From 666cda3048191862e922976147c7ecac23402254 Mon Sep 17 00:00:00 2001
From: paulino <paulino@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 21 Feb 2013 04:53:49 +0000
Subject: [PATCH] Adds entry to detect several vulnerable versions of JCE
 Joomla extension. (Remote command exec)

Fingerprint taken from http://www.bugreport.ir/78/exploit.htm
---
 nselib/data/http-fingerprints.lua | 56 +++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/nselib/data/http-fingerprints.lua b/nselib/data/http-fingerprints.lua
index e660bd4a2..90770d6ec 100644
--- a/nselib/data/http-fingerprints.lua
+++ b/nselib/data/http-fingerprints.lua
@@ -6767,6 +6767,62 @@ table.insert(fingerprints, {
       }
     }
   });
+
+table.insert(fingerprints, {
+    category = 'attacks',
+    probes = {
+      {
+        path = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20',
+        method = 'GET'
+      }
+    },
+    matches = {
+      {
+        match = '2.0.11</title',
+        output = 'Joomla JCE Extension 2.0.11 Remote Code Execution vulnerability'
+      },
+      {
+        match = '2.0.12</title',
+        output = 'Joomla JCE Extension 2.0.12 Remote Code Execution vulnerability'
+      },
+      {
+        match = '2.0.13</title',
+        output = 'Joomla JCE Extension 2.0.13 Remote Code Execution vulnerability'
+      },
+      {
+        match = '2.0.14</title',
+        output = 'Joomla JCE Extension 2.0.14 Remote Code Execution vulnerability'
+      },
+      {
+        match = '2.0.15</title',
+        output = 'Joomla JCE Extension 2.0.11 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.10</title',
+        output = 'Joomla JCE Extension 1.5.7.10 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.10</title',
+        output = 'Joomla JCE Extension 1.5.7.10 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.11</title',
+        output = 'Joomla JCE Extension 1.5.7.11 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.12</title',
+        output = 'Joomla JCE Extension 1.5.7.12 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.13</title',
+        output = 'Joomla JCE Extension 1.5.7.13 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.14</title',
+        output = 'Joomla JCE Extension 1.5.7.14 Remote Code Execution vulnerability'
+      }
+   }
+  });
 ------------------------------------------------
 ----        Open Source CMS checks          ----
 ------------------------------------------------