Login
| Title | Size | Downloads |
|---|---|---|
| V7-WAF-1.0.34.dat | 2.03 MB |
Version number
V7-WAF-1.0.34
MD5 number
7afd7c6ce337550d71bc3906d3fc35aa
Update time
2024-08-15
Update attack list
Key new rules:
------------------------------
49177 Generic_System_Command_for_keyword_Null_$IFS_Execution
---- Category: Vulnerability
---- Description:
---- Command attackers execute arbitrary Linux commands by replacing spaces with special characters.
49199 Generic_Windows_Powershell_Script_Download_Traffic_msxsl(HTTP)
---- Category: Vulnerability
---- Description:
---- The general Windows_Powershell script download traffic rule detects the risk by detecting the Windows_Powershell code snippet in the http response. If the requester is a server, it is more suspicious. It is possible that the server is infected with a virus and automatically downloads the Powershell script from the external network. You can manually make a risk judgment based on the entire content of the script.
49204 Generic_Axis_Remote_Code_Execution_Exploit_By_SSRF_or_XXE
---- Category: Vulnerability
---- Description:
---- When a certain system uses Apache Axis 1.4 components and there are SSRF or XXE vulnerabilities, attackers can combine and utilize Axis local AdminService to deploy malicious services, resulting in remote code execution vulnerabilities.
49216 Generic_XPATH_Injection_Attack(GET)
---- Category: Vulnerability
---- Description:
---- SQL Injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database.This signature detects SQL injection attacks involving whether the backend database has SQL injection vulnerability.
