[Snort-sigs] DotNetNuke DreamSlider arbitrary file download signature

Y M snort at outlook.com
Thu Jan 4 13:16:51 EST 2018


Hi,


The title explains it. No cve or pcaps available for this one.


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP DotNetNuke DreamSlider arbitrary file download attempt"; flow:to_server,established; content:"GET"; http_method; content:"/DesktopModules/DreamSlider/DownloadProvider.aspx?"; fast_pattern:only; nocase; http_uri; content:"file="; distance:0; nocase; http_uri; content:"Cookie"; http_header; metadata:ruleset community, service http; reference:url,www.exploit-db.com/exploits/43405/; classtype:web-application-attack; sid:9000008; rev:1;)


Thanks.

YM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180104/16d56a1c/attachment.html>


More information about the Snort-sigs mailing list