[Emerging-Sigs] Possible WordpressPingbackPortScanner detected

mex mail at mare-system.de
Tue Dec 18 02:41:31 HAST 2012


seclists.org/bugtraq/2012/Dec/101
github.com/FireFart/WordpressPingbackPortScanner/
www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/



#
alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB_APPS Possible 
WordpressPingbackPortScanner detected "; flow:established,to_server; 
content:"POST"; depth:4; nocase; uricontent:"/xmlrpc.php"; 
content:"pingback.ping"; http_client_body; nocase; threshold: type 
limit, track by_src, seconds 60, count 5; 
classtype:web-application-attack;  
reference:url,seclists.org/bugtraq/2012/Dec/101; 
reference:url,github.com/FireFart/WordpressPingbackPortScanner/; 
reference:url,www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/; 
sid:XXXXX; rev:2;)



regards,


mex


More information about the Emerging-sigs mailing list