# Joomla generic Component Parameter Local File Inclusion Attempt detector alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla Generic Component Parameter Local File Inclusion Attempt Detector"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_"; nocase; content:"../"; depth:200; classtype:web-application-attack; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010038; rev:1;) # Joomla com_g2bridge Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_g2bridge Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_g2bridge&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12814; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010001; rev:3;) # Joomla com_rokdownloads Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_rokdownloads Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_rokdownloads&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/11760; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010002; rev:3;) # Joomla com_picasa2gallery Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_picasa2gallery Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_picasa2gallery&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/13981; reference:url,secunia.com/advisories/40297/; reference:url,osvdb.org/show/osvdb/65674; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010003; rev:3;) # Joomla com_datafeeds Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_datafeeds Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_datafeeds&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:cve,CVE-2010-1979; reference:url,exploit-db.com/exploits/12088; reference:url,secunia.com/advisories/39360; reference:url,osvdb.org/show/osvdb/63580; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010004; rev:2;) # Joomla com_spsnewsletter Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_spsnewsletter Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_spsnewsletter&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12149; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010005; rev:3;) # Joomla com_loginbox Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_loginbox Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_loginbox&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; reference:url,exploit-db.com/exploits/12068; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010006; rev:2;) # Joomla com_bca-rss-syndicator Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_bca-rss-syndicator Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_bca-rss-syndicator&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12069; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010007; rev:1;) # Joomla com_photobattle Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_photobattle Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_photobattle&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12232; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010008; rev:1;) # Joomla com_alphauserpoints Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_alphauserpoints Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_alphauserpoints&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12150; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010009; rev:1;) # Joomla com_ckforms Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_ckforms Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_ckforms&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/11785; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010012; rev:1;) # Joomla com_fabrik Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_fabrik Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_fabrik&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12087; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010013; rev:1;) # Joomla com_event Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_event Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_event&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12633; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010014; rev:1;) # Joomla com_photobattle Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_photobattle Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_photobattle&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12232; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010015; rev:1;) # Joomla com_aardvertiser Component task Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_aardvertiser Component task Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_aardvertiser&"; nocase; uricontent:"task="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12592; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010016; rev:1;) # Joomla com_flexicontent Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_flexicontent Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_flexicontent&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12185; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010018; rev:1;) # Joomla com_jvehicles Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_jvehicles Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_jvehicles&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/11997; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010019; rev:1;) # Joomla com_myblog Component task Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_myblog Component task Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_myblog&"; nocase; uricontent:"task="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010020; rev:1;) # Joomla com_simpledownload Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_simpledownload Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_simpledownload&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12618; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010021; rev:1;) # Joomla com_sectionex Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_sectionex Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_sectionex&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/11759; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010022; rev:1;) # Joomla com_svmap Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_svmap Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_svmap&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12066; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010023; rev:1;) # Joomla com_awiki Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_awiki Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_awiki&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/12101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010024; rev:1;) # Joomla com_jajobboard Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_jajobboard Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_jajobboard&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,inj3ct0r.com/exploits/11717; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010025; rev:1;) # Joomla com_jajobboard Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_jajobboard Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_jajobboard&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,inj3ct0r.com/exploits/11717; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010026; rev:1;) # Joomla com_php Component file Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_php Component file Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_php&"; nocase; uricontent:"file="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,inj3ct0r.com/exploits/12211; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010028; rev:1;) # Joomla com_sectionex Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_sectionex Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_sectionex&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,inj3ct0r.com/exploits/11305; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010029; rev:1;) # Joomla com_webeecomment Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_webeecomment Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_webeecomment&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010030; rev:1;) # Joomla com_jinventory Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_jinventory Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_jinventory&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,inj3ct0r.com/exploits/11630; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010031; rev:1;) # Joomla com_communitypolls Component controller Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_communitypolls Component controller Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_communitypolls&"; nocase; uricontent:"controller="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,inj3ct0r.com/exploits/10989; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010032; rev:1;) # Joomla com_javoice Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_javoice Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_javoice&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,inj3ct0r.com/exploits/11676; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010033; rev:1;) # Joomla com_seyret Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_seyret Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_seyret&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,exploit-db.com/exploits/14183; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010034; rev:1;) # Joomla com_seyret Component SQL Injection alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Joomla com_seyret Component SQL Injection"; flow:established,to_server; uricontent:"?"; nocase; uricontent:"option=com_seyret"; nocase; uricontent:"task=videodirectlink"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; classtype:web-application-attack; reference:url,exploit-db.com/exploits/14172; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; sid: 1010035; rev:1;) # Joomla com_remository Component view Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_remository Component view Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_remository&"; nocase; uricontent:"view="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,sebug.net/exploit/19898; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010036; rev:1;) # Joomla com_remository Component task Parameter Local File Inclusion Attempt alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ZATAZ WEB_SPECIFIC_APPS Joomla com_remository Component task Parameter Local File Inclusion Attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"?"; nocase; uricontent:"option=com_remository&"; nocase; uricontent:"task="; nocase; content:"../"; depth:200; classtype:web-application-attack; threshold: type limit, track by_src, count 1, seconds 60; reference:url,sebug.net/exploit/19898; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla; priority:3; sid:1010037; rev:1;)