ET EXPLOIT MySQL (Linux) Database Privilege Elevation (Exploit Specific)

7.0.35.0SID: 2015992Rev: 9Disabled2 views
Sourceet/open
Fileemerging-exploit.rules
CreatedDecember 6, 2012
UpdatedApril 11, 2024
Classificationattempted-user
alert tcp $EXTERNAL_NET any -> $SQL_SERVERS 3306 (msg:"ET EXPLOIT MySQL (Linux) Database Privilege Elevation (Exploit Specific)"; flow:established,to_server; content:"|03|"; offset:3; depth:4; content:"select |27|TYPE=TRIGGERS|27| into outfile|27|"; nocase; pcre:"/\s*?\/.+?\.TRG\x27\s*?LINES TERMINATED BY \x27\x5fntriggers=/Ri"; content:"CREATE DEFINER=|60|root|60|@|60|localhost|60|"; nocase; distance:0; pcre:"/\s+?trigger\s+?[^\x20]+?\s+?after\s+?insert\s+?on\s+?/Ri"; content:"UPDATE mysql.user"; nocase; fast_pattern; reference:cve,2012-5613; reference:url,seclists.org/fulldisclosure/2012/Dec/6; classtype:attempted-user; sid:2015992; rev:9; metadata:created_at 2012_12_06, signature_severity Major, updated_at 2024_04_11;)

Metadata

created at2012_12_06
signature severityMajor
updated at2024_04_11

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!