[Emerging-Sigs] Signature for WebSpell SQL Injection Vulnerability

dave richards dave.richards0319 at gmail.com
Sat Oct 30 06:47:27 EDT 2010


Hi Matt,

Please find the signature for the following,

*Webspell wCMS-Clanscript Blind SQL Injection Vulnerability*

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET
WEB_SPECIFIC_APPS Webspell wCMS-Clanscript staticID Parameter SQL Injection
Attempt"; flow:established,to_server; content:"GET "; depth:4;
uricontent:"/index.php?"; nocase; uricontent:"site=static"; nocase;
uricontent:"staticID="; nocase; uricontent:"ASCII"; nocase;
uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui";
classtype:web-application-attack; reference:url,
exploit-db.com/exploits/15152/; sid:20101118; rev:1;)

-- 
Regards,
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101030/69517172/attachment.html


More information about the Emerging-sigs mailing list