CVE-2018-7490 Exploitation Attempt

Aug 21, 2020 ·

Detects the exploit attempt for Path Traversal Vulnerability

Sigma rule (View on GitHub)

 1title: CVE-2018-7490 Exploitation Attempt
 2id: 5bf721db-41b7-4f40-ad4e-2c5ad0087300
 3status: experimental
 4description: Detects the exploit attempt for Path Traversal Vulnerability
 5references:
 6  - https://www.exploit-db.com/exploits/44223
 7author: Loginsoft Research unit
 8date: 2020/07/05
 9logsource:
10  product: uWSGI
11  category: webserver
12detection:
13  selection:
14    c-uri|contains:
15    - '..%2f'
16  keywords:
17    - 'is not under /var/www or a safe path'
18    - 'PHP security error: * is not under the default docroot'
19  condition: selection and keywords
20falsepositives:
21  - Unknown
22level: medium```

References

OffSec’s Exploit Database Archive

uWSGI < 2.0.17 - Directory Traversal. CVE-2018-7490 . webapps exploit for PHP platform

Read More

CVE-2018-7490 Exploitation Attempt

Sigma rule (View on GitHub)

References

OffSec’s Exploit Database Archive