Nasreddine Bencherchali
598d29f811
chore: change tags, date, modified fields to comply with v2 of the Sigma spec. chore: update the related type from `obsoletes` to `obsolete`. chore: update local json schema to the latest version.
30 lines
1012 B
YAML
30 lines
1012 B
YAML
title: Path Traversal Exploitation Attempts
|
|
id: 7745c2ea-24a5-4290-b680-04359cb84b35
|
|
status: test
|
|
description: Detects path traversal exploitation attempts
|
|
references:
|
|
- https://github.com/projectdiscovery/nuclei-templates
|
|
- https://book.hacktricks.xyz/pentesting-web/file-inclusion
|
|
author: Subhash Popuri (@pbssubhash), Florian Roth (Nextron Systems), Thurein Oo, Nasreddine Bencherchali (Nextron Systems)
|
|
date: 2021-09-25
|
|
modified: 2023-08-31
|
|
tags:
|
|
- attack.initial-access
|
|
- attack.t1190
|
|
logsource:
|
|
category: webserver
|
|
detection:
|
|
selection:
|
|
cs-uri-query|contains:
|
|
- '../../../../../lib/password'
|
|
- '../../../../windows/'
|
|
- '../../../etc/'
|
|
- '..%252f..%252f..%252fetc%252f'
|
|
- '..%c0%af..%c0%af..%c0%afetc%c0%af'
|
|
- '%252e%252e%252fetc%252f'
|
|
condition: selection
|
|
falsepositives:
|
|
- Expected to be continuously seen on systems exposed to the Internet
|
|
- Internal vulnerability scanners
|
|
level: medium
|