alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2013-2618 Attempt (PHP Weathermap Persistent XSS)"; flow:established,to_server; content:"POST"; http_method; content:"/editor.php"; http_uri; content:"&map_title="; nocase; http_uri; content:"&map_legend="; nocase; http_uri; content:"&editorsettings_showrelative="; fast_pattern; nocase; http_uri; content:"="; pcre:"/.+?(?:on(?:(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle=))/R"; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers/; reference:cve,2013-2618; classtype:attempted-admin; sid:2025459; rev:3; metadata:affected_product Linux, attack_target Server, created_at 2018_04_03, deployment Perimeter, former_category WEB_SPECIFIC_APPS, performance_impact Low, signature_severity Major, updated_at 2020_11_05;)

Added 2020-11-05 18:35:58 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2013-2618 Attempt (PHP Weathermap Persistent XSS)"; flow:established,to_server; content:"POST"; http_method; content:"/editor.php"; http_uri; content:"&map_title="; nocase; http_uri; content:"&map_legend="; nocase; http_uri; content:"&editorsettings_showrelative="; fast_pattern; nocase; http_uri; content:"="; pcre:"/.+?(?:on(?:(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle=))/R"; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers/; reference:cve,2013-2618; classtype:attempted-admin; sid:2025459; rev:3; metadata:affected_product Linux, attack_target Server, created_at 2018_04_03, deployment Perimeter, former_category WEB_SPECIFIC_APPS, performance_impact Low, signature_severity Major, updated_at 2020_03_04;)

Added 2020-08-05 19:14:34 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2013-2618 Attempt (PHP Weathermap Persistent XSS)"; flow:established,to_server; content:"POST"; http_method; content:"/editor.php"; http_uri; content:"&map_title="; nocase; http_uri; content:"&map_legend="; nocase; http_uri; content:"&editorsettings_showrelative="; fast_pattern; nocase; http_uri; content:"="; pcre:"/.+?(?:on(?:(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle=))/R"; metadata: former_category WEB_SPECIFIC_APPS; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers/; reference:cve,2013-2618; classtype:attempted-admin; sid:2025459; rev:3; metadata:affected_product Linux, attack_target Server, deployment Perimeter, signature_severity Major, created_at 2018_04_03, performance_impact Low, updated_at 2020_03_04;)

Added 2020-03-04 19:16:55 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2013-2618 Attempt (PHP Weathermap Persistent XSS)"; flow:established,to_server; content:"POST"; http_method; content:"/editor.php"; http_uri; content:"&map_title="; nocase; content:"&map_legend="; nocase; content:"&editorsettings_showrelative="; fast_pattern; nocase; content:"="; pcre:"/.+?(?:on(?:(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle=))/R"; metadata: former_category WEB_SPECIFIC_APPS; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers/; reference:cve,2013-2618; classtype:attempted-admin; sid:2025459; rev:2; metadata:affected_product Linux, attack_target Server, deployment Perimeter, signature_severity Major, created_at 2018_04_03, performance_impact Low, updated_at 2018_04_03;)

Added 2018-09-13 19:54:37 UTC


Added 2018-09-13 18:02:06 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2013-2618 Attempt (PHP Weathermap Persistent XSS)"; flow:established,to_server; content:"POST"; http_method; content:"/editor.php"; http_uri; content:"&map_title="; nocase; content:"&map_legend="; nocase; content:"&editorsettings_showrelative="; fast_pattern; nocase; content:"="; pcre:"/.+?(?:on(?:(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle=))/R"; metadata: former_category WEB_SPECIFIC_APPS; reference:url,blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers/; reference:cve,2013-2618; classtype:attempted-admin; sid:2025459; rev:2; metadata:affected_product Linux, attack_target Server, deployment Perimeter, signature_severity Major, created_at 2018_04_03, performance_impact Low, updated_at 2018_04_03;)

Added 2018-04-03 16:44:26 UTC


Topic revision: r1 - 2020-11-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats