ATTACK [PTsecurity] DHCP Client Script WPAD option OS Command Injection (CVE-2018-1111)

SID: 10002971Rev: 20 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert udp any 67 -> $HOME_NET 68 (msg:"ATTACK [PTsecurity] DHCP Client Script WPAD option OS Command Injection (CVE-2018-1111)"; content:"|63 82 53 63|"; fast_pattern; content:"|FC|"; distance:0; byte_extract:1, 0, length, relative; content:"'"; within:length; pcre:"/[\x79\x28-\x2a\x77\xf9\x21\x2a\x35\x36\x33\x3a\x3b\x01-\x0f\x1a\x1c]/"; content:!"|00|"; within:1; content:!"|01|"; within:1; content:!"|02|"; within:1; byte_jump:1, 0, relative; content:"|FC|"; within:1; byte_extract:1, 0, length, relative; content:"'"; within:length; reference:cve, 2018-1111; reference:url, dynoroot.ninja; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002971; rev:2;)

References

cve	2018-1111
url	dynoroot.ninja
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!