Versions (4)
Version DetailsCurrent
Rev: 4 • Oct 10, 2013, 12:00 PMET WEB_SPECIFIC_APPS Possible VBulletin Unauthorized Admin Account Creation
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible VBulletin Unauthorized Admin Account Creation"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/upgrade.php"; nocase; fast_pattern; http.header; content:"Origin|3a|"; http.request_body; content:"&customerid="; nocase; content:"&htmlsubmit="; content:"username"; nocase; content:"confirmpassword"; nocase; reference:url,blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html; classtype:web-application-attack; sid:2017575; rev:4; metadata:created_at 2013_10_10, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_21;)
Oct 10, 2013, 12:00 PM
Sep 21, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 2, 2025, 10:34 PM
rules/emerging-web_specific_apps.rules