""ET WEB_SPECIFIC_APPS PHP Volunteer Management id parameter Cross-Site Scripting Attempt""

SID: 2014647

Revision: 3

Class Type: web-application-attack

Metadata: created_at 2012_04_28, updated_at 2022_05_03

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "/mods/hours/data/get_hours.php?"

  • Value: "take="

  • Value: "skip="

  • Value: "pageSize="

  • Value: "id="

Within:

PCRE: "/id\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ui"

Special Options:

  • http_uri

  • nocase

  • http_uri

  • nocase

  • http_uri

  • nocase

  • http_uri

  • nocase

  • http_uri

  • nocase

source