[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: Re: [Emerging-Sigs] Possible WordpressPingbackPortScanner detected
From: Will Metcalf <william.metcalf () gmail ! com>
Date: 2012-12-18 15:55:38
Message-ID: CAO0nrJabwaYEYfr_8SZfrTE0DQpiNvJ8YkUQ+x=9at5MH8cMuA () mail ! gmail ! com
[Download RAW message or body]
Sweet! Will get it into QA today.
Regards,
Will
On Tue, Dec 18, 2012 at 6:41 AM, mex <mail@mare-system.de> wrote:
> alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB_APPS Possible
> WordpressPingbackPortScanner detected "; flow:established,to_server;
> content:"POST"; depth:4; nocase; uricontent:"/xmlrpc.php";
> content:"pingback.ping"; http_client_body; nocase; threshold: type limit,
> track by_src, seconds 60, count 5; classtype:web-application-attack;
> reference:url,seclists.org/bugtraq/2012/Dec/101;
> reference:url,github.com/FireFart/WordpressPingbackPortScanner/;
> reference:url,www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/;
> sid:XXXXX; rev:2;)
_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic