[Emerging-Sigs] 2 Wordpress - Sigs
mail at mare-system.de
Thu Dec 27 22:17:22 HAST 2012
I should have sended it earlier,nthe naxsi-sigs weee posted in 25. :-)
For the uploadify-sig, i tried to avoid a pcre and think this SIG, as-is, OK for non-wp-servers.
Will Metcalf <wmetcalf at emergingthreatspro.com> schrieb:
>First one we did almost the exact same sig and is loaded to go in
>today. Uploadify is used in all kinds of junk... maybe we should add
>/wp-property/ in there somewhere?
>On Thu, Dec 27, 2012 at 4:13 PM, mex <mail at mare-system.de> wrote:
>> on dec 24 a nice vuln tha grants probably access was published on FD
>> alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WordPress TotalCache-DBCache-Access"; flow:established,to_server; content:"GET "; depth:4; nocase; uricontent:"/w3tc/dbcache"; nocase; classtype:web-application-attack; reference:url,seclists.org/fulldisclosure/2012/Dec/242; reference:url,git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh; sid:XXXXXXX; rev:2;)
>> the following is to detect an unwanted file-upload:
>> alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WordPress WP-Property Plugin uploadify.php Arbitrary File Upload Vulnerability"; flow:established,to_server; content:"POST"; depth:4; nocase; uricontent:"/uploadify/uploadify.php"; nocase; content:"Filedata"; nocase; http_client_body; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/53787/info; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/53787.php; sid:XXXXXX; rev:2;)
>> Emerging-sigs mailing list
>> Emerging-sigs at lists.emergingthreats.net
>> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
>> The ONLY place to get complete premium rulesets for all versions of Suricata and Snort 2.4.0 through Current!
More information about the Emerging-sigs