; nocase; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; http_uri; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:2; metadata:created_at 2011_06_08, updated_at 2011_06_08;)

Added 2017-08-07 21:06:12 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine? ADSelfService? Captcha Bypass Attempt"; flow:established,to_server; content:"POST"; http_method; nocase; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; http_uri; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:1;)

Added 2011-10-12 19:35:41 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine? ADSelfService? Captcha Bypass Attempt"; flow:established,to_server; content:"POST"; http_method; nocase; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; http_uri; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; classtype:web-application-attack; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; sid:2012979; rev:1;)

Added 2011-06-08 23:52:21 UTC


Topic revision: r1 - 2020-11-07 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats