""ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 12""

SID: 2019433

Revision: 1

Class Type: web-application-attack

Metadata: created_at 2014_10_16, cve CVE_2014_3704, updated_at 2014_10_16

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "n%61m%65%5b"

Within:

PCRE: "/(?:^|&|Content-Disposition[\x3a][^\n]?name\s?=\s?[\x22\x27])n\%61m\%65\%5b[^\x5d]?\W/Pi"

Special Options:

• nocase

• http_client_body

source