alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS JCE Joomla Extension"; flow:to_server,established; http.uri; content:".php"; content:"option="; content:"&task="; content:"&plugin=imgmanager"; content:"&file="; content:"&version="; content:"&cid="; http.request_body; content:"folderRename"; fast_pattern; reference:url,exploit-db.com/exploits/17734/; reference:url,blog.spiderlabs.com/2014/03/honeypot-alert-jce-joomla-extension-attacks.html; classtype:web-application-attack; sid:2018326; rev:5; metadata:created_at 2014_03_26, signature_severity Major, updated_at 2020_09_24;)