메뉴 건너뛰기

Hello :0

Joomla JCE Remote File Upload

2013.09.29 13:57

Leekyu 조회 수:1420

1. 트래픽 캡쳐

post.png


2. 공격 구문 

 - option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=

 - option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743

 - /images/stories/0day.php

 - BOT/0.1 (BOT for JCE) 



3. IDS Signature

 - alert tcp any any -> $HOME_NET 80 (msg:"joomla_test_1"; content:"option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743" ; sid :100000)


 - alert tcp any any -> $HOME_NET 80 (msg:"joomla_test_2"; content:"option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=" ; sid :100001)


 - alert tcp any any -> $HOME_NET 80 (msg:"joomla_test_3"; content:"/images/stories/0day.php" ; sid :100002)


 - alert tcp any any -> $HOME_NET 80 (msg:"joomla_test_4"; content:"BOT/0.1 (BOT for JCE) " ; sid :100003)