ATTACK [PTsecurity] Possible Mikrotik Router OS 6.38.4 Stack Clash RCE

SID: 10002459Rev: 20 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Possible Mikrotik Router OS 6.38.4 Stack Clash RCE"; flow:established, to_server; content:"POST"; http_method; content:"/jsproxy"; http_uri; fast_pattern; content:"Content-Length: "; http_header; content:!"|0D|"; within:6; http_header; byte_test:0, =, 167936, 0, relative, string; threshold:type both, track by_src, count 2, seconds 5; reference:url, github.com/BigNerd95/Chimay-Red/blob/master/StackClashMIPS.py; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002459; rev:2;)

References

urlgithub.com/BigNerd95/Chimay-Red/blob/master/StackClashMIPS.py
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!