ATTACK [PTsecurity] FreePBX 13/14 Malicious Filename Upload attempt
Sourceptrules/open
Fileptopen-attacks.rules
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] FreePBX 13/14 Malicious Filename Upload attempt"; flow:to_server; content:"POST"; http_method; nocase; content:"/admin/ajax.php?"; http_uri; content:"module=recordings"; http_uri; content:"command=savebrowserrecording"; http_uri; content:"Content-Type: multipart/form-data" ; nocase; http_header; pcre:"/Content-Disposition: form-data\; name=\x22filename\x22\r\n\r\n[^\r\n]*\x60[^\r\n]*\x60.*\r\n/P" ; xbits:set, FreePBXMaliciousFilenameUpload, track ip_dst, expire 30 ; reference:exploitdb, 40232 ; reference:url, rules.ptsecurity.com ; classtype:attempted-admin; sid:10000082; rev:3;)
References
| exploitdb | 40232 |
| url | rules.ptsecurity.com |
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!