""ET WEB_SPECIFIC_APPS Possible CVE-2013-2618 Attempt (PHP Weathermap Persistent XSS)""

SID: 2025459

Revision: 3

Class Type: attempted-admin

Metadata: affected_product Linux, attack_target Server, created_at 2018_04_03, cve CVE_2013_2618, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2024_01_31

Reference:

  • cve

  • 2013-2618

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: [$HOME_NET,$HTTP_SERVERS]

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "POST"

  • Value: "/editor.php"

  • Value: "&map_title="

  • Value: "&map_legend="

  • Value: "&editorsettings_showrelative="

  • Value: "="

Within:

PCRE: "/.+?(?:on(?:(?:s(?:elec|ubmi)|rese)t|d(?:blclick|ragdrop)|(?:mouse|key)[a-z]|c(?:hange|lick)|(?:un)?load|focus|blur)|s(?:cript|tyle=))/R"

Special Options:

  • http_method

  • http_uri

  • nocase

  • nocase

  • nocase

source