alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT D-Link bsc_wlan.php Security Bypass"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/bsc_wlan.php"; nocase; http.request_body; content:"ACTION_POST=final&"; nocase; content:"&f_ssid="; nocase; content:"&f_authentication=7&"; nocase; within:135; content:"f_cipher=2&"; nocase; content:"f_wep_len=&f_wep_format=&f_wep_def_key=&"; nocase; within:40; content:"&f_wep=&f_wpa_psk_type=1&f_wpa_psk="; nocase; content:"&f_radius_ip1=&f_radius_port1=&f_radius_secret1="; fast_pattern; nocase; within:70; reference:url,packetstormsecurity.org/files/view/96100/dlinkwlan-bypass.txt; classtype:web-application-attack; sid:2012103; rev:6; metadata:created_at 2010_12_27, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_05;)