Rule History

SID: 2010531 • Source: et/open

Versions (2)

Version DetailsCurrent

Rev: 3 • Jul 30, 2010, 12:00 PM

Message:

ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt

Rule:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt"; flow:established,to_server; content:"/php-calendar-1.1/update"; http_uri; nocase; content:"configfile="; http_uri; nocase; content:".php"; nocase; pcre:"/\x2Fphp-calendar-1.1\x2Fupdate(08|10)\x2Ephp(\x3F|.*(\x26|\x3B))configfile=[^\x26\x3B]*[^a-zA-Z0-9_]/Ui"; reference:url,securitytracker.com/alerts/2009/Dec/1023375.html; reference:cve,2009-3702; classtype:web-application-attack; sid:2010531; rev:3; metadata:created_at 2010_07_30, signature_severity Unknown, updated_at 2019_08_22;)

Created:

Jul 30, 2010, 12:00 PM

Updated:

Aug 22, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-deleted.rules