Versions (6)
Version DetailsCurrent
Rev: 1 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] MySQL <= 5.7.15, 5.6.33, 5.5.53 root RCE/Privilege Escalation attempt
alert tcp any any -> any any (msg: "ATTACK [PTsecurity] MySQL <= 5.7.15, 5.6.33, 5.5.53 root RCE/Privilege Escalation attempt"; content: "|03|"; offset: 4; depth: 1; content: "set"; distance: 0; content: "log_file"; distance: 0; content: "my"; distance: 0; content: ".cnf"; distance: 0; within: 7; reference: url, legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html; reference: cve, 2016-6662; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10000129; rev: 1;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules