ATTACK [PTsecurity] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE through registration form (CVE-2018-7600)

SID: 10002808Rev: 31 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert http any any -> any any (msg:"ATTACK [PTsecurity] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE through registration form (CVE-2018-7600)"; flow:established, to_server; content:"/user/register"; http_uri; content:"POST"; http_method; content:"drupal"; http_client_body; pcre:"/(%23|#)(access(?:_|%5f)callback|pre(?:_|%5f)render|post(?:_|%5f)render|lazy(?:_|%5f)builder)/Pi"; reference:cve, 2018-7600; reference:url, research.checkpoint.com/uncovering-drupalgeddon-2; reference:url, github.com/ptresearch/AttackDetection; classtype:attempted-admin; sid:10002808; rev:3;)

References

cve	2018-7600
url	research.checkpoint.com/uncovering-drupalgeddon-2
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!