Rule History

SID: 2018107 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 9 • Feb 11, 2014, 12:00 PM

Message:

ET WEB_SPECIFIC_APPS JoomSocial AvatarUpload RCE

Rule:

alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS JoomSocial AvatarUpload RCE"; flow:established,to_server; content:"func="; nocase; content:"photo"; nocase; distance:0; content:"ajaxUploadAvatar"; nocase; fast_pattern; content:"CStringHelper"; nocase; content:"escape"; nocase; distance:0; reference:url,blog.sucuri.net/2014/02/joomla-jomsocial-remote-code-execution-vulnerability.html; classtype:web-application-attack; sid:2018107; rev:9; metadata:created_at 2014_02_11, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)

Created:

Feb 11, 2014, 12:00 PM

Updated:

Oct 8, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Oct 13, 2025, 9:34 PM

Filename:

rules/emerging-web_specific_apps.rules