""ET WEB_SERVER Oracle BEA Weblogic Server 10.3 searchQuery XSS attempt""

SID: 2009644

Revision: 5

Class Type: web-application-attack

Metadata: created_at 2010_07_30, updated_at 2010_07_30

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 7011

Flow: to_server,established

Contents:

  • Value: "GET " Depth: 4

  • Value: "/consolehelp/console-help.portal"

  • Value: "searchQuery="

  • Value: "script"

Within:

PCRE: "/<?(java|vb)?script>?.*<.+\/script>?/i"

Special Options:

  • nocase

  • nocase

  • nocase

source