ET WEB_SERVER ATTACKER WebShell - PHP Offender - POST Command - Suricata Rule 2017952 (et/open)

ET WEB_SERVER ATTACKER WebShell - PHP Offender - POST Command

SID: 2017952Rev: 30 viewsHistory

Sourceet/open

CreatedJanuary 11, 2014

UpdatedApril 27, 2020

Classificationweb-application-attack

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER ATTACKER WebShell - PHP Offender - POST Command"; flow:established,to_server; http.request_body; content:"work_dir="; content:"command="; content:"submit_btn=Execute+Command"; classtype:web-application-attack; sid:2017952; rev:3; metadata:created_at 2014_01_11, signature_severity Major, updated_at 2020_04_27;)

Metadata

created at2014_01_11

signature severityMajor

updated at2020_04_27

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!