Rule History

alert http $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; http.cookie; content:"xp_cmdshell"; nocase; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; classtype:web-application-attack; sid:2010119; rev:7; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2024_02_08;)