[Oisf-users] Can anyone give me some help for a suricata rule
bush
djw25521 at 163.com
Wed Dec 12 02:51:55 UTC 2018
Hi
I write a rule to detect single quotes('), number sign(#), semicolon(;), and line-through(--) which appear in HTTP connections; But when i test it, i found the rule can not detect these signs. I do not know what is wrong with this rule. Can anyone give me some help to take a look at it.
The rule:
alert tcp $EXTERNAL_NET any <> $HTTP_SERVERS any (msg:"SQL Injection - Paranoid"; flow:established; content:"http"; nocase; http_raw_uri; pcre:"/((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(%23)|(\#)|(\%3B)|(\;))/Ii"; classtype:web-application-attack; sid:30000000; rev:1;)
Thanks.
Best Regards
DeJin Wang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181212/2dd3248f/attachment.html>
More information about the Oisf-users
mailing list