Skip to content
Threat Feed

Product

Apache

5 briefs RSS
high advisory

Web Server Potential SQL Injection Attempt Detection

This brief details the detection of potential SQL injection (SQLi) attempts against web servers by identifying common SQLi patterns in URLs and query strings, used by threat actors for reconnaissance, data exfiltration, or command execution, aiming for sensitive information disclosure or system compromise.

Apache +5 sql-injection web-attack reconnaissance initial-access data-exfiltration command-execution persistence cross-platform
1r 6t
low advisory

Unusual Command Execution from Web Server Parent Process on Linux

This rule detects potential command execution from a web server parent process on a Linux host, indicating a possible web shell attack where adversaries exploit web server vulnerabilities to execute arbitrary commands.

Elastic Defend +2 web-shell command-execution persistence linux
2r 3t
medium advisory

Web Server Local File Inclusion Activity Detected

Detection of potential Local File Inclusion (LFI) activity on web servers through HTTP GET requests attempting to access sensitive local files via directory traversal or known file paths, potentially leading to information disclosure and system compromise.

Nginx +4 web-server lfi file-inclusion discovery credential-access initial-access
3r 4t
medium advisory

Web Server Request Command Injection Attempt

Detection of potential command injection attempts via web server requests by identifying URLs containing suspicious patterns associated with command execution payloads, which attackers exploit to execute arbitrary commands on the server.

Apache +4 command-injection web-server persistence
2r 5t
medium advisory

Web Server Local File Inclusion Activity

This rule detects potential Local File Inclusion (LFI) exploitation on web servers by identifying HTTP GET requests attempting to access sensitive local files through directory traversal or known file paths, potentially leading to sensitive information disclosure.

Nginx +4 lfi web-server directory-traversal information-disclosure
2r 1t