security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
frack113
2021-08-25 20:02:38 +02:00
committed by GitHub
parent 3f27295e64
commit 39daebffa4
1 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/web/web_cve_CVE-2010-5278_exploitation_attempt.yaml → rules/web/web_cve_2010_5278_exploitation_attempt.yml
+10 -12
View File
@@ -1,26 +1,24 @@
title: CVE-2010-5278 exploitation attempt
title: CVE-2010-5278 Exploitation Attempt
id: 55a72ccd-4f16-42a7-afc8-f7958035bf90
author: Subhash Popuri (@pbssubhash)
date: 25/08/2021
date: 2021/08/25
status: experimental
description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php
in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled,
allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key
parameter.
references:
- https://www.exploit-db.com/exploits/34788
- https://www.cvedetails.com/cve/CVE-2010-5278
- https://github.com/projectdiscovery/nuclei-templates
- https://www.exploit-db.com/exploits/34788
- https://www.cvedetails.com/cve/CVE-2010-5278
- https://github.com/projectdiscovery/nuclei-templates
detection:
selection:
c-uri|contains:
- /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00
c-uri|contains: '/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00'
condition: selection
false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
- Scanning from Nuclei
- Penetration Testing Activity
tags:
- attack.initial_access
- attack.t1190
- attack.initial_access
- attack.t1190
level: critical