Potential CVE-2023-23752 Exploitation Attempt

 1title: Potential CVE-2023-23752 Exploitation Attempt
 2id: 0e1ebc5a-15d0-4bf6-8199-b2535397433a
 3status: test
 4description: Detects the potential exploitation attempt of CVE-2023-23752 an Improper access check, in web service endpoints in Joomla
 5references:
 6    - https://xz.aliyun.com/t/12175
 7    - https://twitter.com/momika233/status/1626464189261942786
 8author: Bhabesh Raj
 9date: 2023/02/23
10tags:
11    - attack.initial_access
12    - attack.t1190
13    - cve.2023.23752
14    - detection.emerging_threats
15logsource:
16    category: webserver
17detection:
18    selection:
19        cs-method: 'GET'
20        cs-uri-query|contains|all:
21            - '/api/index.php/v1/'
22            - 'public=true'
23    condition: selection
24fields:
25    - c-ip
26    - c-dns
27falsepositives:
28    - Vulnerability scanners
29level: high

References

• 
  Read More

• Something went wrong, but don’t fret — let’s give it another shot.

  
  Read More

Related rules

• Potential CVE-2022-21587 Exploitation Attempt
• Potential CVE-2022-26809 Exploitation Attempt
• Potential Centos Web Panel Exploitation Attempt - CVE-2022-44877
• Potential Exploitation Attempt Of Undocumented WindowsServer RCE
• CVE-2023-4966 Exploitation Attempt - Citrix ADC Sensitive Information Disclosure - Proxy