crowdsec-automation
crowdsec-automation
The detection rule for CVE-2023-30625 targets SQL Injection vulnerabilities in Rudder Server versions before 1.3.0-rc.1. The rule specifically looks for patterns in the `BODY_ARGS` where the `source_id` parameter is manipulated...
This rule detects path traversal attempts in XWiki Platform's `ssx` and `jsx` endpoints, specifically targeting the `resource` parameter. The first rule block matches requests to URIs containing `/bin/ssx/` or `/bin/jsx/`...
This rule targets the RCE vulnerability in Adobe Commerce (Magento) during the checkout process, specifically in the `/rest/default/V1/guest-carts/{id}/shipping-information` endpoint. The attack leverages the injection of a malicious string containing `addAfterFilterCallback(system)`...
This rule targets the Moodle LTI authorization endpoint vulnerable to reflected XSS and open redirect via the `redirect_uri` parameter. The detection logic is as follows: - The first condition matches...
This rule detects exploitation attempts for CVE-2021-26072, an SSRF vulnerability in Atlassian Confluence's WidgetConnector plugin. The attack is performed by sending a GET request to the `/rest/sharelinks/1.0/link` endpoint with a...
This rule targets exploitation attempts of CVE-2019-9621 in Zimbra Collaboration Suite, where attackers leverage XML External Entity (XXE) injection via the `/autodiscover` endpoint. The detection logic is as follows: -...
This rule targets SQL injection attempts in the EyesOfNetwork getApiKey endpoint (CVE-2020-8656). The detection logic is as follows: - The first rule block matches requests to the `/eonapi/getApiKey` endpoint by...
This rule targets the Optergy Proton/Enterprise backdoor console RCE (CVE-2019-7276). The attack is performed by sending a POST request to `/tools/ajax/ConsoleResult.html` with a `command` parameter containing a shell command (e.g.,...
This rule detects path traversal (LFI) attempts in TRUfusion Enterprise's getCobrandingData endpoint. The detection is based on two conditions: 1. The request URI must contain `/trufusionportal/getcobrandingdata` (case-insensitive, normalized). 2. The...
This rule detects exploitation attempts of CVE-2023-3169, a stored XSS vulnerability in the tagDiv Composer WordPress plugin. The attack is performed by sending a POST request to the `/wp-json/tdw/save_css` endpoint...