[Emerging-Sigs] Signature for WebSpell SQL Injection Vulnerability

Matthew Jonkman jonkman at emergingthreatspro.com
Sun Oct 31 13:57:54 EST 2010


Posting now, thanks Dave!

Matt

On Oct 30, 2010, at 6:47 AM, dave richards wrote:

> Hi Matt,
> 
> Please find the signature for the following,
> 
> Webspell wCMS-Clanscript Blind SQL Injection Vulnerability
> 
> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Webspell wCMS-Clanscript staticID Parameter SQL Injection Attempt"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/index.php?"; nocase; uricontent:"site=static"; nocase; uricontent:"staticID="; nocase; uricontent:"ASCII"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:url,exploit-db.com/exploits/15152/; sid:20101118; rev:1;)
> 
> -- 
> Regards,
> Dave
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20101031/970b5483/attachment.html


More information about the Emerging-sigs mailing list