Versions (3)
Version DetailsCurrent
Rev: 3 • Jul 27, 2018, 12:00 PMET WEB_SPECIFIC_APPS Modx Revolution < 2.6.4 phpthumb.php RCE Attempt
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Modx Revolution < 2.6.4 phpthumb.php RCE Attempt"; flow:established,to_server; urilen:31; http.method; content:"POST"; http.uri; content:"/connectors/system/phpthumb.php"; fast_pattern; http.request_body; content:"<?php"; nocase; content:"($_SERVER"; nocase; distance:0; reference:url,exploit-db.com/exploits/45055/; classtype:web-application-attack; sid:2025917; rev:3; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2018_07_27, deployment Perimeter, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_25;)
Jul 27, 2018, 12:00 PM
Aug 25, 2020, 12:00 PM
Jul 27, 2018, 12:00 PM
Sep 29, 2025, 9:34 PM
rules/emerging-web_specific_apps.rules