Rule History

alert http $EXTERNAL_NET any -> $HOME_NET 8880 (msg:"ET WEB_SERVER Plesk Panel Possible HTTP_AUTH_LOGIN SQLi (CVE-2012-1557)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/enterprise/control/agent.php"; http.header; content:"HTTP_AUTH_LOGIN|3a|"; pcre:"/^[^\r\n]*?[\x27\x22\t\\%\x00\x08\x26]/R"; reference:cve,CVE-2012-1557; classtype:attempted-user; sid:2016792; rev:5; metadata:created_at 2013_04_27, confidence Medium, signature_severity Major, updated_at 2022_07_12;)