vpatch-CVE-2023-6623 AppSec Rule

« vpatch-CVE-2023-6623 »
v0.2 by crowdsecurity
AppSec rule

Wordpress Essential Blocks plugin LFI (CVE-2023-6623)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2023-6623

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2023-6623
2description: "Wordpress Essential Blocks plugin LFI (CVE-2023-6623)"
3rules:
4  - and:
5    - zones:
6      - METHOD
7      match:
8        type: equals
9        value: GET
10    - zones:
11      - URI
12      transform:
13      - lowercase
14      match:
15        type: equals
16        value: /index.php
17    - zones:
18      - ARGS
19      variables:
20       - rest_route
21      transform:
22      - lowercase
23      match:
24        type: contains
25        value: essential-blocks
26    - zones:
27      - ARGS
28      variables:
29       - attributes
30      transform:
31      - lowercase
32      match:
33        type: contains
34        value: "__file"
35labels:
36  type: exploit
37  service: http
38  confidence: 3
39  spoofable: 0
40  behavior: "http:exploit"
41  label: "Wordpress Essential Blocks plugin LFI"
42  classification:
43   - cve.CVE-2023-6623
44   - attack.T1211
45   - attack.T1190
46   - cwe.CWE-22

Hub Appsec rule

« vpatch-CVE-2023-6623 »v0.2 by crowdsecurityAppSec rule

« vpatch-CVE-2023-6623 »
v0.2 by crowdsecurity
AppSec rule