#alert http $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION%20"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; classtype:web-application-attack; sid:2009770; rev:6; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2010_07_30, updated_at 2016_07_01;)

Added 2017-08-07 21:02:54 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"UNION "; nocase; http_cookie; content:"SELECT"; nocase; http_cookie; pcre:"/UNION.+SELECT/Ci"; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; classtype:web-application-attack; sid:2009770; rev:9;)

Added 2011-10-12 19:28:14 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"UNION "; nocase; http_cookie; content:"SELECT"; nocase; http_cookie; pcre:"/UNION.+SELECT/Ci"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; sid:2009770; rev:9;)

Added 2011-09-14 22:41:31 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"UNION "; nocase; http_cookie; content:"SELECT"; nocase; http_cookie; pcre:"/UNION.+SELECT/Ci"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2009770; rev:9;)

Added 2011-02-04 17:29:09 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION%20"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2009770; rev:5;)

Added 2009-10-06 14:19:03 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION%20"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2009770; rev:5;)

Added 2009-10-06 14:19:03 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION%20"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Cookie_SQL_Injection; sid:2009770; rev:3;)

Added 2009-09-14 17:00:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION%20"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Cookie_SQL_Injection; sid:2009770; rev:3;)

Added 2009-09-14 17:00:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION%20"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Cookie_SQL_Injection; sid:2009770; rev:3;)

Added 2009-09-14 16:59:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION%20"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Cookie_SQL_Injection; sid:2009770; rev:3;)

Added 2009-09-14 16:59:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Cookie_SQL_Injection; sid:2009770; rev:2;)

Added 2009-08-22 16:45:39 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2009770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Cookie_SQL_Injection; sid:2009770; rev:2;)

Added 2009-08-22 16:45:39 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Possible UNION SELECT SQL Injection In Cookie"; flow:to_server,established; content:"|0d 0a|Cookie|3A|"; nocase; content:"UNION"; within:200; nocase; content:"SELECT"; nocase; distance:0; pcre:"/\x0a\x0dCookie\x3a[^\n]+UNION.+SELECT/i"; classtype:web-application-attack; reference:url,www.w3schools.com/sql/sql_union.asp; reference:url,www.w3schools.com/sql/sql_select.asp; reference:url,en.wikipedia.org/wiki/SQL_injection; reference:url,www.owasp.org/index.php/SQL_Injection; sid:2009770; rev:1;)

Added 2009-08-20 14:35:35 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats