Profile cover photo
Profile photo
Hello World
4 followers
4 followers
About
Posts

Post has attachment
Ruleset-Update: WordPress API Content Injection (GET/POST)
Today sucuri reported a new critical vuln in Wordpress, allowing an attacker to alter articles and with the potential for privilige escalation, remote code execution and content injection, for more details please chekc the refs below Updates already pushed ...
Add a comment...

Post has attachment
Ruleset-Update: Jenkins-Exploits, Joomla 0-Day
added some sigs against known exploits for jenkins and wp, the rules itself might be found here: http://spike.nginx-goodies. com/rules/ for the latest joomla-vuln + exploit (see https://blog.sucuri.net/2015/ 12/remote-command-execution- vulnerability-in-joo...
Add a comment...

Post has attachment
**
just updated the doxi-rules with a rule to detect and block wp-pw-brute-force via xmlrpc (which shoudl be blocked anyway) credits goes to sucuri: https://blog.sucuri.net/2015/ 10/brute-force-amplification- attacks-against-wordpress- xmlrpc.html MainRule  "s...
Add a comment...

Post has attachment
Ruleset-Updates: Possible IIS Integer Overflow DoS > (CVE-2015-1635) and some scanner-sigs
[+] new sigs:   42000428 :: app_server.rules     ::  Possible IIS Integer Overflow DoS > (CVE-2015-1635)   42000421 :: scanner.rules        :: Joomla Googlemap-Reflection - Scan   42000422 :: web_server.rules     :: PHP 5.x User-Agent detected in Request, p...
Add a comment...

Post has attachment
ElasticSearch RCE (CVE-2015-1427) & JetLeak
there had been some buzz about the latest elasticsearch-rce-vuln recently, but all exploits i've seen so far are getting blocked if you run the naxsi_core.rules wirth high  XSS/SQL-scores due to many brackets, quotes and backslashes. there exists a signatur...
Add a comment...

Post has attachment
Ruleset-Update: Signature for GHOST exploit-attempt in ARGS/HEADER/BODY
Credit Goes to Emerging-Threats, this Rule is inspired by ET-Rule 2020327 MainRule "rx:[\d\.]{1023}" "msg:Possible GHOST exploit-attempt in ARGS/HEADER/BODY" "mz:BODY|ARGS|HEADERS" "s:$ATTACK:8" id:42000414 ; Updates has been pushed to Doxi-Rules already: ...
Add a comment...

Post has attachment
Ruleset-Update: Reflected File Download
ruleset-update with a testing-signature for Reflected File Download; beware of False-Positives; this sig is heavily untested and might break existing downloads for the vuln itself please read the following artikles from Oren Hafif: - Blog:  Reflected File D...
Add a comment...

Post has attachment
Ruleset-Update: Magento/MAGMI-Rules + MongoDB - Bypass
the following sigs are against exploiting MAGMI, a popular Magento-plugin with sever security-problems (or better:  a backdoor with 0 security at all); credits goes to bui for naxsi-team for pointing me onto it. additional signature is a mongodb-auth-bypass...
Add a comment...

Post has attachment
Ruleset-Update: Drupal SQLI & RCE-Exploit Attempt (CVE-2014-3704)
please note: the sig is against the exploit/POC and wouldnt hold against fancy urlencoding like "name%5b"  BUT: the attack WILL be blocked by naxsi because of 3 rules from core-rule-set at least, thus my sig is for the attack, not the vuln.

emerging sigs h...
Add a comment...

Post has attachment
Ruleset-Update: Possible Remote code execution through Bash CVE-2014-6271 and some Scanner-Sigs
most important: ID 42000393 / Possible Remote code execution through
Bash CVE-2014-6271 (see references below)

Updates are available through Doxi-Rules
https://bitbucket.org/lazy_dogtown/doxi-rules/overview


[+] new sigs:
42000386 :: web_server.rules ...
Add a comment...
Wait while more posts are being loaded