Versions (4)
Version DetailsCurrent
Rev: 4 • Sep 23, 2010, 12:00 PMGPL SQL dbms_repcat.add_priority_raw buffer overflow attempt
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS $ORACLE_PORTS (msg:"GPL SQL dbms_repcat.add_priority_raw buffer overflow attempt"; flow:to_server,established; content:"dbms_repcat.add_priority_raw"; nocase; fast_pattern; pcre:"/((\w+)[\r\n\s]*\x3a=[\r\n\s]*(\x27[^\x27]{1075,}\x27|\x22[^\x22]{1075,}\x22)[\r\n\s]*\x3b.*gname[\r\n\s]*=>[\r\n\s]*\2|gname\s*=>\s*(\x27[^\x27]{1075,}|\x22[^\x22]{1075,})|\(\s*(\x27[^\x27]{1075,}|\x22[^\x22]{1075,}))/si"; reference:url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html; classtype:attempted-user; sid:2102728; rev:4; metadata:created_at 2010_09_23, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Sep 23, 2010, 12:00 PM
Oct 8, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Oct 1, 2025, 9:34 PM
rules/emerging-sql.rules