Rule History

alert http any any -> $HOME_NET any (msg:"ET EXPLOIT D-Link DIR601 2.02 Credential Disclosure"; flow:established,to_server; http.uri; content:"/my_cgi.cgi"; http.request_body; content:"request=no_auth"; content:"request=load_settings"; content:"table_name=admin_user"; fast_pattern; content:"table_name=user_user"; content:"table_name=wireless_settings"; content:"table_name=wireless_security"; content:"table_name=wireless_wpa_settings"; reference:url,exploit-db.com/exploits/45002/; classtype:attempted-recon; sid:2025823; rev:3; metadata:attack_target IoT, created_at 2018_07_10, deployment Datacenter, performance_impact Low, confidence High, signature_severity Major, updated_at 2020_08_25;)