Quantcast
Viewing all articles
Browse latest Browse all 16039

General • Re: Many "payload missing: SA" & "payload missing: NONCE" on 7.9

Hello,

what is proper expression? I tried
- ;bash -c \"curl [0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\\/t \\| sh\";echo -n
- ;bash -c \"curl [0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\"

but still error logs payload missing: SA ...
Thanks.

It's funny to find on the Internet my own solution, which I published on another resource.
But this is not a complete solution.
1) There is an error in the syntax, see point 2.
2) This expression was created as a test expression to exclude THEORETICAL false positives, еherefore, it does not catch similar attacks with another instruction. Right now I'm using the expression ;bash -c "curl [0-9]+\.[0-9]+\.[0-9]+\.[0-9]
3) it protects against payload messing:sa. What kind of payload missing: nonce I don't know at the moment and want to know. The day before yesterday I caught 2 events.

Statistics: Posted by durip — Tue Dec 26, 2023 7:44 pm



Viewing all articles
Browse latest Browse all 16039

Trending Articles