""ET ATTACK_RESPONSE PHP script in OptimizePress Upload Directory Possible WebShell Access""
SID: 2017854
Revision: 2
Class Type: attempted-admin
Metadata: created_at 2013_12_13, updated_at 2017_11_28
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: to_server,established
Contents:
-
Value: "/wp-content/uploads/optpress/images_"
-
Value: ".php"
Within:
PCRE: "/\/wp-content\/uploads\/optpress\/images_(?:comingsoon|lncthumbs|optbuttons)\/.*?.php/Ui"
Special Options:
-
http_uri
-
http_uri