- Use Case Reference : SUC021
- Use Case Title : Havij SQL Injection Tool User-Agent Inbound
- Use Case Detection : IDS / HTTP / SQL logs
- Attacker Class : Opportunists / Targeting Opportunists / Professional
- Attack Sophistication : Unsophisticated / Low / Mid-High
- Identified tool(s) : Havij Advanced SQL Injection
- Source IP(s) : Random
- Source Countries : Random
- Source Port(s) : Random
- Destination Port(s) : 80/TCP, 443/TCP
Possible(s) correlation(s) :
- Havij Advanced SQL Injection free version
- Havij Advanced SQL Injection commercial version
Source(s) :
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ZATAZ SCAN Havij SQL Injection Tool User-Agent Inbound"; flow:established,to_server; content:"|0D 0A|User-Agent|3a| Havij"; nocase; http_header; reference:url,itsecteam.com/en/projects/project1.htm; threshold:type limit, count 1, seconds 30, track by_src; classtype:web-application-attack; priority:2; sid:1010051; rev:1;)