[Emerging-Sigs] 2 Wordpress - Sigs

mex mail at mare-system.de
Thu Dec 27 12:13:04 HAST 2012


on dec 24 a nice vuln tha grants probably access was published on FD

http://seclists.org/fulldisclosure/2012/Dec/242
http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh


alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WordPress 
TotalCache-DBCache-Access"; flow:established,to_server; content:"GET "; 
depth:4; nocase; uricontent:"/w3tc/dbcache"; nocase; 
classtype:web-application-attack;  
reference:url,seclists.org/fulldisclosure/2012/Dec/242; 
reference:url,git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh; 
sid:XXXXXXX; rev:2;)


the following is to detect an unwanted file-upload:
http://www.securityfocus.com/bid/53787/info
http://downloads.securityfocus.com/vulnerabilities/exploits/53787.php

alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WordPress 
WP-Property Plugin uploadify.php Arbitrary File Upload Vulnerability"; 
flow:established,to_server; content:"POST"; depth:4; nocase; 
uricontent:"/uploadify/uploadify.php"; nocase; content:"Filedata"; 
nocase; http_client_body; classtype:web-application-attack;  
reference:url,www.securityfocus.com/bid/53787/info; 
reference:url,downloads.securityfocus.com/vulnerabilities/exploits/53787.php; 
sid:XXXXXX; rev:2;)



More information about the Emerging-sigs mailing list