ET WEB_SPECIFIC_APPS Possible Netscaler SQLi bypass (POST data) - Suricata Rule 2020732 (et/open) - EveBox Rules

ET WEB_SPECIFIC_APPS Possible Netscaler SQLi bypass (POST data)

SID: 2020732Rev: 41 viewsHistory

Sourceet/open

CreatedMarch 24, 2015

UpdatedJune 3, 2024

Classificationattempted-dos

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Netscaler SQLi bypass (POST data)"; flow:established,to_server; content:"POST"; http_method; content:"Content-Type|3a 20|application"; http_raw_header; content:"Content-Type|3a 20|"; http_raw_header; distance:0; pcre:"/(?:(?:S(?:HOW (?:C(?:UR(?:DAT|TIM)E|HARACTER SET)|(?:VARI|T)ABLES)|ELECT (?:FROM|USER))|U(?:NION SELEC|PDATE SE)T|DELETE FROM|INSERT INTO)|S(?:HOW.+(?:C(?:HARACTER.+SET|UR(DATE|TIME))|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER))|U(?:NION.+SELEC|PDATE.+SE)T|DELETE.+FROM|INSERT.+INTO)/Pmi"; reference:url,seclists.org/fulldisclosure/2015/Mar/95; classtype:attempted-dos; sid:2020732; rev:4; metadata:created_at 2015_03_24, performance_impact Significant, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_06_03;)

References

url	seclists.org/fulldisclosure/2015/Mar/95

Metadata

created at2015_03_24

performance impactSignificant

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2024_06_03

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!