ModSecurity Advanced Topic of the Week: Commercial Rules Overview

As you may have heard, Trustwave recently announced the availability of commercial rules and support for open source ModSecurity users. Since the announcement, we have received numerous requests for more information about the commercial rules. This blog post will provide an overviewe of this new offering.

OWASP ModSecurity CRS

The OWASP ModSecurity Core Rule Set's security model is based on the concept of "generic attack detection" which means that it analyzes all HTTP transactional data looking for malicious payloads. While this technique does provide a base level of protection, there are still accuracy issues since the CRS does not correlate specific attack vector locations (such as URL and parameters) from publicly disclosed vulnerabilities. The result is that the user must implement customize the CRS by:

  1. Creating exceptions - to handle false positives, or
  2. Creating custom virtual patches - to apply blocking in specific attack locations for known vulnerabilities.

Both of these processes are time consuming.

ModSecurity Rules from Trustwave SpiderLabs

The ModSecurity Rules from Trustwave SpiderLabs focuses on specific attack vector locations, creating custom virtual patches for public vulnerabilities. The SpiderLabs Research Team monitors public vulnerability lists such as the Open Source Vulnerability Datbase and Bugtraq to identfiy when new vulnerabilities are released for public web software (both open source and commercial). We then create new rules to help prevent exploitation of the vulnerabilty and add it to our commercial rules feed where customers can download the latest archive on a daily basis.

In order to assist with effectively utilizing the rules for your environment, you have a few options for deciding which specific rules to activate.

Integrate with OWASP CRS or run Standalone?

We create two different types of rules: ones that can be easily integrated with the OWASP CRS and ones that can be run standalone. For an overview of the difference, you should review the blog post on Traditional vs. Anomaly Scoring Modes of operation. The main difference between between the detection methods is that the CRS integration rules only need to correlate the vulnerability injection point (URL and Paramter) and whether a previous CRS rule had matched the attack category (SQL Injection, Cross-site Scripting, etc...), whereas the standalone rules need to apply a targeted blacklist of meta-characters only to the vulnerability injection point.

Attack Categories vs. Application-Specific Rules?

The next option to choose is whether or not you want to activate the rules based on relevant attack categories (SQL Injection, Cross-site Scripting, etc..) or only the rules that impact the specific application you are running (such as osCommerce, cPanel, WordPress, etc...).

Identifying attacks against known vulnerabilities does have value in the following scenarios:

  1. If you happen to be running the targeted application, it can raise the threat level, lessens false positives and ultimately provides increased confidence in blocking.
  2. Even if you are not running the targeted software, you may still want to be made aware of attempts to exploit known vulnerabilties regardless of their chances of succeeding.

Example Vulnerability Walk-Through

Let's take a look at a specific vulnerability and then show the options for using the commercial rules to address this issue.

Recent WordPress Vulnerability

There was a recent SQL Injection vulnerability discovered for WordPress. Here is a screenshot of the OSVDB entry:

Screen shot 2011-10-04 at 11.01.34 AM

By reviewing the vulnerability details, we can identify the following details about this vulnerability:

  • Vulnerable URL - /plugins/forum-server/wpf-insert.php
  • Vulnerable Parameter - edit_post_id
  • Vulnerability Class - SQL Injection

This is enough information to create our virtual patches for this issue.

Standalone Virtual Patch

Here is the example standalone rule for this vulnerability:

#
# (2075463) ModSecurity Rules from Trustwave SpiderLabs: WP Forum Server Plugin for WordPress wp-content/plugins/forum-server/wpf-insert.php edit_post_id Parameter SQL Injection
# PoC Exploit Code: http://[target]/wp-content/plugins/forum-server/wpf-insert.php?edit_post_submit=1&edit_post_id=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)--%20&edit_post_subject=test&message=dummy&thread_id=1
#
SecRule REQUEST_LINE "@contains wp-content/plugins/forum-server/wpf-insert.php" "chain,phase:2,block,rev:'100411',t:none,t:urlDecodeUni,capture,logdata:'%{args.edit_post_id
}',severity:'2',id:2075463,msg:'SLR: WP Forum Server Plugin for WordPress wp-content/plugins/forum-server/wpf-insert.php edit_post_id Parameter SQL Injection',tag:'WEB_ATTA
CK/SQL_INJECTION',tag:'http://osvdb.org/show/osvdb/75463'"
     SecRule "ARGS:edit_post_id" "@pm # \" /* */ ` ' ( ) ; --" "ctl:auditLogParts=+E"

As you see, this rule first validate the URL data and then it will apply a targeted blacklist of characters that are often used in SQL Injection attacks to the ARGS:edit_post_id parameter payload.

CRS Integration Virtual Patch

Using this approach is good as more rules are able to contribute to an anomaly score. Each rule saves valuable meta-data about rule matches in TX variables. Let's look at CRS rule ID 959514 as an example:

SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "\bselect\b.{0,40}\buser\b" \
     "phase:2,rev:'2.0.9',capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,t:replaceComments,t:compressWhiteSpace,
ctl:auditLogParts=+E,block,msg:'Blind SQL Injection Attack',id:'959514',tag:'WEB_ATTACK/SQL_INJECTION',tag:'WASCTC/WASC-19',
tag:'OWASP_TOP_10/A1',tag:'OWASP_AppSensor/CIE1',tag:'PCI/6.5.2',logdata:'%{TX.0}',severity:'2',setvar:'tx.msg=%{rule.msg}',
setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},
setvar:tx.%{rule.id}-WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}"

The bolded setvar action is the key piece of data to understand. If a rule matches, then we initiate a TX variable that will contain meta-data about the match:

  1. tx.%{rule.id} - uses macro expansion to capture the rule ID value data and saves it in the TX variable name.

  2. WEB_ATTACK/SQL_INJECTION - captures the attack category data and saves it in the TX variable name.

  3. %{matched_var_name} - captures the variable location of the rule match and saves it in the TX variable name.

  4. %{tx.0} - captures the variable payload data that matched the operator value and saves it in the TX variable value.

If we look at the debug log data when this rule is processing of a sample request, we see the following:

Executing operator "rx" with param "\\bselect\\b.{0,40}\\buser\\b" against ARGS:comment.
Target value: "i need to select a new user for my fantasy football team - who should i pick"
Added regex subexpression to TX.0: select a new user
Operator completed in 24 usec.
Ctl: Set auditLogParts to ABIFHZE.
Setting variable: tx.msg=%{rule.msg}
Resolved macro %{rule.msg} to: Blind SQL Injection Attack
Set variable "tx.msg" to "Blind SQL Injection Attack".
Setting variable: tx.sql_injection_score=+%{tx.critical_anomaly_score}
Recorded original collection variable: tx.sql_injection_score = "0"
Resolved macro %{tx.critical_anomaly_score} to: 5
Relative change: sql_injection_score=0+5
Set variable "tx.sql_injection_score" to "5".
Setting variable: tx.anomaly_score=+%{tx.critical_anomaly_score}
Recorded original collection variable: tx.anomaly_score = "0"
Resolved macro %{tx.critical_anomaly_score} to: 5
Relative change: anomaly_score=0+5
Set variable "tx.anomaly_score" to "5".
Setting variable: tx.%{rule.id}-WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{tx.0}
Resolved macro %{rule.id} to: 959514
Resolved macro %{matched_var_name} to: ARGS:comment
Resolved macro %{tx.0} to: select a new user
Set variable "tx.959514-WEB_ATTACK/SQL_INJECTION-ARGS:comment" to "select a new user".
Resolved macro %{TX.0} to: select a new user
Warning. Pattern match "\bselect\b.{0,40}\buser\b" at ARGS:comment. [file "/usr/local/apache/conf/modsec_current/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "67"] [id "959514"] [rev "2.0.9"] [msg "Blind SQL Injection Attack"] [data "select a new user"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]

The final bolded entry shows you the final TX variable data that is now at our disposal. This TX data tells us that there was an SQL Injection attack payload detected in a parameter called "comment". We can now use this type of data to corrolated with our commercial ModSecurity rules.

Here is the example rule that can be integrated with the OWASP CRS and uses collaborative detection:

#
# (2075463) ModSecurity Rules from Trustwave SpiderLabs: WP Forum Server Plugin for WordPress wp-content/plugins/forum-server/wpf-insert.php edit_post_id Parameter SQL Injection
# PoC Exploit Code: http://[target]/wp-content/plugins/forum-server/wpf-insert.php?edit_post_submit=1&edit_post_id=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)--%20&edit_post_subject=test&message=dummy&thread_id=1
#
SecRule REQUEST_LINE "@contains wp-content/plugins/forum-server/wpf-insert.php" "chain,phase:2,block,rev:'100411',t:none,t:urlDecodeUni,capture,logdata:'%{args.edit_post_id
}',severity:'2',id:2075463,msg:'SLR: WP Forum Server Plugin for WordPress wp-content/plugins/forum-server/wpf-insert.php edit_post_id Parameter SQL Injection',tag:'WEB_ATTA
CK/SQL_INJECTION',tag:'http://osvdb.org/show/osvdb/75463'"
     SecRule "TX:'/SQL_INJECTION.*ARGS:edit_post_id/'" ".*" "ctl:auditLogParts=+E,setvar:'tx.msg=WP Forum Server Plugin for WordPress wp-content/plugins/forum-server/wpf-insert.php edit_post_id Parameter SQL Injection',setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:'tx.%{rule.id}-WEB_ATTACK/SQL_INJECTION-%{matched_var_name}=%{matched_var}'"

Similar to the standalone patch, we first check the URL. The next check, however, does not apply the targeted blacklist but intead checks for any TX variable data that was previously set by the other SQL Injection rules from the CRS and matched for the ARGS:edit_post_id parameter payload.

Application-Specific Rules

If you are running a public application (either open source or commercial), it is also possible to activate only those rules that apply to your application. Using our prevoius example application, we have a rule pack specific to WordPress which covers SQL Injection, Cross-site Scripting, Local File Inclusion and Remote File Inclusion attacks. We currently have 256 virtual patches for WordPress and its various plug-ins:

# (204610) ModSecurity Rules from Trustwave SpiderLabs: WordPress blog.header.php posts Parameter SQL Injection
# (2016701) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-trackback.php tb_id Parameter SQL Injection
# (2019634) ModSecurity Rules from Trustwave SpiderLabs: WordPress index.php cat Parameter SQL Injection
# (2022450) ModSecurity Rules from Trustwave SpiderLabs: WP-Stats WordPress Plugin wp-stats.php author Parameter SQL Injection
# (2034354) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/admin-db.php new_cat Parameter SQL Injection
# (2036311) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/admin-ajax.php cookie Parameter SQL Injection
# (2036321) ModSecurity Rules from Trustwave SpiderLabs: WordPress xmlrpc.php XMLRPC wp.suggestCategories Parameter SQL Injection
# (2039371) ModSecurity Rules from Trustwave SpiderLabs: Wordpress options-general.php page_options Parameter SQL Injection
# (2039372) ModSecurity Rules from Trustwave SpiderLabs: Wordpress options-writing.php page_options Parameter SQL Injection
# (2039373) ModSecurity Rules from Trustwave SpiderLabs: Wordpress options-reading.php page_options Parameter SQL Injection
# (2039374) ModSecurity Rules from Trustwave SpiderLabs: Wordpress options-discussion.php page_options Parameter SQL Injection
# (2039375) ModSecurity Rules from Trustwave SpiderLabs: Wordpress options-privacy.php page_options Parameter SQL Injection
# (2039376) ModSecurity Rules from Trustwave SpiderLabs: Wordpress options-permalink.php page_options Parameter SQL Injection
# (2039377) ModSecurity Rules from Trustwave SpiderLabs: Wordpress options-misc.php page_options Parameter SQL Injection
# (2039552) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-includes/query.php s Parameter SQL Injection
# (2040378) ModSecurity Rules from Trustwave SpiderLabs: WP-Forum Plugin for WordPress index.php user Parameter SQL Injection
# (2040767) ModSecurity Rules from Trustwave SpiderLabs: WP-Cal Plugin for WordPress functions/editevent.php id Parameter SQL Injection
# (2040779) ModSecurity Rules from Trustwave SpiderLabs: AdServe Plugin for WordPress adclick.php id Parameter SQL Injection
# (2040916) ModSecurity Rules from Trustwave SpiderLabs: fGallery Plugin for Wordpress fim_rss.php album Parameter SQL Injection
# (2041054) ModSecurity Rules from Trustwave SpiderLabs: Wordspew Plugin for Wordpress wordspew-rss.php id Parameter SQL Injection
# (2041511) ModSecurity Rules from Trustwave SpiderLabs: st_newsletter Plugin for Wordpress shiftthis-preview.php newsletter Parameter SQL Injection
# (2041858) ModSecurity Rules from Trustwave SpiderLabs: WP Photo Album Plugin for WordPress index.php photo Parameter SQL Injection
# (2042190) ModSecurity Rules from Trustwave SpiderLabs: WP-People Plugin for Wordpress wp-people-popup.php person Parameter SQL Injection
# (2043920) ModSecurity Rules from Trustwave SpiderLabs: WP-Download Plugin for WordPress wp-download.php dl_id Parameter SQL Injection
# (2044560) ModSecurity Rules from Trustwave SpiderLabs: WordPress Spreadsheet Plugin (wpSS) wpSS/ss_load.php ss_id Parameter SQL Injection
# (2044616) ModSecurity Rules from Trustwave SpiderLabs: Download Monitor Plugin for WordPress wp-download_monitor/download.php id Parameter SQL Injection
# (2045933) ModSecurity Rules from Trustwave SpiderLabs: Upload File Plugin for WordPress wp-uploadfile.php f_id Parameter SQL Injection
# (2049119) ModSecurity Rules from Trustwave SpiderLabs: WP Comment Remix Plugin for WordPress ajax_comments.php p Parameter SQL Injection
# (2049201) ModSecurity Rules from Trustwave SpiderLabs: ShiftThis Newsletter Plugin for WordPress stnl_iframe.php newsletter Parameter SQL Injection
# (2052210) ModSecurity Rules from Trustwave SpiderLabs: Simple Forum Plugin for WordPress sf-profile.php u Parameter SQL Injection
# (2052212) ModSecurity Rules from Trustwave SpiderLabs: WordPress Recipe Plugin wordspew-rss.php id Parameter SQL Injection
# (2052836) ModSecurity Rules from Trustwave SpiderLabs: fMoblog Plugin for Wordpress index.php id Parameter SQL Injection
# (2053612) ModSecurity Rules from Trustwave SpiderLabs: WordPress index.php m Parameter SQL Injection
# (2053613) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/edit.php m Parameter SQL Injection
# (2055125) ModSecurity Rules from Trustwave SpiderLabs: Photoracer Plugin for WordPress viewimg.php id Parameter SQL Injection
# (2055750) ModSecurity Rules from Trustwave SpiderLabs: Related Sites Plugin for Wordpress BTE_RW_webajax.php guid Parameter SQL Injection
# (2061407) ModSecurity Rules from Trustwave SpiderLabs: Pyrmont V2 Plugin for WordPress results.php id Parameter SQL Injection
# (2062346) ModSecurity Rules from Trustwave SpiderLabs: Copperleaf Photolog for WordPress cpl/cplphoto.php postid Parameter SQL Injection
# (2063311) ModSecurity Rules from Trustwave SpiderLabs: My Category Order Plugin for Wordpress wp-admin/post-new.php parentID Parameter SQL Injection
# (2065980) ModSecurity Rules from Trustwave SpiderLabs: Simple:Press Plugin for WordPress index.php value Parameter SQL Injection
# (2066566) ModSecurity Rules from Trustwave SpiderLabs: myLinksDump Plugin for WordPress myLDlinker.php url Parameter SQL Injection
# (2066863) ModSecurity Rules from Trustwave SpiderLabs: NextGEN Smooth Gallery Plugin for WordPress wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php galleryID Parameter SQL Injection
# (2070434) ModSecurity Rules from Trustwave SpiderLabs: Mingle Forum Plugin for WordPress wp-content/plugins/mingle-forum/feed.php topic Parameter SQL Injection
# (2070435) ModSecurity Rules from Trustwave SpiderLabs: Mingle Forum Plugin for WordPress wpf-post.php id Parameter SQL Injection
# (2070436) ModSecurity Rules from Trustwave SpiderLabs: Mingle Forum Plugin for WordPress wpf-class.php id Parameter SQL Injection
# (2070996) ModSecurity Rules from Trustwave SpiderLabs: Enable Media Replace Plugin for WordPress wp-admin/upload.php attachment_id Parameter SQL Injection
# (2070994) ModSecurity Rules from Trustwave SpiderLabs: WP Forum Server Plugin for WordPress /wp-content/plugins/forum-server/feed.php topic Parameter SQL Injection
# (2071044) ModSecurity Rules from Trustwave SpiderLabs: Comment Rating Plugin for WordPress ck-processkarma.php id Parameter SQL Injection
# (2071006) ModSecurity Rules from Trustwave SpiderLabs: Z-Vote Plugin for WordPress wp-content/plugins/zvote/zvote.php zvote Parameter SQL Injection
# (2071072) ModSecurity Rules from Trustwave SpiderLabs: GRAND Flash Album Gallery Plugin for WordPress wp-content/plugins/flash-album-gallery/lib/hitcounter.php pid Parameter SQL Injection
# (2071030) ModSecurity Rules from Trustwave SpiderLabs: 1 Flash Gallery Plugin for WordPress wp-content/plugins/1-flash-gallery/massedit_album.php gall_id Parameter SQL Injection
# (2071112) ModSecurity Rules from Trustwave SpiderLabs: IWantOneButton Plugin for WordPress wp-content/plugins/wantHave/updateAJAX.php post_id Parameter SQL Injection
# (2071355) ModSecurity Rules from Trustwave SpiderLabs: WP Forum Plugin for WordPress index.php group_id Parameter SQL Injection
# (2071356) ModSecurity Rules from Trustwave SpiderLabs: WP Forum Plugin for WordPress wp-content/plugins/wp-forum/forum_feed.php thread Parameter SQL Injection
# (2071357) ModSecurity Rules from Trustwave SpiderLabs: WP Forum Plugin for WordPress wp-content/plugins/wp-forum/sendmail.php id Parameter SQL Injection
# (2071889) ModSecurity Rules from Trustwave SpiderLabs: Universal Post Manager Plugin for WordPress wp-content/plugins/universal-post-manager/includes/poll_logs.php qid Parameter SQL Injection
# (2071890) ModSecurity Rules from Trustwave SpiderLabs: Universal Post Manager Plugin for WordPress wp-content/plugins/universal-post-manager/includes/poll_result.php PID Parameter SQL Injection
# (2071986) ModSecurity Rules from Trustwave SpiderLabs: WP-StarsRateBox Plugin for WordPress wp-content/plugins/wp-starsratebox/wp-starsratebox.php j Parameter SQL Injection
# (2072045) ModSecurity Rules from Trustwave SpiderLabs: Sermon Browser Plugin for WordPress index.php sermon_id Parameter SQL Injection
# (2074038) ModSecurity Rules from Trustwave SpiderLabs: WP e-Commerce Plugin for WordPress index.php collected_data[] Parameter SQL Injection
# (2074377) ModSecurity Rules from Trustwave SpiderLabs: UPM Polls Plugin for WordPress wp-content/plugins/upm-polls/includes/poll_logs.php qid Parameter SQL Injection
# (2074381) ModSecurity Rules from Trustwave SpiderLabs: Media Library Categories Plugin for WordPress wp-content/plugins/media-library-categories/sort.php termid Parameter SQL Injection
# (2074421) ModSecurity Rules from Trustwave SpiderLabs: Social Slider Plugin for WordPress social-slider-2/ajax.php rA[] Parameter SQL Injection
# (2074572) ModSecurity Rules from Trustwave SpiderLabs: File Groups Plugin for WordPress wp-content/plugins/file-groups/download.php fgid Parameter SQL Injection
# (2074574) ModSecurity Rules from Trustwave SpiderLabs: WP DS FAQ Plugin for WordPress wp-content/plugins/wp-ds-faq/ajax.php id Parameter SQL Injection
# (2074575) ModSecurity Rules from Trustwave SpiderLabs: Odihost Newsletter Plugin for WordPress wp-content/plugins/odihost-newsletter-plugin/includes/openstat.php id Parameter SQL Injection
# (2074562) ModSecurity Rules from Trustwave SpiderLabs: Link Library Plugin for WordPress wp-content/plugins/link-library/tracker.php id Parameter SQL Injection
# (2074577) ModSecurity Rules from Trustwave SpiderLabs: Global Content Blocks Plugin for WordPress wp-content/plugins/global-content-blocks/gcb/gcb_export.php gcb Parameter SQL Injection
# (2074578) ModSecurity Rules from Trustwave SpiderLabs: Menu Creator Plugin for WordPress wp-content/plugins/wp-menu-creator/updateSortOrder.php menu_id Parameter SQL Injection
# (2074664) ModSecurity Rules from Trustwave SpiderLabs: WP Symposium Plugin for WordPress uploadify/get_profile_avatar.php uid Parameter SQL Injection
# (2074804) ModSecurity Rules from Trustwave SpiderLabs: Js-appointment Plugin for WordPress wp-content/plugins/js-appointment/searchdata.php cat Parameter SQL Injection
# (2074813) ModSecurity Rules from Trustwave SpiderLabs: SH Slideshow Plugin for WordPress wp-content/plugins/sh-slideshow/ajax.php id Parameter SQL Injection
# (2074835) ModSecurity Rules from Trustwave SpiderLabs: WP Bannerize Plugin for WordPress wp-content/plugins/wp-bannerize/ajax_clickcounter.php id Parameter SQL Injection
# (2074838) ModSecurity Rules from Trustwave SpiderLabs: Donation Plugin for WordPress wp-content/plugins/wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg/exporttocsv.php did Parameter SQL Injection
# (2075227) ModSecurity Rules from Trustwave SpiderLabs: KNR Author List Plugin for WordPress wp-content/plugins/knr-author-list-widget/knrAuthorListCustomSortSave.php listItem[] Parameter SQL Injection
# (2075219) ModSecurity Rules from Trustwave SpiderLabs: Tweet old post Plugin for WordPress wp-admin/admin.php cat Parameter SQL Injection
# (2075252) ModSecurity Rules from Trustwave SpiderLabs: Community Events Plugin for WordPress wp-content/plugins/community-events/tracker.php id Parameter SQL Injection
# (2075308) ModSecurity Rules from Trustwave SpiderLabs: WP-Filebase Plugin for WordPress wp-content/plugins/wp-filebase/wpfb-ajax.php base Parameter SQL Injection
# (2075463) ModSecurity Rules from Trustwave SpiderLabs: WP Forum Server Plugin for WordPress wp-content/plugins/forum-server/wpf-insert.php edit_post_id Parameter SQL Injection
# (2075443) ModSecurity Rules from Trustwave SpiderLabs: Auctions Plugin for WordPress wp-admin/admin.php wpa_id Parameter SQL Injection
# (2075590) ModSecurity Rules from Trustwave SpiderLabs: WP e-Commerce Plugin for WordPress index.php transaction_id Parameter SQL Injection
# (2075598) ModSecurity Rules from Trustwave SpiderLabs: Count Per Day Plugin for WordPress wp-content/plugins/count-per-day/notes.php month Parameter SQL Injection
# (2075791) ModSecurity Rules from Trustwave SpiderLabs: Mingle Forum Plugin for WordPress wp-content/plugins/mingle-forum/wpf-insert.php edit_post_id Parameter SQL Injection
# (204611) ModSecurity Rules from Trustwave SpiderLabs: WordPress links.all.php abspath Parameter Remote File Inclusion
# (2031274) ModSecurity Rules from Trustwave SpiderLabs: WordPress functions.php file Parameter Remote File Inclusion
# (2033349) ModSecurity Rules from Trustwave SpiderLabs: Enigma WordPress Bridge Enigma2.php boarddir Parameter Remote File Inclusion
# (2034356) ModSecurity Rules from Trustwave SpiderLabs: myGallery Plugin for WordPress mygallerybrowser.php myPath Parameter Remote File Inclusion
# (2034357) ModSecurity Rules from Trustwave SpiderLabs: wp-Table Plugin for WordPress wptable-button.php wpPATH Parameter Remote File Inclusion
# (2034358) ModSecurity Rules from Trustwave SpiderLabs: wordTube Plugin for WordPress wordtube-button.php wpPATH Parameter Remote File Inclusion
# (2034359) ModSecurity Rules from Trustwave SpiderLabs: myFlash Plugin for WordPress myflash-button.php wpPATH Parameter Remote File Inclusion
# (2038476) ModSecurity Rules from Trustwave SpiderLabs: BackUpWordPress Plugin for Wordpress Archive.php bkpwp_plugin_path Parameter Remote File Inclusion
# (2038477) ModSecurity Rules from Trustwave SpiderLabs: BackUpWordPress Plugin for Wordpress Predicate.php bkpwp_plugin_path Parameter Remote File Inclusion
# (2038478) ModSecurity Rules from Trustwave SpiderLabs: BackUpWordPress Plugin for Wordpress Writer.php bkpwp_plugin_path Parameter Remote File Inclusion
# (2038479) ModSecurity Rules from Trustwave SpiderLabs: BackUpWordPress Plugin for Wordpress Reader.php bkpwp_plugin_path Parameter Remote File Inclusion
# (2041216) ModSecurity Rules from Trustwave SpiderLabs: cforms Plugin for Wordpress cforms-css.php tm Parameter Remote File Inclusion
# (2042253) ModSecurity Rules from Trustwave SpiderLabs: Sniplets Plugin for WordPress /modules/syntax_highlight.php libpath Parameter Remote File Inclusion
# (2055088) ModSecurity Rules from Trustwave SpiderLabs: FireStats Plugin for Wordpress wp-content/plugins/firestats/firestats-wordpress.php fs_javascript Parameter Remote File Inclusion
# (2055448) ModSecurity Rules from Trustwave SpiderLabs: DM Albums Plugin for WordPress wp-content/plugins/dm-albums/template/album.php SECURITY_FILE Parameter Remote File Inclusion
# (2056762) ModSecurity Rules from Trustwave SpiderLabs: WP Super Cache for WordPress wp-cache-phase1.php plugin Parameter Remote File Inclusion
# (2071056) ModSecurity Rules from Trustwave SpiderLabs: PHP Speedy Plugin for WordPress wp-content/plugins/php_speedy_wp/libs/php_speedy/view/admin_container.php page Parameter Remote File Inclusion
# (2071481) ModSecurity Rules from Trustwave SpiderLabs: BackWPup Plugin for WordPress wp_xml_export.php wpabs Parameter Remote File Inclusion
# (2075402) ModSecurity Rules from Trustwave SpiderLabs: Mini Mail Dashboard Widget Plugin for WordPress wordpress/wp-content/plugins/mini-mail-dashboard-widget/wp-mini-mail.php abspath Parameter Remote File Inclusion
# (2075614) ModSecurity Rules from Trustwave SpiderLabs: WP Easy Stats Plugin for WordPress wp-content/plugins/wpeasystats/export.php homep Parameter Remote File Inclusion
# (2075615) ModSecurity Rules from Trustwave SpiderLabs: AllWebMenus Plugin for WordPress wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php abspath Parameter Remote File Inclusion
# (2075616) ModSecurity Rules from Trustwave SpiderLabs: TheCartPress Plugin for WordPress wp-content/plugins/thecartpress/checkout/CheckoutEditor.php tcp_class_path Parameter Remote File Inclusion
# (2075617) ModSecurity Rules from Trustwave SpiderLabs: Mailing List Plugin for WordPress wp-content/plugins/mailz/lists/lt.php wpabspath Parameter Remote File Inclusion
# (2075618) ModSecurity Rules from Trustwave SpiderLabs: Mailing List Plugin for WordPress wp-content/plugins/mailz/lists/index.php wpabspath Parameter Remote File Inclusion
# (2075619) ModSecurity Rules from Trustwave SpiderLabs: Zingiri Web Shop Plugin for WordPress wp-content/plugins/zingiri-web-shop/fwkfor/ajax/init.inc wpabspath Parameter Remote File Inclusion
# (2075620) ModSecurity Rules from Trustwave SpiderLabs: Zingiri Web Shop Plugin for WordPress wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php wpabspath Parameter Remote File Inclusion
# (2075623) ModSecurity Rules from Trustwave SpiderLabs: Annonces Plugin for WordPress wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php abspath Parameter Remote File Inclusion
# (2075634) ModSecurity Rules from Trustwave SpiderLabs: Adsense Extreme Plugin for WordPress wp-content/plugins/adsense-extreme/adsensextremeadminpage.php adsensextreme[lang] Parameter Remote File Inclusion
# (2010411) ModSecurity Rules from Trustwave SpiderLabs: WordPress admin-header.php redirect_url Parameter XSS
# (2010413) ModSecurity Rules from Trustwave SpiderLabs: WordPress categories.php cat_ID Parameter XSS
# (2010414) ModSecurity Rules from Trustwave SpiderLabs: WordPress edit.php s Parameter XSS
# (2012617) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/templates.php file Parameter XSS
# (2012619) ModSecurity Rules from Trustwave SpiderLabs: WordPress link-categories.php cat_id Parameter XSS
# (2012621) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/post.php content Parameter XSS
# (2012622) ModSecurity Rules from Trustwave SpiderLabs: WordPress moderation.php item_approved Parameter XSS
# (2016702) ModSecurity Rules from Trustwave SpiderLabs: WordPress post.php p Parameter XSS
# (2030927) ModSecurity Rules from Trustwave SpiderLabs: Wordpress template-functions-links.php REQUEST_URI Parameter XSS
# (2031578) ModSecurity Rules from Trustwave SpiderLabs: WordPress templates.php file Parameter XSS
# (2033766) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/templates.php action Parameter XSS
# (2033788) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/post.php post Parameter XSS
# (2033884) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/admin.php demo Parameter XSS
# (2034348) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/vars.php PHP_SELF Parameter XSS
# (2036379) ModSecurity Rules from Trustwave SpiderLabs: WordPress AndyBlue Theme searchform.php URI PHP_SELF Parameter XSS
# (2036603) ModSecurity Rules from Trustwave SpiderLabs: WordPress Blue Memories Theme index.php s Parameter XSS
# (2036604) ModSecurity Rules from Trustwave SpiderLabs: WordPress Unnamed Theme index.php s Parameter XSS
# (2036621) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/includes/upload.php style Parameter XSS
# (2036817) ModSecurity Rules from Trustwave SpiderLabs: WordPress cordobo-green-park Theme blogroll.php PHP_SELF Parameter XSS
# (2037040) ModSecurity Rules from Trustwave SpiderLabs: WordPress Redoable Theme searchloop.php s Parameter XSS
# (2037041) ModSecurity Rules from Trustwave SpiderLabs: WordPress Redoable Theme header.php s Parameter XSS
# (2037057) ModSecurity Rules from Trustwave SpiderLabs: WordPress Blixed Theme index.php s Parameter XSS
# (2037298) ModSecurity Rules from Trustwave SpiderLabs: Blix Rus Theme for WordPress index.php PATH_INFO Parameter XSS
# (2037299) ModSecurity Rules from Trustwave SpiderLabs: Pool Theme for WordPress index.php PATH_INFO Parameter XSS
# (2038279) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/edit-post-rows.php posts_columns Parameter XSS
# (2038326) ModSecurity Rules from Trustwave SpiderLabs: Sirius Theme for Wordpress index.php PATH_INFO Parameter XSS
# (2038442) ModSecurity Rules from Trustwave SpiderLabs: WordPress / MU wp-newblog.php weblog_id Parameter XSS
# (2038450) ModSecurity Rules from Trustwave SpiderLabs: Wordpress Classic Theme for Wordpress index.php PHP_SELF Parameter XSS
# (2040224) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/post.php popuptitle Parameter XSS
# (2040225) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/page-new.php popuptitle Parameter XSS
# (2041138) ModSecurity Rules from Trustwave SpiderLabs: DMSGuestbook Plugin for WordPress wp-admin/admin.php file Parameter XSS
# (2042254) ModSecurity Rules from Trustwave SpiderLabs: Sniplets Plugin for WordPress view/sniplets/warning.php text Parameter XSS
# (2042255) ModSecurity Rules from Trustwave SpiderLabs: Sniplets Plugin for WordPress view/sniplets/notice.php text Parameter XSS
# (2042256) ModSecurity Rules from Trustwave SpiderLabs: Sniplets Plugin for WordPress view/sniplets/inset.php text Parameter XSS
# (2042257) ModSecurity Rules from Trustwave SpiderLabs: Sniplets Plugin for WordPress view/admin/submenu.php url Parameter XSS
# (2042258) ModSecurity Rules from Trustwave SpiderLabs: Sniplets Plugin for WordPress modules/execute.php text Parameter XSS
# (2042259) ModSecurity Rules from Trustwave SpiderLabs: Sniplets Plugin for WordPress view/admin/pager.php page Parameter XSS
# (2043402) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/users.php inviteemail Parameter XSS
# (2043403) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/invites.php to Parameter XSS
# (2043408) ModSecurity Rules from Trustwave SpiderLabs: Wordpress wp-admin/edit.php backup Parameter XSS
# (2046995) ModSecurity Rules from Trustwave SpiderLabs: WordPress Admin Panel link-import.php opml_url Parameter XSS
# (2052213) ModSecurity Rules from Trustwave SpiderLabs: WordPress wp-admin/upgrade.php backto Parameter XSS
# (2060497) ModSecurity Rules from Trustwave SpiderLabs: WP-Cumulus Plugin for WordPress wp-content/plugins/wp-cumulus/tagcloud.swf tagcloud Parameter XSS
# (2060686) ModSecurity Rules from Trustwave SpiderLabs: Google Analytics Plugin for Wordpress index.php s Parameter XSS
# (2063574) ModSecurity Rules from Trustwave SpiderLabs: NextGEN Gallery Plugin for WordPress wp-content/plugins/nextgen-gallery/xml/media-rss.php mode Parameter XSS
# (2066239) ModSecurity Rules from Trustwave SpiderLabs: FireStats Plugin for WordPress wp-admin/index.php fs_javascript Parameter XSS
# (2066241) ModSecurity Rules from Trustwave SpiderLabs: FireStats Plugin for WordPress firestats/php/window-new-edit-site.php site_id Parameter XSS
# (2066242) ModSecurity Rules from Trustwave SpiderLabs: FireStats Plugin for WordPress firestats/php/window-add-excluded-ip.php edit Parameter XSS
# (2066243) ModSecurity Rules from Trustwave SpiderLabs: FireStats Plugin for WordPress firestats/php/window-add-excluded-url.php edit Parameter XSS
# (2068411) ModSecurity Rules from Trustwave SpiderLabs: WordPress plugins.php delete-selected Action checked[0] Parameter XSS
# (2069071) ModSecurity Rules from Trustwave SpiderLabs: FeedList Plugin for WordPress wp-content/plugins/feedlist/handler_image.php i Parameter XSS
# (2069074) ModSecurity Rules from Trustwave SpiderLabs: WP Survey And Quiz Tool Plugin for WordPress create.php action Parameter XSS
# (2069084) ModSecurity Rules from Trustwave SpiderLabs: Vodpod Video Gallery Plugin for WordPress wp-content/plugins/vodpod-video-gallery/vodpod_gallery_thumbs.php gid Parameter XSS
# (2069538) ModSecurity Rules from Trustwave SpiderLabs: WPtouch Plugin for Wordpress wp-content/plugins/wptouch/include/adsense-new.php wptouch_settings Parameter XSS
# (2069764) ModSecurity Rules from Trustwave SpiderLabs: Processing Embed Plugin for Wordpress wp-content/plugins/wordpress-processing-embed/data/popup.php pluginurl Parameter XSS
# (2069762) ModSecurity Rules from Trustwave SpiderLabs: Safe Search Plugin for WordPress wp-content/plugins/wp-safe-search/wp-safe-search-jx.php v1 Parameter XSS
# (2069760) ModSecurity Rules from Trustwave SpiderLabs: Twitter Feed Plugin for WordPress wp-content/plugins/wp-twitter-feed/magpie/scripts/magpie_debug.php url Parameter XSS
# (2070101) ModSecurity Rules from Trustwave SpiderLabs: Accept Signups Plugin for WordPress wp-content/plugins/accept-signups/accept-signups_submit.php email Parameter XSS
# (2070021) ModSecurity Rules from Trustwave SpiderLabs: Embedded Video Plugin for Wordpress wp-admin/post.php content Parameter XSS
# (2070662) ModSecurity Rules from Trustwave SpiderLabs: Conduit Banner Plugin for WordPress wp-content/plugins/conduit-banner-selector/conduit-banner-selector-banners.php banner-index-field-id Parameter XSS
# (2070649) ModSecurity Rules from Trustwave SpiderLabs: Uploader Plugin for WordPress wp-content/plugins/uploader/views/notify.php num Parameter XSS
# (2070647) ModSecurity Rules from Trustwave SpiderLabs: Videox7 UGC Plugin for WordPress wordpress/wp-content/plugins/x7host-videox7-ugc-plugin/x7listplayer.php listid Parameter XSS
# (2070645) ModSecurity Rules from Trustwave SpiderLabs: FCChat Widget Plugin for WordPress wp-content/plugins/fcchat/js/import.config.php path Parameter XSS
# (2070644) ModSecurity Rules from Trustwave SpiderLabs: RSS Feed Reader for WordPress Plugin wp-content/plugins/rss-feed-reader/magpie/scripts/magpie_slashbox.php rss_url Parameter XSS
# (2070643) ModSecurity Rules from Trustwave SpiderLabs: BezahlCode-Generator Plugin for WordPress wp-content/plugins/bezahlcode-generator/der_generator.php gen_name Parameter XSS
# (2070640) ModSecurity Rules from Trustwave SpiderLabs: Audio Plugin for WordPress wp-content/plugins/audio/getid3/demos/demo.browse.php showfile Parameter XSS
# (2070663) ModSecurity Rules from Trustwave SpiderLabs: Featured Content Plugin for WordPress wp-content/plugins/featured-content/js/modalbox/tests/functional/_ajax_method_get.php param Parameter XSS
# (2070679) ModSecurity Rules from Trustwave SpiderLabs: WP Featured Post with Thumbnail Plugin for WordPress wp-content/plugins/wp-featured-post-with-thumbnail/scripts/timthumb.php src Parameter XSS
# (2070737) ModSecurity Rules from Trustwave SpiderLabs: TagNinja Plugin for WordPress wp-content/plugins/tagninja/fb_get_profile.php id Parameter XSS
# (2071060) ModSecurity Rules from Trustwave SpiderLabs: GD Star Rating Plugin for WordPress wp-content/plugins/gd-star-rating/widgets/widget_top.php wpfn Parameter XSS
# (2071055) ModSecurity Rules from Trustwave SpiderLabs: PHP Speedy Plugin for WordPress wp-content/plugins/php_speedy_wp/libs/php_speedy/view/admin_container.php title Parameter XSS
# (2071057) ModSecurity Rules from Trustwave SpiderLabs: Lazyest Gallery Plugin for WordPress /wp-content/plugins/lazyest-gallery/lazyest-popup.php image Parameter XSS
# (2071236) ModSecurity Rules from Trustwave SpiderLabs: Relevanssi Plugin for WordPress index.php s Parameter XSS
# (2071111) ModSecurity Rules from Trustwave SpiderLabs: IWantOneButton Plugin for WordPress wp-content/plugins/wantHave/updateAJAX.php post_id Parameter XSS
# (2071168) ModSecurity Rules from Trustwave SpiderLabs: ComicPress Manager Plugin for WordPress wp-content/plugins/comicpress-manager/jscalendar-1.0/test.php lang Parameter XSS
# (2071167) ModSecurity Rules from Trustwave SpiderLabs: IGIT Posts Slider Widget Plugin for WordPress wp-content/plugins/igit-posts-slider-widget/timthumb.php src Parameter XSS
# (2071190) ModSecurity Rules from Trustwave SpiderLabs: Local Market Explorer Plugin for WordPress wp-content/plugins/local-market-explorer/modules/walk-score-iframe.php api-key Parameter XSS
# (2071185) ModSecurity Rules from Trustwave SpiderLabs: SodaHead Polls Plugin for WordPress wp-content/plugins/sodahead-polls/poll.php customize Parameter XSS
# (2071187) ModSecurity Rules from Trustwave SpiderLabs: Rating-Widget Plugin for WordPress wp-content/plugins/rating-widget/view/availability_options.php selected_key Parameter XSS
# (2071186) ModSecurity Rules from Trustwave SpiderLabs: SodaHead Polls Plugin for WordPress wp-content/plugins/sodahead-polls/customizer.php poll_id Parameter XSS
# (2071188) ModSecurity Rules from Trustwave SpiderLabs: Rating-Widget Plugin for WordPress wp-content/plugins/rating-widget/view/rating.php vars[type] Parameter XSS
# (2071189) ModSecurity Rules from Trustwave SpiderLabs: Rating-Widget Plugin for WordPress wp-content/plugins/rating-widget/view/save.php rw_form_hidden_field_name Parameter XSS
# (2071215) ModSecurity Rules from Trustwave SpiderLabs: Zotpress Plugin for WordPress wp-content/plugins/zotpress/zotpress.image.php citation Parameter XSS
# (2071226) ModSecurity Rules from Trustwave SpiderLabs: YT-Audio Plugin for WordPress wp-content/plugins/yt-audio-streaming-audio-from-youtube/frame.php v Parameter XSS
# (2071841) ModSecurity Rules from Trustwave SpiderLabs: SimpleDark Theme for WordPress index.php s Parameter XSS
# (2071840) ModSecurity Rules from Trustwave SpiderLabs: Mingle Forum Plugin for WordPress wp-content/plugins/mingle-forum/wpf-insert.php message Parameter XSS
# (2071406) ModSecurity Rules from Trustwave SpiderLabs: Question and Answer Forum Plugin for WordPress index.php title Parameter XSS
# (2071462) ModSecurity Rules from Trustwave SpiderLabs: AdWizz Plugin for WordPress wp-content/plugins/ad-wizz/template.php link Parameter XSS
# (2071461) ModSecurity Rules from Trustwave SpiderLabs: Placester Plugin for WordPress wp-content/plugins/placester/admin/support_ajax.php ajax_action Parameter XSS
# (2074893) ModSecurity Rules from Trustwave SpiderLabs: WooThemes Live Wire / Gazette Edition WordPress Theme thumb.php src Parameter XSS
# (2071859) ModSecurity Rules from Trustwave SpiderLabs: Inline Gallery Plugin for WordPress browser.php do Parameter XSS
# (2071860) ModSecurity Rules from Trustwave SpiderLabs: PhotoSmash Plugin for WordPress /wp-content/plugins/photosmash-galleries/index.php action Parameter XSS
# (2072145) ModSecurity Rules from Trustwave SpiderLabs: Mimbo Pro Theme for WordPress timthumb.php src Parameter XSS
# (2071886) ModSecurity Rules from Trustwave SpiderLabs: Universal Post Manager Plugin for WordPress wp-content/plugins/universal-post-manager/template/email_screen_1.php num Parameter XSS
# (2071887) ModSecurity Rules from Trustwave SpiderLabs: Universal Post Manager Plugin for WordPress wp-content/plugins/universal-post-manager/template/email_screen_2.php num Parameter XSS
# (2071888) ModSecurity Rules from Trustwave SpiderLabs: Universal Post Manager Plugin for WordPress wp-content/plugins/universal-post-manager/template/bookmarks_slider_h.php number Parameter XSS
# (2071966) ModSecurity Rules from Trustwave SpiderLabs: SocialGrid Plugin for WordPress inline-admin.js.php default_services Parameter XSS
# (2071985) ModSecurity Rules from Trustwave SpiderLabs: WP-StarsRateBox Plugin for WordPress wp-content/plugins/wp-starsratebox/wp-starsratebox.php q Parameter XSS
# (2072047) ModSecurity Rules from Trustwave SpiderLabs: WP Ajax Recent Posts Plugin for WordPress index.php number Parameter XSS
# (2072044) ModSecurity Rules from Trustwave SpiderLabs: Sermon Browser Plugin for WordPress index.php file_name Parameter XSS
# (2072057) ModSecurity Rules from Trustwave SpiderLabs: Daily Maui Photo Widget Plugin for WordPress wp-content/plugins/daily-maui-photo-widget/wp-dailymaui-widget-control.php title Parameter XSS
# (2072053) ModSecurity Rules from Trustwave SpiderLabs: WP Photo Album Plugin for WordPress wp-admin/admin.php id Parameter XSS
# (2072150) ModSecurity Rules from Trustwave SpiderLabs: Magazeen Theme for WordPress timthumb.php src Parameter XSS
# (2074295) ModSecurity Rules from Trustwave SpiderLabs: WP e-Commerce Plugin for WordPress wp-content/plugins/wp-e-commerce/wpsc-theme/wpsc-cart_widget.php cart_messages[] Parameter XSS
# (2074561) ModSecurity Rules from Trustwave SpiderLabs: Link Library Plugin for WordPress wp-content/plugins/link-library/tracker.php id Parameter XSS
# (2074570) ModSecurity Rules from Trustwave SpiderLabs: WP-Stats-Dashboard Plugin for WordPress /wp-content/plugins/wp-stats-dashboard/view/admin/blocks/select-trend.php onchange Parameter XSS
# (2074668) ModSecurity Rules from Trustwave SpiderLabs: SEO Ultimate Plugin for WordPress wp-admin/post.php _su_rich_snippet_review_item Parameter XSS
# (2074705) ModSecurity Rules from Trustwave SpiderLabs: WP Events Calendar Plugin for WordPress wp-admin/admin.php EC_id Parameter XSS
# (2074783) ModSecurity Rules from Trustwave SpiderLabs: Redirection Plugin for WordPress wp-admin/tools.php id Parameter XSS
# (2074803) ModSecurity Rules from Trustwave SpiderLabs: Custom Post Type UI Plugin for WordPress wp-admin/admin.php return Parameter XSS
# (2075251) ModSecurity Rules from Trustwave SpiderLabs: Community Events Plugin for WordPress wp-content/plugins/community-events/tracker.php id Parameter XSS
# (2075518) ModSecurity Rules from Trustwave SpiderLabs: Ajax Category Dropdown Plugin for WordPress wp-content/plugins/ajax-category-dropdown/includes/dhat-ajax-cat-dropdown-request.php category_id Parameter XSS
# (2075635) ModSecurity Rules from Trustwave SpiderLabs: WP-RecentComments Plugin for WordPress wp-content/plugins/wp-recentcomments/core.php page Parameter XSS
# (2075782) ModSecurity Rules from Trustwave SpiderLabs: Multisite Global Search Plugin for WordPress wp-content/plugins/multisite-global-search/inc/shortcodes.php mssearch Parameter XSS
# (2027979) ModSecurity Rules from Trustwave SpiderLabs: WP-DB Backup Plugin for WordPress edit.php backup Parameter Traversal Arbitrary File Access
# (2043560) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/themes.php page Parameter Traversal Arbitrary File Access
# (2043586) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/edit.php page Parameter Traversal Arbitrary File Access
# (2043572) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/templates.php page Parameter Traversal Arbitrary File Access
# (2043571) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/edit-pages.php page Parameter Traversal Arbitrary File Access
# (2043570) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/categories.php page Parameter Traversal Arbitrary File Access
# (2043565) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/edit-comments.php page Parameter Traversal Arbitrary File Access
# (2043569) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/moderation.php page Parameter Traversal Arbitrary File Access
# (2043568) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/post.php page Parameter Traversal Arbitrary File Access
# (2043577) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/page-new.php page Parameter Traversal Arbitrary File Access
# (2043576) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/index.php page Parameter Traversal Arbitrary File Access
# (2043561) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/link-manager.php page Parameter Traversal Arbitrary File Access
# (2043593) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/link-add.php page Parameter Traversal Arbitrary File Access
# (2043575) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/link-categories.php page Parameter Traversal Arbitrary File Access
# (2043574) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/link-import.php page Parameter Traversal Arbitrary File Access
# (2043573) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/theme-editor.php page Parameter Traversal Arbitrary File Access
# (2043582) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/plugin-editor.php page Parameter Traversal Arbitrary File Access
# (2043566) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/profile.php page Parameter Traversal Arbitrary File Access
# (2043581) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/users.php page Parameter Traversal Arbitrary File Access
# (2043580) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/options-general.php page Parameter Traversal Arbitrary File Access
# (2043585) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/options-reading.php page Parameter Traversal Arbitrary File Access
# (2043562) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/options-discussion.php page Parameter Traversal Arbitrary File Access
# (2043592) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/options-permalink.php page Parameter Traversal Arbitrary File Access
# (2043584) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/options-misc.php page Parameter Traversal Arbitrary File Access
# (2043583) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/import.php page Parameter Traversal Arbitrary File Access
# (2043591) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/admin.php page Parameter Traversal Arbitrary File Access
# (2043590) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/bookmarklet.php page Parameter Traversal Arbitrary File Access
# (2043567) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/cat-js.php page Parameter Traversal Arbitrary File Access
# (2043589) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/inline-uploading.php page Parameter Traversal Arbitrary File Access
# (2043588) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/options.php page Parameter Traversal Arbitrary File Access
# (2043579) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/profile-update.php page Parameter Traversal Arbitrary File Access
# (2043587) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/sidebar.php page Parameter Traversal Arbitrary File Access
# (2043563) ModSecurity Rules from Trustwave SpiderLabs: WordPress /wp-admin/user-edit.php page Parameter Traversal Arbitrary File Access
# (2069073) ModSecurity Rules from Trustwave SpiderLabs: jRSS Widget Plugin for WordPress proxy.php url Parameter Traversal Arbitrary File Access
# (2071107) ModSecurity Rules from Trustwave SpiderLabs: OPS Old Post Spinner Plugin for WordPress wp-content/plugins/old-post-spinner/logview.php ops_file Parameter Traversal Arbitrary File Access
# (2071166) ModSecurity Rules from Trustwave SpiderLabs: jQuery Mega Menu Widget Plugin for WordPress wp-content/plugins/jquery-mega-menu/skin.php skin Parameter Traversal Arbitrary File Access
# (2071238) ModSecurity Rules from Trustwave SpiderLabs: XCloner Plugin for WordPress wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php config Parameter Traversal Arbitrary File Access
# (2071242) ModSecurity Rules from Trustwave SpiderLabs: BackWPup Plugin for WordPress wp-content/plugins/backwpup/app/options-view_log-iframe.php wpabs Parameter Traversal Arbitrary File Access
# (2071707) ModSecurity Rules from Trustwave SpiderLabs: WP Custom Pages Module for WordPress wp-download.php url Parameter Traversal Arbitrary File Access
# (2075605) ModSecurity Rules from Trustwave SpiderLabs: Filedownload Plugin for WordPress wp-content/plugins/filedownload/download.php path Parameter Traversal Arbitrary File Access

In addition to WordPress, we also have pre-built rule packages for osCommerce, cPanel and Joomla. You can easily create your own application packs by simply grepping for your application software title from the attack rules and placing them into a custom file based on your app.

Conclusion

If you would like more information, please contact security@modsecurity.org. If you are ready to purchase licenses for the commercial rules, head over to the shopping cart!

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.