ATTACK [PTsecurity] Apache Continuum <= v1.4.2 CMD Injection

SID: 10000048Rev: 10 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationweb-application-attack
alert http any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Apache Continuum <= v1.4.2 CMD Injection"; content:"POST"; http_method; content:"/continuum/saveInstallation.action"; offset:0; depth:34; http_uri; content:"installation.varValue="; nocase; http_client_body; pcre:!"/^\$?[\sa-z\\_0-9.-]*(\&|$)/iRP"; flow:to_server, established; classtype:web-application-attack; reference:url, exploit-db.com/exploits/39886; reference:url, github.com/ptresearch/AttackDetection; sid:10000048; rev:1;)

References

urlexploit-db.com/exploits/39886
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!