SigmaHQ/rules/web/web_cve_2010_1659_exploitation_attempt.yml

title: CVE-2010-1659 Exploitation Attempt
id: dde389b6-a56a-48a6-98f6-a58ea7adc0b6
author: Subhash Popuri (@pbssubhash)
date: 2021/08/25
status: experimental
description: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion:Directory
  traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component
  1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot)
  in the controller parameter to index.php.
references:
  - https://github.com/projectdiscovery/nuclei-templates
logsource:
  category: webserver
detection:
  selection:
    c-uri|contains:
      - /index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00
  condition: selection
false_positives:
  - Scanning from Nuclei
  - Penetration Testing Activity
  - Unknown
tags:
  - attack.initial_access
  - attack.t1190
level: critical