ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt

SID: 2010531Rev: 30 views
History
Sourceet/open
CreatedJuly 30, 2010
UpdatedAugust 22, 2019
Classificationweb-application-attack
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt"; flow:established,to_server; content:"/php-calendar-1.1/update"; http_uri; nocase; content:"configfile="; http_uri; nocase; content:".php"; nocase; pcre:"/\x2Fphp-calendar-1.1\x2Fupdate(08|10)\x2Ephp(\x3F|.*(\x26|\x3B))configfile=[^\x26\x3B]*[^a-zA-Z0-9_]/Ui"; reference:url,securitytracker.com/alerts/2009/Dec/1023375.html; reference:cve,2009-3702; classtype:web-application-attack; sid:2010531; rev:3; metadata:created_at 2010_07_30, signature_severity Unknown, updated_at 2019_08_22;)

References

urlsecuritytracker.com/alerts/2009/Dec/1023375.html
cve2009-3702

Metadata

created at2010_07_30
signature severityUnknown
updated at2019_08_22

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!