EmergingThreats> Main Web>2006352 (revision 1)EditAttach

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"BLEEDING-EDGE TROJAN Matcash or related downloader User-Agent Detected"; flow:established,to_server; content:"User-Agent\: x"; pcre:"/x\w\wx\w\w\!x\w\wx\w\wx\w\w/"; classtype:trojan-activity; reference:url,doc.bleedingthreats.net/2006352; sid:2006352; rev:1;)

Added 2007-07-09 02:53:33 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ProNews? SQL Injection Attempt -- lire-avis.php aa UNION SELECT"; flow:established,to_server; uricontent:"/lire-avis.php?"; nocase; uricontent:"aa="; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6519; reference:url,www.securityfocus.com/bid/21516; sid:2006352; rev:1;)

Added 2007-06-18 10:16:18 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ProNews? SQL Injection Attempt -- lire-avis.php aa UNION SELECT"; flow:established,to_server; uricontent:"/lire-avis.php?"; nocase; uricontent:"aa="; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6519; reference:url,www.securityfocus.com/bid/21516; sid:2006352; rev:1;)

Added 2007-06-18 10:16:17 UTC


Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2007-07-09 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats