Snort mailing list archives
Offer a new sig for detecting Zabbix latest.php SQL Injection vulnerability
From: rmkml <rmkml () ligfy org>
Date: Sat, 27 Aug 2016 22:58:51 +0200 (CEST)
Hi, The http://etplc.org open source project offer a new sig for detecting Zabbix latest.php SQL Injection vulnerability: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-PHP Zabbix <v3.0.4 latest.php toggle_ids[] param SQL Injection attempt"; flow:to_server,established; content:"/latest.php?"; nocase; http_uri; content:"toggle_ids[]="; nocase; distance:0; http_uri; content:"|3b|"; distance:0; http_uri; pcre:"/\/latest\.php\?[^\n]*?\btoggle_ids\[\]=[^\&]*?\;/Ui"; reference:url,support.zabbix.com/browse/ZBX-11023; classtype:web-application-activity; sid:1; rev:1;) See reference for more information. Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Offer a new sig for detecting Zabbix latest.php SQL Injection vulnerability rmkml (Aug 27)