ET WEB_SPECIFIC_APPS D-Link DCS932L setSystemAdmin/setSystemWizard AdminID Command Injection Attempt

SID: 2062710Rev: 119 views
Sourceet/open
CreatedJune 2, 2025
UpdatedJune 2, 2025
Classificationweb-application-attack
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS D-Link DCS932L setSystemAdmin/setSystemWizard AdminID Command Injection Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/setSystem"; startswith; fast_pattern; pcre:"/^(?:Admin|Wizard)/R"; http.request_body; content:"AdminID|3d|"; pcre:"/^[^\x26]*?(?:(?:\x3b|%3[Bb])|(?:\x0a|%0[Aa])|(?:\x60|%60)|(?:\x7c|%7[Cc])|(?:\x24|%24))+/R"; reference:url,github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_44/44.md; reference:url,github.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_42/42.md; classtype:web-application-attack; sid:2062710; rev:1; metadata:created_at 2025_06_02, signature_severity Unknown, updated_at 2025_06_02;)

References

urlgithub.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_44/44.md
urlgithub.com/wudipjq/my_vuln/blob/main/D-Link5/vuln_42/42.md

Metadata

created at2025_06_02
signature severityUnknown
updated at2025_06_02

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!