alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Drupal Object Unserialize Exploit Attempt"; flow:to_server,established; content:"POST"; http_method; content:"/user/login"; http_uri; content:"Content-Type|3a 20|application/vnd.php.serialized|0d 0a|"; http_header; content:"username"; http_client_body; content:"SelectQuery"; http_client_body; fast_pattern; metadata: former_category WEB_SPECIFIC_APPS; reference:url,www.ambionics.io/blog/drupal-services-module-rce; classtype:web-application-attack; sid:2024039; rev:3; metadata:affected_product Drupal_Server, attack_target Server, deployment Datacenter, signature_severity Minor, created_at 2017_03_08, performance_impact Moderate, updated_at 2019_10_07;)

Added 2019-10-08 19:34:44 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Drupal Object Unserialize Exploit Attempt"; flow:to_server,established; content:"POST"; http_method; content:"/user/login"; http_uri; content:"Content-Type|3a 20|application/vnd.php.serialized|0d 0a|"; http_header; content:"username"; http_client_body; content:"SelectQuery"; http_client_body; fast_pattern:only; metadata: former_category WEB_SPECIFIC_APPS; reference:url,www.ambionics.io/blog/drupal-services-module-rce; classtype:web-application-attack; sid:2024039; rev:2; metadata:affected_product Drupal_Server, attack_target Server, deployment Datacenter, signature_severity Minor, created_at 2017_03_08, performance_impact Moderate, updated_at 2017_03_08;)

Added 2018-09-13 19:53:37 UTC


Added 2018-09-13 18:01:29 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Drupal Object Unserialize Exploit Attempt"; flow:to_server,established; content:"POST"; http_method; content:"/user/login"; http_uri; content:"Content-Type|3a 20|application/vnd.php.serialized|0d 0a|"; http_header; content:"username"; http_client_body; content:"SelectQuery"; http_client_body; fast_pattern:only; metadata: former_category WEB_SPECIFIC_APPS; reference:url,www.ambionics.io/blog/drupal-services-module-rce; classtype:web-application-attack; sid:2024039; rev:2; metadata:affected_product Drupal_Server, attack_target Server, deployment Datacenter, signature_severity Minor, created_at 2017_03_08, performance_impact Moderate, updated_at 2017_03_08;)

Added 2017-08-07 21:19:19 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Drupal Object Unserialize Exploit Attempt"; flow:to_server,established; content:"POST"; http_method; content:"/user/login"; http_uri; content:"Content-Type|3a 20|application/vnd.php.serialized|0d 0a|"; http_header; content:"username"; http_client_body; content:"SelectQuery"; http_client_body; fast_pattern:only; reference:url,www.ambionics.io/blog/drupal-services-module-rce; classtype:web-application-attack; sid:2024039; rev:2;)

Added 2017-05-05 16:58:58 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Drupal Object Unserialize Exploit Attempt"; flow:to_server,established; content:"POST"; http_method; content:"/user/login"; http_uri; content:"Content-Type|3a 20|application/vnd.php.serialized|0d 0a|"; http_header; content:"username"; http_client_body; content:"SelectQuery"; http_client_body; fast_pattern:only; metadata: former_category WEB_SPECIFIC_APPS; reference:url,www.ambionics.io/blog/drupal-services-module-rce; classtype:web-application-attack; sid:2024039; rev:2;)

Added 2017-05-03 17:35:26 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Drupal Object Unserialize Exploit Attempt"; flow:to_server,established; content:"POST"; http_method; content:"/user/login"; http_uri; content:"Content-Type|3a 20|application/vnd.php.serialized|0d 0a|"; http_header; content:"username"; http_client_body; content:"SelectQuery"; http_client_body; fast_pattern:only; reference:url,www.ambionics.io/blog/drupal-services-module-rce; classtype:web-application-attack; sid:2024039; rev:2;)

Added 2017-03-08 18:54:42 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats