[Emerging-Sigs] 2 Wordpress - Sigs

Will Metcalf wmetcalf at emergingthreatspro.com
Thu Dec 27 12:40:11 HAST 2012

First one we did almost the exact same sig and is loaded to go in
today. Uploadify is used in all kinds of junk... maybe we should add
/wp-property/ in there somewhere?



On Thu, Dec 27, 2012 at 4:13 PM, mex <mail at mare-system.de> wrote:
> on dec 24 a nice vuln tha grants probably access was published on FD
> http://seclists.org/fulldisclosure/2012/Dec/242
> http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh
> alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WordPress TotalCache-DBCache-Access"; flow:established,to_server; content:"GET "; depth:4; nocase; uricontent:"/w3tc/dbcache"; nocase; classtype:web-application-attack;  reference:url,seclists.org/fulldisclosure/2012/Dec/242; reference:url,git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh; sid:XXXXXXX; rev:2;)
> the following is to detect an unwanted file-upload:
> http://www.securityfocus.com/bid/53787/info
> http://downloads.securityfocus.com/vulnerabilities/exploits/53787.php
> alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WordPress WP-Property Plugin uploadify.php Arbitrary File Upload Vulnerability"; flow:established,to_server; content:"POST"; depth:4; nocase; uricontent:"/uploadify/uploadify.php"; nocase; content:"Filedata"; nocase; http_client_body; classtype:web-application-attack;  reference:url,www.securityfocus.com/bid/53787/info; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/53787.php; sid:XXXXXX; rev:2;)
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!

More information about the Emerging-sigs mailing list