ET EXPLOIT Possible Microsoft SQL RCE Attempt (CVE-2020-0618)

7.0.35.0SID: 2029476Rev: 3Enabled1 views
Sourceet/open
Fileemerging-exploit.rules
CreatedFebruary 18, 2020
UpdatedApril 20, 2024
Classificationweb-application-attack
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Microsoft SQL RCE Attempt (CVE-2020-0618)"; flow:established,to_server; urilen:37; http.method; content:"POST"; http.uri; content:"/ReportServer/pages/ReportViewer.aspx"; http.request_body; content:"NavigationCorrector|24|PageState|3d|NeedsCorrection|26|NavigationCorrector|24|ViewState|3d|"; startswith; fast_pattern; content:"|26 5f 5f|VIEWSTATE|3d|"; endswith; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:url,github.com/euphrat1ca/CVE-2020-0618; classtype:web-application-attack; sid:2029476; rev:3; metadata:affected_product Web_Server_Applications, attack_target Client_Endpoint, created_at 2020_02_18, cve CVE_2020_0618, deployment Perimeter, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_04_20, reviewed_at 2024_02_29;)

Metadata

affected productWeb_Server_Applications
attack targetClient_Endpoint
created at2020_02_18
deploymentPerimeter
confidenceMedium
signature severityMajor
tagCISA_KEV
updated at2024_04_20
reviewed at2024_02_29

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!