ET WEB_CLIENT Generic Webshell Accessed on Compromised External Server

SID: 2030019Rev: 20 viewsHistory

Sourceet/open

CreatedApril 24, 2020

UpdatedApril 24, 2020

Classificationweb-application-attack

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Generic Webshell Accessed on Compromised External Server"; flow:established,to_client; file.data; content:"Upload File : <input type=|22|file|22 20|name=|22|file|22|"; fast_pattern; nocase; content:">Name</center></td>"; nocase; distance:0; content:">Size</center></td>"; nocase; distance:0; content:">Permissions</center></td>"; nocase; distance:0; content:">Options</center></td>"; nocase; distance:0; content:"<option value=|22|delete|22|>Delete</option>"; nocase; distance:0; content:"<option value=|22|chmod|22|>Chmod</option>"; nocase; distance:0; content:"<option value=|22|rename|22|>Rename</option>"; nocase; distance:0; content:"<form method=|22|POST|22 20|action=|22|?option&path="; nocase; distance:0; classtype:web-application-attack; sid:2030019; rev:2; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2020_04_24, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_04_24;)

Metadata

affected productWeb_Server_Applications

attack targetWeb_Server

created at2020_04_24

deploymentPerimeter

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_04_24

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!