Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER ThinkPHP RCE Exploitation Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/index"; content:"/invokefunction&function=call_user_func_array"; distance:0; fast_pattern; reference:url,www.exploit-db.com/exploits/45978; classtype:attempted-admin; sid:2026731; rev:3; metadata:affected_product PHP, attack_target Web_Server, created_at 2018_12_14, deployment Perimeter, deployment Datacenter, performance_impact Low, signature_severity Major, tag ThinkPHP, updated_at 2020_08_31;)