Rule History

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS MagnusBilling icepay.php democ Parameter Command Inject Attempt (CVE-2023-30258)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/mbilling/lib/icepay/icepay.php?democ|3d|"; fast_pattern; startswith; content:"|3b|"; distance:0; within:100; content:"|3b 23|"; distance:0; within:500; reference:url,attackerkb.com/topics/DFUJhaM5dL/cve-2023-30258; reference:cve,2023-30258; classtype:attempted-admin; sid:2049247; rev:1; metadata:affected_product Linux, attack_target Networking_Equipment, created_at 2023_11_16, cve CVE_2023_30258, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_11_16, reviewed_at 2024_10_02; target:dest_ip;)