alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UNION SELECT"; flow:established,to_server; content:"/wp-admin/admin-ajax.php?"; http_uri; nocase; content:"cookie="; http_uri; nocase; content:"UNION"; http_uri; nocase; pcre:"/UNION\s+SELECT/Ui"; reference:cve,CVE-2007-2821; reference:url,www.securityfocus.com/bid/24076; reference:url,doc.emergingthreats.net/2004012; classtype:web-application-attack; sid:2004012; rev:7; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, deployment Datacenter, tag SQL_Injection, tag Wordpress, signature_severity Major, created_at 2010_07_30, updated_at 2019_09_26;)
时间: 2024-03-30 18:34:24 浏览: 151
这是一个用于检测 WordPress 网站是否存在 SQL 注入漏洞的 Snort 规则。当攻击者尝试在 WordPress 的 admin-ajax.php 页面进行 SQL 注入攻击时,该规则将会被触发,并产生相应的警报。该规则主要是通过检查 HTTP 请求中是否包含 "/wp-admin/admin-ajax.php?"、"cookie=" 和 "UNION" 字符串以及是否符合正则表达式 "/UNION\s+SELECT/Ui" 以判断是否存在 SQL 注入攻击。同时,该规则还包含了一些元数据信息,如受影响的产品、攻击目标、部署环境等。
阅读全文