alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible jQuery File Upload Attempt"; flow:established,to_server; content:"POST"; http_method; content:"/php/"; http_uri; content:"name=|22|files|22 3b|"; http_client_body; content:"<?php"; nocase; http_client_body; metadata: former_category WEB_SERVER; reference:url,github.com/lcashdol/Exploits/tree/master/CVE-2018-9206; reference:cve,2018-9206; classtype:web-application-attack; sid:2026552; rev:2; metadata:affected_product PHP, attack_target Server, deployment Datacenter, signature_severity Major, created_at 2018_10_25, updated_at 2018_10_25;)

Added 2018-10-25 18:06:39 UTC


Topic revision: r1 - 2018-10-25 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats