alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; content:"union+select"; http_raw_uri; content:"select+user"; http_raw_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| MyIE2?"; fast_pattern:48,20; http_header; threshold: type threshold, track by_dst, count 2, seconds 30; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; classtype:attempted-recon; sid:2009833; rev:11; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, signature_severity Major, created_at 2010_07_30, updated_at 2016_07_01;)

Added 2017-08-07 21:02:57 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; content:"union+select"; http_raw_uri; content:"select+user"; http_raw_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| MyIE2?"; fast_pattern:48,20; http_header; threshold: type threshold, track by_dst, count 2, seconds 30; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; classtype:attempted-recon; sid:2009833; rev:11;)

Added 2014-08-27 17:48:58 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; content:"union+select"; http_raw_uri; content:"select+user"; http_raw_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| MyIE2?"; fast_pattern:48,20; http_header; threshold: type threshold, track by_dst, count 30, seconds 30; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; classtype:attempted-recon; sid:2009833; rev:10;)

Added 2014-08-21 18:10:24 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; content:"union+select"; http_raw_uri; content:"select+user"; http_raw_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| MyIE2?"; fast_pattern:43,5; http_header; threshold: type threshold, track by_dst, count 30, seconds 30; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; classtype:attempted-recon; sid:2009833; rev:9;)

Added 2011-12-19 18:45:35 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; content:"union+select"; http_raw_uri; content:"select+user"; http_raw_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| MyIE2?"; http_header; threshold: type threshold, track by_dst, count 30, seconds 30; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; classtype:attempted-recon; sid:2009833; rev:8;)

Added 2011-10-12 19:28:21 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; content:"union+select"; http_raw_uri; content:"select+user"; http_raw_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| MyIE2?"; http_header; threshold: type threshold, track by_dst, count 30, seconds 30; classtype:attempted-recon; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; sid:2009833; rev:8;)

Added 2011-09-14 22:41:39 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; content:"union+select"; http_raw_uri; content:"select+user"; http_raw_uri; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 6.0|3b| Windows NT 5.0|3b| MyIE2?"; http_header; threshold: type threshold, track by_dst, count 30, seconds 30; classtype:attempted-recon; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Witool; sid:2009833; rev:8;)

Added 2011-02-04 17:29:14 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; uricontent:"union+select"; uricontent:"select+user"; content:"|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.0\; MyIE2?"; threshold: type threshold, track by_dst, count 30, seconds 30; classtype:attempted-recon; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Witool; sid:2009833; rev:2;)

Added 2009-09-08 16:48:24 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; uricontent:"union+select"; uricontent:"select+user"; content:"|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.0\; MyIE2?"; threshold: type threshold, track by_dst, count 30, seconds 30; classtype:attempted-recon; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Witool; sid:2009833; rev:2;)

Added 2009-09-08 16:48:24 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; uricontent:"union+select"; uricontent:"select+user"; content:"|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.0\; MyIE2?"; threshold: type threshold, track by_dst, count 30, seconds 30; classtype:attempted-recon; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Witool; sid:2009833; rev:2;)

Added 2009-09-08 16:45:38 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; uricontent:"union+select"; uricontent:"select+user"; content:"|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.0\; MyIE2?"; threshold: type threshold, track by_dst, count 30, seconds 30; classtype:attempted-recon; reference:url,witool.sourceforge.net/; reference:url,doc.emergingthreats.net/2009833; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Witool; sid:2009833; rev:2;)

Added 2009-09-08 16:45:38 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET SCAN WITOOL SQL Injection Scan"; flow:to_server,established; uricontent:"union+select"; uricontent:"select+user"; content:"|0d 0a|User-Agent|3a| Mozilla/4.0 (compatible\; MSIE 6.0\; Windows NT 5.0\; MyIE2?"; threshold: type threshold, track by_dst, count 30, seconds 30; classtype:attempted-recon; reference:url,witool.sourceforge.net/; sid:2009833; rev:1;)

Added 2009-09-02 12:15:36 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats