Potential CVE-2023-23752 Exploitation Attempt

Aug 12, 2024 · attack.initial-access attack.t1190 cve.2023-23752 detection.emerging-threats ·

Detects the potential exploitation attempt of CVE-2023-23752 an Improper access check, in web service endpoints in Joomla

Sigma rule (View on GitHub)

 1title: Potential CVE-2023-23752 Exploitation Attempt
 2id: 0e1ebc5a-15d0-4bf6-8199-b2535397433a
 3status: test
 4description: Detects the potential exploitation attempt of CVE-2023-23752 an Improper access check, in web service endpoints in Joomla
 5references:
 6    - https://xz.aliyun.com/t/12175
 7    - https://twitter.com/momika233/status/1626464189261942786
 8author: Bhabesh Raj
 9date: 2023-02-23
10tags:
11    - attack.initial-access
12    - attack.t1190
13    - cve.2023-23752
14    - detection.emerging-threats
15logsource:
16    category: webserver
17detection:
18    selection:
19        cs-method: 'GET'
20        cs-uri-query|contains|all:
21            - '/api/index.php/v1/'
22            - 'public=true'
23    condition: selection
24fields:
25    - c-ip
26    - c-dns
27falsepositives:
28    - Vulnerability scanners
29level: high

Potential CVE-2023-23752 Exploitation Attempt

Sigma rule (View on GitHub)

References

x.com

Related rules