Rule History

alert http any any -> [$HTTP_SERVERS,$HOME_NET] any (msg:"ET EXPLOIT WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/cab-fare-calculator/"; fast_pattern; content:"controller=|2e 2e 2f|"; distance:0; reference:url,www.exploit-db.com/exploits/50843; reference:url,cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers; classtype:attempted-admin; sid:2036739; rev:2; metadata:affected_product Wordpress_Plugins, attack_target Server, created_at 2022_06_01, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, tag LFI, tag RFI, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_06_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)