Techniques
Sample rules
Path Traversal Exploitation Attempts
- source: sigma
- technicques:
- t1190
Description
Detects path traversal exploitation attempts
Detection logic
condition: selection
selection:
cs-uri-query|contains:
- ../../../../../lib/password
- ../../../../windows/
- ../../../etc/
- ..%252f..%252f..%252fetc%252f
- ..%c0%af..%c0%af..%c0%afetc%c0%af
- '%252e%252e%252fetc%252f'