Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SQLi Injection Attempts

From: "Stanwyck, Carraig - ASOC, Kansas City, MO" <Carraig.Stanwyck () asoc usda gov>
Date: Wed, 19 Oct 2016 20:41:47 +0000
Good Evening,

We saw a surge in injection attempts using UAs with "testitest" in them.  "testitest (test () boogle com)" and 
"testitest (test () testitest com)"

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"BLACKLIST User Agent (SQLi Injection / Scanning)"; 
flow:established,to_server; content:"testitest"; http_header; fast_pattern; 
reference:url,en.wikipedia.org/wiki/SQL_injection; classtype:web-application-attack; sid:123456789; rev:1;)

Carraig Stanwyck
USDA | OCIO | ASOC





This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized 
interception of this message or the use or disclosure of the information it contains may violate the law and subject 
the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the 
sender and delete the email immediately.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: