valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
267da51745
SigmaHQ/rules/web/web_cve_2010_1607_exploitation_attempt.yml
frack113 89776b8c14 fix filename
2021-09-23 14:44:51 +02:00

27 lines
898 B
YAML
Raw Blame History

title: CVE-2010-1607 Exploitation Attempt
id: 699e3765-a82a-4d7c-8214-8e8fe7c57fdd
author: Subhash Popuri (@pbssubhash)
date: 2021/08/25
status: experimental
description: Joomla! Component WMI 1.5.0 - Local File Inclusion:Directory traversal
vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi)
component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary
local files via a .. (dot dot) in the controller parameter to index.php.
references:
- https://github.com/projectdiscovery/nuclei-templates
logsource:
category: webserver
detection:
selection:
c-uri|contains:
- /index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00
condition: selection
false_positives:
- Scanning from Nuclei
- Penetration Testing Activity
- Unknown
tags:
- attack.initial_access
- attack.t1190
level: critical
Reference in New Issue View Git Blame Copy Permalink