Versions (2)
Version DetailsCurrent
Rev: 6 • Jul 12, 2025, 12:00 PM🐾 - ⚠ Wing FTP Server RCE CVE-2025-47812 exploit attempted
alert http any any -> any any (msg:"🐾 - ⚠ Wing FTP Server RCE CVE-2025-47812 exploit attempted"; flow:to_server, stateless; flowbits:set,pptrls.cve-2025-47812; flowbits:isnotset,pptrls.cve-2025-47812; http.method; content:"POST"; http.uri; content:"/loginok.html"; http.request_body; content:"|75 73 65 72 6e 61 6d 65 3d 61 6e 6f 6e 79 6d 6f 75 73 25 30 30 5d 5d 25 30 64 6c 6f 63 61 6c 2b 68 2b|"; content:"|70 61 73 73 77 6f 72 64 3d|"; endswith; reference:url,https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/; reference:url,https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild; reference:url,https://github.com/4m3rr0r/CVE-2025-47812-poc; target:dest_ip; metadata:created_at 2025_07_12, updated_at 2025_07_12; sid:3321449; rev:6; classtype:targeted-activity;)
Jul 12, 2025, 12:00 PM
Jul 12, 2025, 12:00 PM
Jul 12, 2025, 9:34 PM
Jul 12, 2025, 10:34 PM
rules/PAW-PATRULES_VULN.rules