#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"xp_cmdshell"; nocase; http_header; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; classtype:web-application-attack; sid:2010119; rev:6;)

Added 2011-12-30 19:58:58 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"xp_cmdshell"; nocase; http_header; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; classtype:web-application-attack; sid:2010119; rev:6;)

Added 2011-12-30 19:24:07 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"xp_cmdshell"; nocase; http_header; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; classtype:web-application-attack; sid:2010119; rev:6;)

Added 2011-12-30 18:03:20 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"xp_cmdshell"; nocase; http_cookie; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; classtype:web-application-attack; sid:2010119; rev:5;)

Added 2011-10-12 19:28:58 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"xp_cmdshell"; nocase; http_cookie; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; sid:2010119; rev:5;)

Added 2011-09-14 22:42:14 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"xp_cmdshell"; nocase; http_cookie; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2010119; rev:5;)

Added 2011-02-04 17:29:34 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"|0d 0a|Cookie|3A|"; nocase; content:"xp_cmdshell"; nocase; within:200; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2010119; rev:4;)

Added 2010-07-29 15:02:20 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"|0d 0a|Cookie|3A|"; nocase; content:"xp_cmdshell"; nocase; within:200; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2010119; rev:4;)

Added 2010-07-29 15:02:20 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVERS xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"|0d 0a|Cookie|3A|"; nocase; content:"xp_cmdshell"; nocase; within:200; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2010119; rev:3;)

Added 2009-10-14 23:40:18 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVERS xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"|0d 0a|Cookie|3A|"; nocase; content:"xp_cmdshell"; nocase; within:200; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2010119; rev:3;)

Added 2009-10-14 23:40:18 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVERS xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"|0d 0a|Cookie|3A|"; nocase; content:"xp_cmdshell"; nocase; within:200; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2010119; rev:2;)

Added 2009-10-14 20:45:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVERS xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"|0d 0a|Cookie|3A|"; nocase; content:"xp_cmdshell"; nocase; within:200; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; reference:url,doc.emergingthreats.net/2010119; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cookie_SQL_Injection; sid:2010119; rev:2;)

Added 2009-10-14 20:45:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVERS xp_cmdshell Attempt in Cookie"; flow:established,to_server; content:"|0d 0a|Cookie|3A|"; nocase; content:"xp_cmdshell"; nocase; within:200; pcre:"/\x0a\x0dCookie\x3a[^\n]+xp_cmdshell/i"; classtype:web-application-attack; reference:url,,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm; reference:url,msdn.microsoft.com/en-us/library/ms175046.aspx; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=4072; sid:2010119; rev:1;)

Added 2009-10-14 17:30:38 UTC


Topic revision: r1 - 2011-12-31 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats