alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Microsoft SQL RCE Attempt (CVE-2020-0618)"; flow:established,to_server; urilen:37; content:"POST"; http_method; content:"/ReportServer/pages/ReportViewer.aspx"; http_uri; content:"NavigationCorrector|24|PageState|3d|NeedsCorrection|26|NavigationCorrector|24|ViewState|3d|"; depth:76; fast_pattern; http_client_body; content:"|26 5f 5f|VIEWSTATE|3d|"; distance:0; isdataat:!1,relative; http_client_body; http_header_names; content:!"Referer|0d 0a|"; reference:url,github.com/euphrat1ca/CVE-2020-0618; classtype:web-application-attack; sid:2029476; rev:2; metadata:affected_product Web_Server_Applications, attack_target Client_Endpoint, created_at 2020_02_18, deployment Perimeter, former_category ATTACK_RESPONSE, signature_severity Major, updated_at 2020_11_11;)

Added 2020-11-12 18:23:19 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Microsoft SQL RCE Attempt (CVE-2020-0618)"; flow:established,to_server; urilen:37; content:"POST"; http_method; content:"/ReportServer/pages/ReportViewer.aspx"; http_uri; content:"NavigationCorrector|24|PageState|3d|NeedsCorrection|26|NavigationCorrector|24|ViewState|3d|"; depth:76; fast_pattern; http_client_body; content:"|26 5f 5f|VIEWSTATE|3d|"; distance:0; isdataat:!1,relative; http_client_body; http_header_names; content:!"Referer|0d 0a|"; reference:url,github.com/euphrat1ca/CVE-2020-0618; classtype:web-application-attack; sid:2029476; rev:2; metadata:affected_product Web_Server_Applications, attack_target Client_Endpoint, created_at 2020_02_18, deployment Perimeter, former_category ATTACK_RESPONSE, signature_severity Major, updated_at 2020_02_18;)

Added 2020-08-05 19:17:35 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Microsoft SQL RCE Attempt (CVE-2020-0618)"; flow:established,to_server; urilen:37; content:"POST"; http_method; content:"/ReportServer/pages/ReportViewer.aspx"; http_uri; content:"NavigationCorrector|24|PageState|3d|NeedsCorrection|26|NavigationCorrector|24|ViewState|3d|"; depth:76; fast_pattern; http_client_body; content:"|26 5f 5f|VIEWSTATE|3d|"; distance:0; isdataat:!1,relative; http_client_body; http_header_names; content:!"Referer|0d 0a|"; metadata: former_category ATTACK_RESPONSE; reference:url,github.com/euphrat1ca/CVE-2020-0618; classtype:web-application-attack; sid:2029476; rev:2; metadata:affected_product Web_Server_Applications, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2020_02_18, updated_at 2020_02_18;)

Added 2020-02-18 18:33:46 UTC


Topic revision: r1 - 2020-11-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats