Snort mailing list archives
SQLi Injection Attempts
From: "Stanwyck, Carraig - ASOC, Kansas City, MO" <Carraig.Stanwyck () asoc usda gov>
Date: Wed, 19 Oct 2016 20:41:47 +0000
Good Evening, We saw a surge in injection attempts using UAs with "testitest" in them. "testitest (test () boogle com)" and "testitest (test () testitest com)" alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLACKLIST User Agent (SQLi Injection / Scanning)"; flow:established,to_server; content:"testitest"; http_header; fast_pattern; reference:url,en.wikipedia.org/wiki/SQL_injection; classtype:web-application-attack; sid:123456789; rev:1;) Carraig Stanwyck USDA | OCIO | ASOC This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- SQLi Injection Attempts Stanwyck, Carraig - ASOC, Kansas City, MO (Oct 19)
- Re: SQLi Injection Attempts Joshua Williams (Oct 24)