Versions (3)
Version DetailsCurrent
Rev: 7 • Feb 5, 2015, 12:00 PMET WEB_SPECIFIC_APPS FancyBox Remote Code Inclusion POST Request
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS FancyBox Remote Code Inclusion POST Request"; flow:to_server,established; http.method; content:"POST"; http.uri; content:"/admin-post.php?page=fancybox-for-wordpress"; fast_pattern; http.request_body; content:"INPUTBODY|3a|"; content:"action=update"; content:"mfbfw"; content:"extraCalls"; nocase; reference:url,blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html; classtype:attempted-admin; sid:2020368; rev:7; metadata:created_at 2015_02_05, signature_severity Major, updated_at 2020_09_29, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Feb 5, 2015, 12:00 PM
Sep 29, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-web_specific_apps.rules