ATTACK [PTsecurity] FreePBX 13/14 Malicious Filename Upload attempt

SID: 10000082Rev: 20 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-user
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ATTACK [PTsecurity] FreePBX 13/14 Malicious Filename Upload attempt"; flow:to_server; content:"POST"; http_method; nocase; content:"/admin/ajax.php?"; http_uri; content:"module=recordings"; http_uri; content:"command=savebrowserrecording"; http_uri; content:"Content-Type: multipart/form-data"; nocase; http_header; pcre:"/Content-Disposition: form-data\; name=\x22filename\x22\r\n\r\n[^\r\n]*\x60[^\r\n]*\x60.*\r\n/P"; xbits:set, FreePBXMaliciousFilenameUpload, track ip_dst, expire 30; classtype:attempted-user; reference:exploitdb, 40232; reference:url, github.com/ptresearch/AttackDetection; sid:10000082; rev:2;)

References

exploitdb40232
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!