ATTACK [PTsecurity] GitStack Arbitrary PHP upload RCE (CVE-2018-5955)
Sourceptrules/open
Fileptopen-attacks.rules
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] GitStack Arbitrary PHP upload RCE (CVE-2018-5955)"; flow:established, to_server ; content:"/web/index.php?"; http_uri; content:".git"; distance:0; http_uri; content:"Authorization:" ; http_header; nocase; content:"Basic"; distance:0; http_header; nocase; pcre:"/Basic\s+/i"; base64_decode:offset 0, relative ; base64_data; pcre:"/&\s/"; reference:url, blogs.securiteam.com/index.php/archives/3557 ; reference:cve, 2018-5955 ; reference:url, rules.ptsecurity.com ; classtype:attempted-admin; sid:10002449; rev:4;)
References
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!