alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER PHP WebShell? Embedded In PNG (INBOUND)"; flow:established,from_server; file_data; content:"PNG|0D 0A 1A 0A|"; distance:1; within:7; content:"<?php"; fast_pattern; distance:0; reference:url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html; classtype:successful-admin; sid:2017609; rev:4; metadata:created_at 2013_10_17, updated_at 2021_03_08;)

Added 2021-03-08 18:47:28 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER PHP WebShell? Embedded In PNG (INBOUND)"; flow:established,from_server; file_data; content:"PNG|0D 0A 1A 0A|"; distance:1; within:7; content:"<?php"; fast_pattern; distance:0; reference:url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html; classtype:successful-admin; sid:2017609; rev:3; metadata:created_at 2013_10_17, updated_at 2013_10_17;)

Added 2018-09-13 19:47:53 UTC

Added 2018-09-13 17:58:07 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER PHP WebShell? Embedded In PNG (INBOUND)"; flow:established,from_server; file_data; content:"PNG|0D 0A 1A 0A|"; distance:1; within:7; content:"<?php"; fast_pattern; distance:0; reference:url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html; classtype:successful-admin; sid:2017609; rev:3; metadata:created_at 2013_10_17, updated_at 2013_10_17;)

Added 2017-08-07 21:11:32 UTC

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HTTP_SERVERS any (msg:"ET WEB_SERVER PHP WebShell? Embedded In PNG (INBOUND)"; flow:established,from_server; file_data; content:"PNG|0D 0A 1A 0A|"; distance:1; within:7; content:"<?php"; fast_pattern; distance:0; reference:url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html; classtype:successful-admin; sid:2017609; rev:1;)

Added 2013-10-17 17:28:11 UTC