vpatch-CVE-2023-0900 AppSec Rule

« vpatch-CVE-2023-0900 »
v0.1 by crowdsecurity
AppSec rule

AP Pricing Tables Lite - SQL Injection (CVE-2023-0900)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-0900

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2023-0900
2description: "AP Pricing Tables Lite - SQL Injection (CVE-2023-0900)"
3rules:
4  - and:
5    - zones:
6      - METHOD
7      match:
8        type: equals
9        value: POST
10    - zones:
11      - URI
12      transform:
13      - lowercase
14      match:
15        type: contains
16        value: /wp-admin/admin-ajax.php
17    - zones:
18      - BODY_ARGS
19      variables:
20      - action
21      transform:
22      - lowercase
23      match:
24        type: equals
25        value: backend_ajax
26    - zones:
27      - BODY_ARGS
28      variables:
29      - _action
30      transform:
31      - lowercase
32      match:
33        type: equals
34        value: copy_table
35    - zones:
36      - BODY_ARGS
37      variables:
38      - table_id
39      match:
40        type: libinjectionSQL
41
42labels:
43  type: exploit
44  service: http
45  confidence: 3
46  spoofable: 0
47  behavior: "http:exploit"
48  label: "AP Pricing Tables Lite - SQL Injection"
49  classification:
50   - cve.CVE-2023-0900
51   - attack.T1595
52   - attack.T1190
53   - cwe.CWE-89

Hub Appsec rule

« vpatch-CVE-2023-0900 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2023-0900 »
v0.1 by crowdsecurity
AppSec rule