ET WEB_SPECIFIC_APPS Possible Joomla SQLi Attempt (CVE-2015-7297 CVE-2015-7857 CVE-2015-7858)

7.0.35.0SID: 2021992Rev: 4Enabled2 views
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedOctober 22, 2015
UpdatedApril 20, 2024
Classificationattempted-admin
alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Joomla SQLi Attempt (CVE-2015-7297 CVE-2015-7857 CVE-2015-7858)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"option="; nocase; content:"view="; nocase; content:"list[select]="; nocase; fast_pattern; pcre:"/&list\[select\]=[^\r\n&]*(?:(?:S(?:HOW (?:C(?:UR(?:DAT|TIM)E|HARACTER SET)|(?:VARI|T)ABLES)|ELECT (?:FROM|USER))|U(?:NION SELEC|PDATE SE)T|DELETE FROM|INSERT INTO)|S(?:HOW.+(?:C(?:HARACTER.+SET|UR(DATE|TIME))|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER))|U(?:NION.+SELEC|PDATE.+SE)T|DELETE.+FROM|INSERT.+INTO|\/\*.+\*\/)?/i"; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:url,trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access; reference:cve,2015-7297; reference:cve,2015-7587; reference:cve,2015-7858; classtype:attempted-admin; sid:2021992; rev:4; metadata:created_at 2015_10_22, cve CVE_2015_7297, confidence Medium, signature_severity Major, updated_at 2024_04_20;)

Metadata

created at2015_10_22
confidenceMedium
signature severityMajor
updated at2024_04_20

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!