Versions (4)
Version DetailsCurrent
Rev: 3 • May 31, 2022, 12:00 PMET EXPLOIT DBltek GoIP GoIP-1 GSM Gateway - Local File Inclusion
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT DBltek GoIP GoIP-1 GSM Gateway - Local File Inclusion"; flow:established,to_server; http.uri; content:"/default/en_US/frame."; startswith; fast_pattern; content:"html?"; within:10; pcre:"/^\x2fdefault\x2fen_US\x2fframe(?:\x2eA100)?\x2ehtml\?(?:content|sidebar)=.*\x2e\x2e\x2f/i"; reference:url,shufflingbytes.com/posts/hacking-goip-gsm-gateway/; reference:url,www.exploit-db.com/exploits/50775; reference:url,cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers; classtype:attempted-admin; sid:2036729; rev:3; metadata:attack_target Server, created_at 2022_05_31, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag LFI, tag RFI, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
May 31, 2022, 12:00 PM
Nov 26, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 2, 2025, 9:35 PM
rules/emerging-exploit.rules