Rule History

alert tcp any any -> $HOME_NET [$HTTP_PORTS,5432] (msg:"ET EXPLOIT PostgreSQL psql SQL Injection (CVE-2025-1094)"; flow:established,to_server; content:"|3b|"; content:"|5c 5c 21 20|"; fast_pattern; distance:0; reference:url,www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/; reference:cve,2025-1094; classtype:attempted-admin; sid:2060144; rev:3; metadata:affected_product PostgreSQL, attack_target Server, created_at 2025_02_18, cve CVE_2025_1094, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2025_03_04, reviewed_at 2025_08_26, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services; target:dest_ip;)