Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Offer a new sig for detecting Zabbix latest.php SQL Injection vulnerability

From: rmkml <rmkml () ligfy org>
Date: Sat, 27 Aug 2016 22:58:51 +0200 (CEST)
Hi,

The http://etplc.org open source project offer a new sig for detecting Zabbix latest.php SQL Injection vulnerability:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-PHP Zabbix <v3.0.4 latest.php toggle_ids[] param SQL 
Injection attempt";
flow:to_server,established; content:"/latest.php?"; nocase; http_uri; content:"toggle_ids[]="; nocase; distance:0; 
http_uri; content:"|3b|";
distance:0; http_uri; pcre:"/\/latest\.php\?[^\n]*?\btoggle_ids\[\]=[^\&]*?\;/Ui";
reference:url,support.zabbix.com/browse/ZBX-11023;
classtype:web-application-activity; sid:1; rev:1;)

See reference for more information.

Don't forget check variables.

Please send any comments.

Regards
@Rmkml

------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: