Rule History

SID: 3321450 • Source: pawpatrules

Versions (2)

Version DetailsCurrent

Rev: 5 • Jul 12, 2025, 12:00 PM

Message:

🐾 - 🚨 Wing FTP Server RCE CVE-2025-47812 exploit successful 💥

Rule:

alert http any any -> any any (msg:"🐾 - 🚨 Wing FTP Server RCE CVE-2025-47812 exploit successful 💥"; flow:to_client, stateless; flowbits:isset,pptrls.cve-2025-47812; http.stat_code; content:"200"; http.content_type; content:"text/html"; http.server; content:"Wing FTP Server"; startswith; http.response_body; content:"| 77 65 6c 63 6f 6d 65 4d 65 73 73 61 67 65|"; reference:url,https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/; reference:url,https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild; reference:url,https://github.com/4m3rr0r/CVE-2025-47812-poc; target:src_ip; metadata:created_at 2025_07_12, updated_at 2025_07_12; sid:3321450; rev:5; classtype:targeted-activity;)

Created:

Jul 12, 2025, 12:00 PM

Updated:

Jul 12, 2025, 12:00 PM

DB Created:

Jul 12, 2025, 9:34 PM

DB Updated:

Jul 12, 2025, 10:34 PM

Filename:

rules/PAW-PATRULES_VULN.rules