ATTACK [PTsecurity] WordPress Plugin LearnDash LMS <2.5.4 Arbitrary file upload

SID: 10002405Rev: 21 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] WordPress Plugin LearnDash LMS <2.5.4 Arbitrary file upload"; flow:established, to_server; content:"POST"; http_method; content:"multipart/form-data"; http_header; content:"course_id"; http_client_body; content:"uploadfile"; http_client_body; content:"uploadfiles[]"; http_client_body; content:"filename"; http_client_body; distance:0; content:".php.php"; http_client_body; distance:0; pcre:"/\.php\.php\s*[\x22\']/P"; reference:url, seclists.org/fulldisclosure/2018/Jan/37; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002405; rev:2;)

References

urlseclists.org/fulldisclosure/2018/Jan/37
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!