alert http any any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS [PT OPEN] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)"; flow:established,to_server; content:"/user/register"; http_uri; content:"POST"; http_method; content:"drupal"; http_client_body; pcre:"/(%23|#)(access_callback|pre_render|post_render|lazy_builder)/Pi"; metadata: former_category WEB_SPECIFIC_APPS; reference:cve,2018-7600; reference:url,; classtype:attempted-admin; sid:2025494; rev:2; metadata:affected_product Drupal_Server, attack_target Web_Server, deployment Datacenter, signature_severity Major, created_at 2018_04_13, updated_at 2018_04_13;)

Added 2018-04-13 17:29:04 UTC

Topic revision: r1 - 2018-04-13 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats