Mittwoch, 1. Februar 2017

Ruleset-Update: WordPress API Content Injection (GET/POST)


Today sucuri reported a new critical vuln in Wordpress, allowing an attacker to alter articles and with the potential for privilige escalation, remote code execution and content injection

for more details please check the refs below

Updates already pushed to the ruleset-repository https://bitbucket.org/lazy_dogtown/doxi-rules/overview


  42000459 :: web_apps.rules       :: WordPress API Content Injection (POST)
  42000460 :: web_apps.rules       :: WordPress API Content Injection (GET)


MainRule negative "rx:^\d+$" "msg:WordPress API Content Injection (POST)" "mz:$URL:/wp-json/wp/v2/posts/|$BODY_VAR:id" "s:$ATTACK:8" id:42000459  ;


MainRule negative "rx:^\d+$" "msg:WordPress API Content Injection (GET)" "mz:|$URL:/wp-json/wp/v2/posts/|$ARGS_VAR:id" "s:$ATTACK:8" id:42000460  ;

References:

- https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

- https://www.reddit.com/r/netsec/comments/5rgpxm/content_injection_vulnerability_in_wordpress_47/

- https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html


Keine Kommentare:

Kommentar veröffentlichen