""ET WEB_SPECIFIC_APPS WordPress 1-jquery-photo-gallery-slideshow-flash plugin page Cross-Site Scripting Attempt""

SID: 2014622

Revision: 2

Class Type: web-application-attack

Metadata: affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2012_04_20, deployment Datacenter, signature_severity Major, tag Wordpress, updated_at 2012_04_20

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "/wp-content/plugins/1-jquery-photo-gallery-slideshow-flash/wp-1pluginjquery.php?"

  • Value: "page="

Within:

PCRE: "/page\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ui"

Special Options:

  • http_uri

  • nocase

  • nocase

  • http_uri

source