alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS FancyBox? Remote Code Inclusion POST Request"; flow:to_server,established; content:"POST"; http_method; content:"/admin-post.php?page=fancybox-for-wordpress"; http_uri; fast_pattern; content:"INPUTBODY|3a|"; http_client_body; content:"action=update"; http_client_body; content:"mfbfw"; http_client_body; content:"extraCalls"; http_client_body; nocase; reference:url,blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html; classtype:attempted-admin; sid:2020368; rev:6; metadata:created_at 2015_02_05, updated_at 2019_10_07;)

Added 2019-10-08 19:34:20 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS FancyBox? Remote Code Inclusion POST Request"; flow:to_server,established; content:"POST"; http_method; content:"/admin-post.php?page=fancybox-for-wordpress"; http_uri; fast_pattern:only; content:"INPUTBODY|3a|"; http_client_body; content:"action=update"; http_client_body; content:"mfbfw"; http_client_body; content:"extraCalls"; http_client_body; nocase; reference:url,blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html; classtype:attempted-admin; sid:2020368; rev:5; metadata:created_at 2015_02_05, updated_at 2015_02_05;)

Added 2018-09-13 19:50:32 UTC


Added 2018-09-13 17:59:41 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS FancyBox? Remote Code Inclusion POST Request"; flow:to_server,established; content:"POST"; http_method; content:"/admin-post.php?page=fancybox-for-wordpress"; http_uri; fast_pattern:only; content:"INPUTBODY|3a|"; http_client_body; content:"action=update"; http_client_body; content:"mfbfw"; http_client_body; content:"extraCalls"; http_client_body; nocase; reference:url,blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html; classtype:attempted-admin; sid:2020368; rev:5; metadata:created_at 2015_02_05, updated_at 2015_02_05;)

Added 2017-08-07 21:14:50 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS FancyBox? Remote Code Inclusion POST Request"; flow:to_server,established; content:"POST"; http_method; content:"/admin-post.php?page=fancybox-for-wordpress"; http_uri; fast_pattern:only; content:"INPUTBODY|3a|"; http_client_body; content:"action=update"; http_client_body; content:"mfbfw"; http_client_body; content:"extraCalls"; http_client_body; nocase; reference:url,blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html; classtype:attempted-admin; sid:2020368; rev:5;)

Added 2015-02-05 18:37:34 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats