ATTACK [PTsecurity] FreePBX 13/14 Remote Command Execution
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationsuccessful-user
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ATTACK [PTsecurity] FreePBX 13/14 Remote Command Execution"; flow:to_server; content:"POST"; http_method; nocase; content:"/admin/ajax.php"; http_uri; content:"Content-Type: application/x-www-form-urlencoded"; nocase; http_header; pcre:"/file=[^&]*\x60[^&]*\x60/P"; pcre:"/module=recordings/P"; xbits:isset, FreePBXMaliciousFilenameUpload, track ip_dst; classtype:successful-user; reference:exploitdb, 40232; reference:url, github.com/ptresearch/AttackDetection; sid:10000083; rev:2;)
References
| exploitdb | 40232 |
| url | github.com/ptresearch/AttackDetection |
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!