alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress PingBack? Possible GHOST attempt"; flow:established,to_server; content:"/xmlrpc.php"; http_uri; nocase; content:"pingback.ping"; nocase; http_client_body; fast_pattern; content:""; http_client_body; pcre:"/^\s*?https?\x3a\/\//PRs"; isdataat:1024,relative; content:!"|2f|"; http_client_body; within:1024; content:!""; http_client_body; within:1033; pcre:"/^\d[\d\x2e]{255}/PR"; classtype:web-application-attack; sid:2020327; rev:7; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, deployment Datacenter, tag Wordpress, signature_severity Major, created_at 2015_01_28, updated_at 2019_10_07;)

Added 2019-10-08 19:34:19 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress PingBack? Possible GHOST attempt"; flow:established,to_server; content:"/xmlrpc.php"; http_uri; nocase; content:"pingback.ping"; nocase; http_client_body; fast_pattern:only; content:""; http_client_body; pcre:"/^\s*?https?\x3a\/\//PRs"; isdataat:1024,relative; content:!"|2f|"; http_client_body; within:1024; content:!""; http_client_body; within:1033; pcre:"/^\d[\d\x2e]{255}/PR"; classtype:web-application-attack; sid:2020327; rev:6; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, deployment Datacenter, tag Wordpress, signature_severity Major, created_at 2015_01_28, updated_at 2016_07_01;)

Added 2017-08-07 21:14:47 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress PingBack? Possible GHOST attempt"; flow:established,to_server; content:"/xmlrpc.php"; http_uri; nocase; content:"pingback.ping"; nocase; http_client_body; fast_pattern:only; content:""; http_client_body; pcre:"/^\s*?https?\x3a\/\//PRs"; isdataat:1024,relative; content:!"|2f|"; http_client_body; within:1024; content:!""; http_client_body; within:1033; pcre:"/^\d[\d\x2e]{255}/PR"; classtype:web-application-attack; sid:2020327; rev:6;)

Added 2015-01-29 17:02:34 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress PingBack? Possible GHOST attempt"; flow:established,to_server; content:"/xmlrpc.php"; http_uri; nocase; content:"pingback.ping"; nocase; http_client_body; fast_pattern:only; content:""; http_client_body; pcre:"/^\s*?https?\x3a\/\//PRs"; isdataat:1024,relative; content:!"|2f|"; http_client_body; within:1024; content:!""; http_client_body; within:1033; pcre:"/^[\d\x2e]{1024}/PR"; classtype:web-application-attack; sid:2020327; rev:5;)

Added 2015-01-28 19:29:48 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress PingBack? Possbile GHOST attempt"; flow:established,to_server; content:"/xmlrpc.php"; http_uri; nocase; content:"pingback.ping"; nocase; http_client_body; fast_pattern:only; content:""; http_client_body; pcre:"/^\s*?https?\x3a\/\//PRs"; isdataat:1024,relative; content:!"|2f|"; http_client_body; within:1024; content:!""; http_client_body; within:1033; pcre:"/^[\d\x2e]{1024}/PR"; classtype:web-application-attack; sid:2020327; rev:3;)

Added 2015-01-28 17:55:15 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats