alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET CURRENT_EVENTS webshell used In timthumb attacks GIF98a 16129xX with PHP"; flow:to_client,established; file_data; content:"|0d 0a 0d 0a|GIF89a|01 3f|"; content:"<?"; within:720; reference:url,blog.sucuri.net/2012/05/list-of-domains-hosting-webshells-for-timthumb-attacks.html; classtype:web-application-attack; sid:2014848; rev:3; metadata:created_at 2012_06_01, updated_at 2012_06_01;)

Added 2017-08-07 21:08:17 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET CURRENT_EVENTS webshell used In timthumb attacks GIF98a 16129xX with PHP"; flow:to_client,established; file_data; content:"GIF89a|01 3f|"; within:8; content:"<?"; within:720; reference:url,blog.sucuri.net/2012/05/list-of-domains-hosting-webshells-for-timthumb-attacks.html; classtype:web-application-attack; sid:2014848; rev:1;)

Added 2012-06-01 19:03:42 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats