Versions (2)
Version DetailsCurrent
Rev: 5 • May 17, 2016, 12:00 PMET INFO Possible SQLi Attempt in User Agent (Outbound)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET INFO Possible SQLi Attempt in User Agent (Outbound)"; flow:established,to_server; http.user_agent; content:"select"; nocase; fast_pattern; content:"from"; nocase; within:20; pcre:"/select[^\r\n]+from/i"; reference:url,blog.cloudflare.com/the-sleepy-user-agent/; classtype:misc-activity; sid:2022815; rev:5; metadata:created_at 2016_05_17, deployment Perimeter, deprecation_reason Age, performance_impact Moderate, confidence Low, signature_severity Minor, updated_at 2024_04_16, reviewed_at 2024_04_16; target:dest_ip;)
May 17, 2016, 12:00 PM
Apr 16, 2024, 12:00 PM
May 17, 2016, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-info.rules