Merge pull request #592 from 2d4d/fix_web_citrix_cve_2019_19781_exploit.yml

add newbm.pl
2020-01-13 14:48:38 +01:00
parent 7216fe400f 364e859a6b
commit a0bad54dbd
1 changed files with 2 additions and 1 deletions
@@ -8,7 +8,7 @@ references:
 author: Arnim Rupp, Florian Roth
 status: experimental
 date: 2020/01/02
-modified: 2020/01/07
+modified: 2020/01/11
 logsource:
    category: webserver
    description: 'Make sure that your Netscaler appliance logs all kinds of attacks (test with http://your-citrix-gw.net/robots.txt)'
@@ -17,6 +17,7 @@ detection:
        c-uri-path: 
            - '*/../vpns/*'
            - '*/vpns/cfg/smb.conf'
+            - '*/vpns/portal/scripts/newbm.pl*'
    condition: selection
 fields:
    - client_ip