Versions (6)
Version DetailsCurrent
Rev: 1 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] PHPMyAdmin web shell planting with log redirection
alert http any any -> any any (msg: "ATTACK [PTsecurity] PHPMyAdmin web shell planting with log redirection"; flow: established, to_server; content: "POST"; http_method; content: "import.php"; http_uri; content: "application/x-www-form-urlencoded"; http_header; content: "general_log_file"; http_client_body; fast_pattern; content: ".php"; http_client_body; distance: 0; pcre: "/general_log_file[^&]+\.php(\x22|\x27|\s|%27|%22|%20)/P"; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10004566; rev: 1;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules