alert http any any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible PHP Remote Code Execution CVE-2019-11043 PoC? (Inbound)"; flow:established,to_server; content:"|25|OA"; http_uri; nocase; content:"=/bin/sh+-c+'"; http_uri; nocase; distance:0; fast_pattern; metadata: former_category WEB_SERVER; reference:url,github.com/neex/phuip-fpizdam; reference:url,github.com/vulhub/vulhub/tree/master/php/CVE-2019-11043; reference:cve,2019-11043; classtype:web-application-attack; sid:2028895; rev:2; metadata:affected_product PHP, attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2019_10_23, updated_at 2019_10_23;)

Added 2019-10-23 19:39:27 UTC


Topic revision: r1 - 2019-10-23 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats