alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"ET EXPLOIT Possible ProFTPD? mod_sql Username SQL Injection"; flow:established,to_server; content:"USER"; depth:4; content:"UNION"; within:200; nocase; content:"SELECT"; distance:0; nocase; content:"uid"; nocase; pcre:"/UNION.+SELECT/i"; classtype:attempted-user; reference:url,www.securityfocus.com/bid/33722; sid:2009974; rev:1;)

Added 2009-09-24 10:45:36 UTC


Topic revision: r1 - 2009-09-24 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats