""ET WEB_SPECIFIC_APPS e107 CMS backdoor access admin-access cookie and HTTP POST""
SID: 2010719
Revision: 3
Class Type: attempted-admin
Metadata: created_at 2010_07_30, updated_at 2017_05_11
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "POST " Depth: 5
-
Value: "|0d 0a|Cookie\: "
-
Value: "admin-access="
-
Value: "e107language_"
Within:
PCRE: "/Cookie: .*admin-access=/i"
Special Options:
-
nocase
-
nocase