How to create RegEx Custom Vulnerability Object for detection FTP injection

chinitsara — Tue, 28 Feb 2017 10:12:47 GMT

I try to create Custom Object to detect FTP injection. I wrote pattern " .*(\%0d\%0a) " but it show operation fail pattern must be at least 7 bytes. How i create RegEx pattern to match "%0d%0a" in below command.

ftp://a%0D%0A
EHLO%20a%0D%0A
MAIL%20FROM%3A%3Ca%40example.org%3E%0D%0A
RCPT%20TO%3A%3Calech%40alech.de%3E%0D%0A
DATA%0D%0A
From%3A%20a%40example.org%0A
To%3A%20alech%40alech.de%0A
Subject%3A%20test%0A
%0A
 
test!%0A
%0D%0A
 
.%0D%0A
QUIT%0D%0A
:a@shiftordie.de:25/a

Thank you

topic How to create RegEx Custom Vulnerability Object for detection FTP injection in Custom Signatures

How to create RegEx Custom Vulnerability Object for detection FTP injection