""ET WEB_SPECIFIC_APPS WordPress LeagueManager plugin group parameter Cross-Site Scripting Attempt""

SID: 2014812

Revision: 2

Class Type: web-application-attack

Metadata: affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2012_05_25, deployment Datacenter, signature_severity Major, tag Wordpress, updated_at 2012_05_25

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "/wp-admin/admin.php?"

• Value: "page=leaguemanager"

• Value: "subpage="

• Value: "league_id="

• Value: "group="

Within:

PCRE: "/group\x3d.+(s(cript|tyle\x3D)|on(mouse[a-z]|key[a-z]|load|unload|dragdrop|blur|focus|click|dblclick|submit|reset|select|change))/Ui"

Special Options:

• nocase

• http_uri

• nocase

• http_uri

• nocase

• http_uri

• nocase

• http_uri

• nocase

• http_uri

source