vpatch-CVE-2021-3129 AppSec Rule

« vpatch-CVE-2021-3129 »
v0.4 by crowdsecurity
AppSec rule

Laravel with Ignition Debug Mode RCE (CVE-2021-3129)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2021-3129

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2021-3129
2description: "Laravel with Ignition Debug Mode RCE (CVE-2021-3129)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: /_ignition/execute-solution
12    - zones:
13      - BODY_ARGS
14      variables:
15      - json.parameters.viewFile
16      match:
17        type: regex
18        value: "php://filter|phar://"
19labels:
20  type: exploit
21  service: http
22  confidence: 3
23  spoofable: 0
24  behavior: "http:exploit"
25  label: "Laravel with Ignition Debug Mode RCE"
26  classification:
27   - cve.CVE-2021-3129
28   - attack.T1595
29   - attack.T1190
30   - cwe.CWE-98

Hub Appsec rule

« vpatch-CVE-2021-3129 »v0.4 by crowdsecurityAppSec rule

« vpatch-CVE-2021-3129 »
v0.4 by crowdsecurity
AppSec rule