Rule History

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Group Office json.php fingerprint Parameter Remote Command Execution Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/modules/gnupg/json.php?"; nocase; content:"task=send_key"; nocase; content:"fingerprint="; nocase; pcre:"/fingerprint=\w*\;/i"; reference:url,inj3ct0r.com/exploits/13365; classtype:web-application-attack; sid:2011413; rev:4; metadata:created_at 2010_09_28, signature_severity Major, updated_at 2020_09_10;)