""ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27""

SID: 2019448

Revision: 1

Class Type: web-application-attack

Metadata: created_at 2014_10_16, cve CVE_2014_3704, updated_at 2014_10_16

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "%6e%61m%65["

Within:

PCRE: "/(?:^|&|Content-Disposition[\x3a][^\n]?name\s?=\s?[\x22\x27])\%6e\%61m\%65[[^\x5d]?\W/Pi"

Special Options:

• nocase

• http_client_body

source