ET WEB_SERVER Possible SQLi Attempt in User Agent (Inbound)

SID: 2022816Rev: 42 viewsHistory

Sourceet/open

CreatedMay 17, 2016

UpdatedAugust 20, 2020

Classificationtrojan-activity

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Possible SQLi Attempt in User Agent (Inbound)"; flow:established,to_server; http.user_agent; content:"select"; nocase; distance:0; fast_pattern; content:"from"; nocase; within:20; reference:url,blog.cloudflare.com/the-sleepy-user-agent/; classtype:trojan-activity; sid:2022816; rev:4; metadata:created_at 2016_05_17, confidence Medium, signature_severity Major, updated_at 2020_08_20;)

References

url	blog.cloudflare.com/the-sleepy-user-agent/

Metadata

created at2016_05_17

confidenceMedium

signature severityMajor

updated at2020_08_20

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!