""ET EXPLOIT Possible TerraMaster TOS RCE Inbound (CVE-2020-28188 CVE-2020-35665)""
SID: 2031535
Revision: 4
Class Type: attempted-admin
Metadata: attack_target Server, created_at 2021_01_21, cve CVE_2020_28188, deployment Perimeter, deployment Internal, performance_impact Low, signature_severity Major, updated_at 2021_11_18
Reference:
-
cve
-
2020-35665
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: [$HOME_NET,$HTTP_SERVERS]
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "GET"
-
Value: "/makecvs.php?Event="
-
Value: "%20"
Within:
PCRE: "/\/makecvs.php\?Event=[^\r\n]+(?:[\x60\x3b\x7c]|%60|%3b|%7c|%26|(?:\x3c\x3e\x24]|%3c|%3e|%24)(?:\x28|%28))/U"
Special Options:
-
http_method
-
http_uri
-
fast_pattern
-
http_raw_uri