""ET WEB_SPECIFIC_APPS Possible CVE-2013-2618 Attempt (PHP Weathermap Persistent XSS)""
SID: 2025459
Revision: 3
Class Type: attempted-admin
Metadata: affected_product Linux, attack_target Server, created_at 2018_04_03, cve CVE_2013_2618, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2024_01_31
Reference:
-
cve
-
2013-2618
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: [$HOME_NET,$HTTP_SERVERS]
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "POST"
-
Value: "/editor.php"
-
Value: "&map_title="
-
Value: "&map_legend="
-
Value: "&editorsettings_showrelative="
-
Value: "="
Within:
PCRE: "/.+?(?:on(?:(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle=))/R"
Special Options:
-
http_method
-
http_uri
-
nocase
-
nocase
-
nocase