[Emerging-Sigs] SIG: ET WEB_SERVER base64_decode In HTTP POST - Potential Malicious Obfuscation Attempt

Kevin Ross kevross33 at googlemail.com
Tue Sep 16 04:27:43 EDT 2014


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET
WEB_SERVER base64_decode In HTTP POST - Potential Malicious Obfuscation
Attempt"; flow:established,to_server; content:"POST"; http_method;
content:"base64_decode("; http_client_body;
classtype:web-application-attack; sid:123991; rev:1;)

Kind Regards,
Kevin Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140916/1233a5bb/attachment.html>


More information about the Emerging-sigs mailing list