alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"ET EXPLOIT MySQL? (Linux) Database Privilege Elevation (Exploit Specific)"; flow:to_server,established; content:"|03|"; offset:3; depth:4; content:"select |27|TYPE=TRIGGERS|27| into outfile|27|"; nocase; pcre:"/\s*?\/.+?\.TRG\x27\s*?LINES TERMINATED BY \x27\x5fntriggers=/Ri"; content:"CREATE DEFINER=|60|root|60|@|60|localhost|60|"; nocase; distance:0; pcre:"/\s+?trigger\s+?[^\x20]+?\s+?after\s+?insert\s+?on\s+?/Ri"; content:"UPDATE mysql.user"; nocase; fast_pattern:only; reference:cve,2012-5613; reference:url,seclists.org/fulldisclosure/2012/Dec/6; classtype:attempted-user; sid:2015992; rev:7;)

Added 2015-04-03 18:58:47 UTC


alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"ET EXPLOIT MySQL? (Linux) Database Privilege Elevation (Exploit Specific)"; flow:to_server,established; content:"|03|"; offset:3; depth:4; content:"select |27|TYPE=TRIGGERS|27| into outfile|27|"; nocase; pcre:"/\s*?\/.+?\.TRG\x27\s*?LINES TERMINATED BY |27 5f|ntriggers=/Ri"; content:"CREATE DEFINER=|60|root|60|@|60|localhost|60|"; nocase; distance:0; pcre:"/\s+?trigger\s+?[^\x20]+?\s+?after\s+?insert\s+?on\s+?/Ri"; content:"UPDATE mysql.user"; nocase; fast_pattern:only; reference:cve,2012-5613; reference:url,seclists.org/fulldisclosure/2012/Dec/6; classtype:attempted-user; sid:2015992; rev:6;)

Added 2012-12-05 22:06:20 UTC


Topic revision: r1 - 2015-04-03 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats