Freitag, 17. Oktober 2014

Ruleset-Update: Drupal SQLI & RCE-Exploit Attempt (CVE-2014-3704)

please note: the sig is against the exploit/POC and wouldnt hold against fancy urlencoding like "name%5b" 

BUT: the attack WILL be blocked by naxsi because of 3 rules from core-rule-set at least, thus my sig is for the attack, not the vuln. emerging sigs have all possible encodings,

 Emerging Threat Signatures:



MainRule "str:name[0%20" "msg:Drupal SQLI & RCE-Exploit Attempt (CVE-2014-3704)" "mz:BODY" "s:$ATTACK:8" id:42000399  ;

The Rule has been pushed to Doxi-Rules at 2014-10-16 already:

Keine Kommentare:

Kommentar veröffentlichen