alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT D-Link bsc_wlan.php Security Bypass"; flow:established,to_server; content:"POST"; nocase; http_method; content:"/bsc_wlan.php"; nocase; http_uri; content:"ACTION_POST=final&"; nocase; http_client_body; content:"&f_ssid="; nocase; http_client_body; content:"&f_authentication=7&"; nocase; http_client_body; within:135; content:"f_cipher=2&"; nocase; http_client_body; content:"f_wep_len=&f_wep_format=&f_wep_def_key=&"; nocase; http_client_body; within:40; content:"&f_wep=&f_wpa_psk_type=1&f_wpa_psk="; nocase; http_client_body; content:"&f_radius_ip1=&f_radius_port1=&f_radius_secret1="; nocase; http_client_body; within:70; reference:url,packetstormsecurity.org/files/view/96100/dlinkwlan-bypass.txt; classtype:web-application-attack; sid:2012103; rev:5;)

Added 2012-03-12 19:45:50 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT D-Link bsc_wlan.php Security Bypass"; flow:established,to_server; content:"POST"; nocase; http_method; content:"/bsc_wlan.php"; nocase; http_uri; content:"ACTION_POST=final&"; nocase; http_client_body; content:"&f_ssid="; nocase; http_client_body; content:"&f_authentication=7&"; nocase; http_client_body; within:135; content:"f_cipher=2&"; nocase; http_client_body; content:"f_wep_len=&f_wep_format=&f_wep_def_key=&"; nocase; http_client_body; within:40; content:"&f_wep=&f_wpa_psk_type=1&f_wpa_psk="; nocase; http_client_body; content:"&f_radius_ip1=&f_radius_port1=&f_radius_secret1="; nocase; http_client_body; within:70; reference:url,packetstormsecurity.org/files/view/96100/dlinkwlan-bypass.txt; classtype:web-application-attack; sid:2012103; rev:5;)

Added 2012-03-12 19:45:04 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT D-Link bsc_wlan.php Security Bypass"; flow:established,to_server; content:"POST"; http_method; content:"|2f|bsc|5f|wlan|2e|php"; nocase; distance:0; content:"|0d 0a 0d 0a|ACTION|5f|POST|3d|final|26|"; nocase; distance:0; content:"|26|f|5f|ssid|3d|"; nocase; content:"|26|f|5f|authentication|3d|7|26|"; nocase; distance:0; within:135; content:"f|5f|cipher|3d|2|26|"; nocase; content:"f|5f|wep|5f|len|3d 26|f|5f|wep|5f|format|3d 26|f|5f|wep|5f|def|5f|key|3d 26|"; nocase; distance:0; within:40; content:"|26|f|5f|wep|3d 26|f|5f|wpa|5f|psk|5f|type|3d|1|26|f|5f|wpa|5f|psk|3d|"; nocase; content:"&f|5f|radius|5f|ip1|3d 26|f|5f|radius|5f|port1|3d 26|f|5f|radius|5f|secret1|3d|"; nocase; distance:0; within:70; reference:url,packetstormsecurity.org/files/view/96100/dlinkwlan-bypass.txt; classtype:web-application-attack; sid:2012103; rev:2;)

Added 2011-10-12 19:33:28 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT D-Link bsc_wlan.php Security Bypass"; flow:established,to_server; content:"POST"; http_method; content:"|2f|bsc|5f|wlan|2e|php"; nocase; distance:0; content:"|0d 0a 0d 0a|ACTION|5f|POST|3d|final|26|"; nocase; distance:0; content:"|26|f|5f|ssid|3d|"; nocase; content:"|26|f|5f|authentication|3d|7|26|"; nocase; distance:0; within:135; content:"f|5f|cipher|3d|2|26|"; nocase; content:"f|5f|wep|5f|len|3d 26|f|5f|wep|5f|format|3d 26|f|5f|wep|5f|def|5f|key|3d 26|"; nocase; distance:0; within:40; content:"|26|f|5f|wep|3d 26|f|5f|wpa|5f|psk|5f|type|3d|1|26|f|5f|wpa|5f|psk|3d|"; nocase; content:"&f|5f|radius|5f|ip1|3d 26|f|5f|radius|5f|port1|3d 26|f|5f|radius|5f|secret1|3d|"; nocase; distance:0; within:70; classtype: web-application-attack; reference:url,packetstormsecurity.org/files/view/96100/dlinkwlan-bypass.txt; sid:2012103; rev:2;)

Added 2011-02-04 17:31:58 UTC


Topic revision: r1 - 2012-03-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats