alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible Android RCE via XSS and Play Store XFO"; flow:from_server,established; file_data; content:"|5c|u00"; byte_test:2,<,0x21,0,relative,string,hex; content:"javascript|3a|"; nocase; within:11; distance:2; content:"/store/apps/details?id="; nocase; fast_pattern; reference:url,1337day.com/exploit/22581; reference:cve,2014-6041; reference:url,github.com/rapid7/metasploit-framework/commit/7f2add2ce30f33e7787310d7abcb1781e8ea8f43; classtype:attempted-user; sid:2020393; rev:3; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, deployment Perimeter, tag Web_Client_Attacks, signature_severity Major, created_at 2015_02_10, updated_at 2019_10_07;)

Added 2019-10-08 19:34:20 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible Android RCE via XSS and Play Store XFO"; flow:from_server,established; file_data; content:"|5c|u00"; byte_test:2,<,0x21,0,relative,string,hex; content:"javascript|3a|"; nocase; within:11; distance:2; content:"/store/apps/details?id="; nocase; fast_pattern:only; reference:url,1337day.com/exploit/22581; reference:cve,2014-6041; reference:url,github.com/rapid7/metasploit-framework/commit/7f2add2ce30f33e7787310d7abcb1781e8ea8f43; classtype:attempted-user; sid:2020393; rev:2; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, deployment Perimeter, tag Web_Client_Attacks, signature_severity Major, created_at 2015_02_10, updated_at 2016_07_01;)

Added 2017-08-07 21:14:52 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Possible Android RCE via XSS and Play Store XFO"; flow:from_server,established; file_data; content:"|5c|u00"; byte_test:2,<,0x21,0,relative,string,hex; content:"javascript|3a|"; nocase; within:11; distance:2; content:"/store/apps/details?id="; nocase; fast_pattern:only; reference:url,1337day.com/exploit/22581; reference:cve,2014-6041; reference:url,github.com/rapid7/metasploit-framework/commit/7f2add2ce30f33e7787310d7abcb1781e8ea8f43; classtype:attempted-user; sid:2020393; rev:2;)

Added 2015-02-10 19:54:29 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats