Doxi Ruleset-Update: WordPress API Content Injection (GET/POST)

[mex]

Today sucuri reported a new critical vuln in Wordpress, allowing an
attacker to alter articles and with the potential for privilige
escalation, remote code execution and content injection, for more
details please chekc the refs below

Updates already pushed to the ruleset-repository
https://bitbucket.org/lazy_dogtown/doxi-rules/overview


42000459 :: web_apps.rules :: WordPress API Content Injection (POST)
42000460 :: web_apps.rules :: WordPress API Content Injection (GET)


MainRule negative "rx:^\d+$" "msg:WordPress API Content Injection
(POST)" "mz:$URL:/wp-json/wp/v2/posts/|$BODY_VAR:id" "s:$ATTACK:8"
id:42000459 ;



MainRule negative "rx:^\d+$" "msg:WordPress API Content Injection
(GET)" "mz:|$URL:/wp-json/wp/v2/posts/|$ARGS_VAR:id" "s:$ATTACK:8"
id:42000460 ;


References:

- https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

-https://www.reddit.com/r/netsec/comments/5rgpxm/content_injection_vulnerability_in_wordpress_47/

- https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html