ET EXPLOIT ZKBioSecurity SQL Injection Attempt (CVE-2022-36635)

SID: 2039129Rev: 11 views
History
Sourceet/open
CreatedOctober 7, 2022
UpdatedOctober 7, 2022
Classificationattempted-admin
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT ZKBioSecurity SQL Injection Attempt (CVE-2022-36635)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/baseOpLog.do"; bsize:13; http.request_body; content:"opTime"; fast_pattern; pcre:"/^(?:Begin|End)\=/PR"; content:"|27|"; distance:0; content:"|2f 2a|"; distance:0; content:"|2a 2f|"; distance:0; reference:url,medium.com/stolabs/cve-2022-36635-a-sql-injection-in-zksecuritybio-to-rce-c5bde2962d47; reference:cve,2022-36635; classtype:attempted-admin; sid:2039129; rev:1; metadata:affected_product IoT, attack_target IoT, created_at 2022_10_07, cve CVE_2022_36635, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_10_07, reviewed_at 2024_09_19, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)

References

urlmedium.com/stolabs/cve-2022-36635-a-sql-injection-in-zksecuritybio-to-rce-c5bde2962d47
cve2022-36635

Metadata

affected productIoT
attack targetIoT
created at2022_10_07
deploymentInternal
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2022_10_07
reviewed at2024_09_19
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!