SUC021 : Havij SQL Injection Tool User-Agent Inbound

  • Use Case Reference : SUC021
  • Use Case Title : Havij SQL Injection Tool User-Agent Inbound
  • Use Case Detection : IDS / HTTP / SQL logs
  • Attacker Class : Opportunists / Targeting Opportunists / Professional
  • Attack Sophistication : Unsophisticated / Low / Mid-High
  • Identified tool(s) : Havij Advanced SQL Injection
  • Source IP(s) : Random
  • Source Countries : Random
  • Source Port(s) : Random
  • Destination Port(s) : 80/TCP, 443/TCP

Possible(s) correlation(s) :

  • Havij Advanced SQL Injection free version
  • Havij Advanced SQL Injection commercial version

Source(s) :

Snort rule :
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ZATAZ SCAN Havij SQL Injection Tool User-Agent Inbound"; flow:established,to_server; content:"|0D 0A|User-Agent|3a| Havij"; nocase; http_header; reference:url,itsecteam.com/en/projects/project1.htm; threshold:type limit, count 1, seconds 30, track by_src; classtype:web-application-attack; priority:2; sid:1010051; rev:1;)
SIG 1010051 1 Week events activity
SIG 1010051 1 Week events activity
SIG 1010051 1 month events activity
SIG 1010051 1 month events activity