""ET WEB_SERVER ASP.NET Forms Authentication Bypass""
SID: 2014100
Revision: 2
Class Type: attempted-user
Metadata: created_at 2012_01_03, cve CVE_2011_3416, updated_at 2012_01_06
Reference:
-
cve
-
2011-3416
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
-
Value: "/CreatingUserAccounts.aspx"
-
Value: "CreateUserStepContainer"
-
Value: "UserName="
-
Value: "%00"
Within:
PCRE: "/UserName\x3d[^\x26]+\x2500/"
Special Options:
- http_uri