""ET EXPLOIT Possible MySQL cnf overwrite CVE-2016-6662 Attempt""
SID: 2023202
Revision: 1
Class Type: attempted-admin
Metadata: affected_product MySQL, attack_target Server, created_at 2016_09_13, cve CVE_2016_6662, deployment Datacenter, updated_at 2016_09_13
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 3306
Flow: established,to_server
Contents:
- Value: "|03|"
Offset: 4
-
Value: "global_log_dir"
-
Value: ".cnf"
-
Value: "nmalloc_lib"
Within:
PCRE:
Special Options:
-
nocase
-
nocase