ET EXPLOIT Linksys WRT54G Version 3.1 Command Injection Attempt
Sourceet/open
Fileemerging-exploit.rules
CreatedMarch 24, 2020
UpdatedApril 20, 2024
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Linksys WRT54G Version 3.1 Command Injection Attempt"; flow:established,to_server ; http.method; content:"POST"; http.header; header_lowercase; content:"authorization|3a 20|Basic|20|"; http.uri; content:"/apply.cgi"; startswith; http.request_body; content:"change_action=gozila_cgi"; fast_pattern; content:"submit_type=language"; content:"&ui_language="; pcre:"/^[(?:\x60|%60)(?:\x27|%27)]/R" ; reference:url,nstarke.github.io/0034-linksys-wrt54g-v3.1-writeup.html ; classtype:attempted-admin; sid:2029734; rev:2; metadata:created_at 2020_03_24, confidence High, signature_severity Major, updated_at 2024_04_20, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services;)
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!