""ET EXPLOIT Possible MySQL CVE-2016-6662 Attempt""
SID: 2023201
Revision: 1
Class Type: attempted-admin
Metadata: affected_product MySQL, attack_target Server, created_at 2016_09_13, cve CVE_2016_6662, deployment Datacenter, updated_at 2016_09_13
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 3306
Flow: established,to_server
Contents:
- Value: "|03|"
Offset: 4
-
Value: "unhex"
-
Value: "67656e6572616c5f6c6f675f66696c65"
-
Value: "2e636e66"
-
Value: "6e6d616c6c6f635f6c6962"
Within:
PCRE:
Special Options:
-
nocase
-
nocase
-
nocase