[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Offer a new sig for detecting Zabbix latest.php SQL Injection vulnerability
From: rmkml <rmkml () yahoo ! fr>
Date: 2016-08-27 20:58:24
Message-ID: alpine.DEB.2.20.1608272255170.5258 () vostro
[Download RAW message or body]
Hi,
The http://etplc.org open source project offer a new sig for detecting Zabbix \
latest.php SQL Injection vulnerability:
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-PHP Zabbix <v3.0.4 \
latest.php toggle_ids[] param SQL Injection attempt"; flow:to_server,established; \
content:"/latest.php?"; nocase; http_uri; content:"toggle_ids[]="; nocase; \
distance:0; http_uri; content:"|3b|"; distance:0; http_uri; \
pcre:"/\/latest\.php\?[^\n]*?\btoggle_ids\[\]=[^\&]*?\;/Ui"; \
reference:url,support.zabbix.com/browse/ZBX-11023; \
classtype:web-application-activity; sid:1; rev:1;)
See reference for more information.
Don't forget check variables.
Please send any comments.
Regards
@Rmkml
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro \
http://www.emergingthreats.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic