alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ECSHOP user.php SQL INJECTION via Referer"; flow:established,to_server; content:"/user.php"; http_uri; http_referer; content:"SELECT"; nocase; content:"UNION"; nocase; content:",4,5,6,7,8,0x"; fast_pattern; metadata: former_category WEB_SPECIFIC_APPS; reference:url,github.com/theLSA/ecshop-getshell; reference:url,github.com/Hzllaga/EcShop_RCE_Scanner/; reference:url,xz.aliyun.com/t/2689?from=groupmessage; classtype:web-application-attack; sid:2027416; rev:1; metadata:attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2019_05_31, performance_impact Moderate, updated_at 2019_05_31;)

Added 2019-05-31 18:38:11 UTC


Topic revision: r1 - 2019-05-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats