CVE-2016-10134 Exploitation Attempt

Aug 21, 2020 ·

Detection the exploit attempt of SQL injection

Sigma rule (View on GitHub)

 1title: CVE-2016-10134 Exploitation Attempt
 2id: 23fadb73-7371-4662-9f10-1e39922999d6
 3status: experimental
 4description: Detection the exploit attempt of SQL injection
 5references:
 6  - https://darkless.cn/2019/08/03/zabbix-sql-injection/
 7author: Loginsoft Research Unit 
 8date: 2020/07/03
 9logsource:
10  product: Zabbix
11detection:
12  selection1:
13    c-uri: '/latest.php'
14    c-uri-query|contains:
15      -  'toggle_ids[]='
16  selection2:
17    c-uri: '/jsrpc.php'
18    c-uri-query|contains:
19      - 'profileIdx2='
20  keywords:
21    - ');*'
22    - 'updatexml*'
23    - '*'''
24  condition: (selection1 or selection2) and keywords
25falsepositives:
26  - Unknown
27level: critical```

References

zabbix SQL注入（CVE-2016-10134） | darkless

网络与信息安全博客

Read More

CVE-2016-10134 Exploitation Attempt

Sigma rule (View on GitHub)

References

zabbix SQL注入（CVE-2016-10134） | darkless