alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORT (msg: "[WEB-ATTACKS] Suspicious User-Agent Containing SQL Inject/ion, Likely SQL Injection Scanner"; content: "User-Agent"; content: "SQL"; nocase; content: "Inject"; nocase; parse_src_ip: 1; parse_dst_ip: 2; reference:url,www.owasp.org/index.php/SQL_Injection; reference:url,doc.emergingthreats.net/2010087; flowbits: set, recon, 86400; classtype:attempted-recon; sid:5001820; rev:2;)

-- Main.Sagan-Wiki-Add - 2015-10-21

New revisions of 5001820 will be below...

Topic revision: r1 - 2015-10-21 - Sagan-Wiki-Add
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback