Emerging Threathightest

Potential CVE-2023-23752 Exploitation Attempt

Detects the potential exploitation attempt of CVE-2023-23752 an Improper access check, in web service endpoints in Joomla

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch

Bhabesh RajCreated Thu Feb 230e1ebc5a-15d0-4bf6-8199-b2535397433a2023

Emerging Threat

Active Threat

Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.

Log Source

Web Server Log

CategoryWeb Server Log← raw: webserver

HTTP access logs from web servers capturing request paths, methods, and status codes.

Detection Logic

detection:
    selection:
        cs-method: 'GET'
        cs-uri-query|contains|all:
            - '/api/index.php/v1/'
            - 'public=true'
    condition: selection

False Positives

Vulnerability scanners

References

MITRE ATT&CK

Tactics

TA0001 · Initial Access

Techniques

T1190 · Exploit Public-Facing Application

Other

cve.2023-23752detection.emerging-threats

Rule Metadata

Rule ID

0e1ebc5a-15d0-4bf6-8199-b2535397433a

Status

test

Level

high

Type

Emerging Threat

Created

Thu Feb 23

Author

Bhabesh Raj

Path

rules-emerging-threats/2023/Exploits/CVE-2023-23752/web_cve_2023_23752_joomla_exploit_attempt.yml

Raw Tags

attack.initial-accessattack.t1190cve.2023-23752detection.emerging-threats

View on GitHub