CVE-2018-12613 Exploitation Attempt

calendar Aug 21, 2020  ·
Share on: linkedin copy

Detection the attempt of Improper Authentication

Sigma rule (View on GitHub)

 1title: CVE-2018-12613 Exploitation Attempt
 2id: 2296f0c9-2f64-4c06-a347-b35887f9ee74
 3status: experimental
 4description: Detection the attempt of Improper Authentication
 5references:
 6  - https://www.exploit-db.com/exploits/44924
 7  - https://mp.weixin.qq.com/s/HZcS2HdUtqz10jUEN57aog
 8author: Loginsoft Research Unit 
 9date: 2020/07/03
10logsource:
11  product: phpMyAdmin
12detection:
13  selection:
14    c-uri: '/index.php'
15    c-uri-query|contains:
16     - 'target=db_sql.php%253f/../'
17  condition: selection
18falsepositives:
19  - Unknown
20level: medium```

References

to-top