alert http any any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS [eSentire] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)"; flow:established,to_server; content:"GET"; http_method; content:"user/password&name"; http_uri; nocase; fast_pattern; pcre:"/^\[(?:%(?:25)?23|#)\s*(?:access_callback|pre_render|post_render|lazy_builder)/URi"; content:"markup|5d 3d|"; nocase; http_uri; distance:0; metadata: former_category WEB_SPECIFIC_APPS; reference:cve,2018-7600; reference:url,research.checkpoint.com/uncovering-drupalgeddon-2; classtype:attempted-admin; sid:2025646; rev:1; metadata:affected_product Drupal_Server, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2018_07_10, performance_impact Moderate, updated_at 2018_07_10;)

Added 2018-07-10 17:07:06 UTC


Topic revision: r1 - 2018-07-10 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats