CVE-2010-5278 Exploitation Attempt
MODx manager - Local File Inclusion:Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter.
Sigma rule (View on GitHub)
1title: CVE-2010-5278 Exploitation Attempt
2id: a4a899e8-fd7a-49dd-b5a8-7044def72d61
3status: test
4description: |
5 MODx manager - Local File Inclusion:Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier,
6 when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter.
7references:
8 - https://github.com/projectdiscovery/nuclei-templates
9author: Subhash Popuri (@pbssubhash)
10date: 2021/08/25
11modified: 2023/01/02
12tags:
13 - attack.initial_access
14 - attack.t1190
15 - cve.2010.5278
16 - detection.emerging_threats
17logsource:
18 category: webserver
19detection:
20 selection:
21 cs-uri-query|contains: /manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00
22 condition: selection
23falsepositives:
24 - Scanning from Nuclei
25 - Unknown
26level: critical
References
-
Community curated list of templates for the nuclei engine to find security vulnerabilities. - projectdiscovery/nuclei-templates
Read More
Related rules
- CVE-2020-0688 Exchange Exploitation via Web Log
- CVE-2020-0688 Exploitation Attempt
- CVE-2020-10148 SolarWinds Orion API Auth Bypass
- CVE-2020-5902 F5 BIG-IP Exploitation Attempt
- CVE-2021-40539 Zoho ManageEngine ADSelfService Plus Exploit