mod_security rule for e107 ‘plugindir’ and ‘ifile’ remote include vulnerability
Here are modsecurity2 rules for the latest string of vulnerabilities affecting the E107 CMS system described in the following links: http://www.exploit-db.com/exploits/12818/ http://www.exploit-db.com/exploits/12715/ SecRule ARGS:THEMES_DIRECTORY “^http” “t:htmlEntityDecode,t:urlDecode,t:lowercase,deny,log,auditlog,msg:’Denied e107 vulnerability'” SecRule ARGS:ifile “^http” “t:htmlEntityDecode,t:urlDecode,t:lowercase,deny,log,auditlog,msg:’Denied e107 vulnerability'” SecRule ARGS:plugindir “^http” “t:htmlEntityDecode,t:urlDecode,t:lowercase,deny,log,auditlog,msg:’Denied e107 vulnerability'” SecRule ARGS:author_name “\[php\]” “t:htmlEntityDecode,t:urlDecode,t:lowercase,deny,log,auditlog,msg:’Denied e107 vulnerability'”