[Emerging-Sigs] SIG: ET WEB_SERVER base64_decode In HTTP POST - Potential Malicious Obfuscation Attempt

Travis Green tgreen at emergingthreats.net
Tue Sep 16 09:10:37 EDT 2014


Thanks Kevin, we'll get it into QA.

On Tue, Sep 16, 2014 at 2:27 AM, Kevin Ross <kevross33 at googlemail.com>
wrote:

> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET
> WEB_SERVER base64_decode In HTTP POST - Potential Malicious Obfuscation
> Attempt"; flow:established,to_server; content:"POST"; http_method;
> content:"base64_decode("; http_client_body;
> classtype:web-application-attack; sid:123991; rev:1;)
>
> Kind Regards,
> Kevin Ross
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
>
>
>


-- 
Public key: http://travisgreen.net/tgreen@emergingthreats.net.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20140916/868b9981/attachment.html>


More information about the Emerging-sigs mailing list