SHELLCODE: PHP Reverse Shell
This signature detects a "PHP Reverse Shell" shellcode, which when executed, creates an operating system shell and binds it to a TCP socket that connects back to the attacker.
Extended Description
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
Affected Products
Holding_pattern_project holding_pattern
References
CVE: CVE-2018-19422
URL: http://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html http://www.opensyscom.fr/Actualites/wordpress-plugins-wp-property-shell-upload-vulnerability.html https://www.mehmetince.net/exploit/tiki-wiki-unauthenticated-file-upload-vulnerability https://tiki.org/article434-Security-update-Tiki-15-2-Tiki-14-4-and-Tiki-12-9-released http://www.opensyscom.fr/Actualites/wordpress-plugins-front-end-editor-arbitrary-file-upload-vulnerability.html http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html https://github.com/advisories/GHSA-73xj-v6gc-g5p5
Short Name
SHELLCODE:PHP:REVERSE-SHELL
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SHELLCODE
Keywords
CVE-2015-1172 CVE-2015-4133 CVE-2015-7309 CVE-2017-6090 CVE-2018-19422 CVE-2020-28871 CVE-2021-24145 CVE-2021-24155 CVE-2021-39352 CVE-2021-41646 PHP Reverse Shell bid:57100 bid:72546
Release Date
10/22/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Holding_pattern_project
CVSS Score
7.5
6.5