ET EXPLOIT Possible Magento Directory Traversal Attempt

7.0.35.0SID: 2021951Rev: 4Enabled1 views
Sourceet/open
Fileemerging-exploit.rules
CreatedOctober 15, 2015
UpdatedApril 20, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Possible Magento Directory Traversal Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/magmi-importer/web/"; fast_pattern; content:"download_file.php?file="; distance:0; http.uri.raw; content:"|2e 2e 2f|"; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:url,threatpost.com/zero-day-in-magento-plugin-magmi-under-attack/115026/; classtype:trojan-activity; sid:2021951; rev:4; metadata:created_at 2015_10_15, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_04_20, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)

Metadata

created at2015_10_15
deploymentInternal
confidenceHigh
signature severityMajor
updated at2024_04_20
mitre tactic idTA0007
mitre tactic nameDiscovery
mitre technique idT1083
mitre technique nameFile_And_Directory_Discovery

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!