Adds entry to detect several vulnerable versions of JCE Joomla extension. (Remote command exec)

Fingerprint taken from http://www.bugreport.ir/78/exploit.htm
2026-01-02 04:49:02 +00:00 · 2013-02-21 04:53:49 +00:00
parent 14c40b6281
commit 666cda3048
1 changed files with 56 additions and 0 deletions
--- a/nselib/data/http-fingerprints.lua
+++ b/nselib/data/http-fingerprints.lua
@@ -6767,6 +6767,62 @@ table.insert(fingerprints, {
      }
    }
  });
+
+table.insert(fingerprints, {
+    category = 'attacks',
+    probes = {
+      {
+        path = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20',
+        method = 'GET'
+      }
+    },
+    matches = {
+      {
+        match = '2.0.11</title',
+        output = 'Joomla JCE Extension 2.0.11 Remote Code Execution vulnerability'
+      },
+      {
+        match = '2.0.12</title',
+        output = 'Joomla JCE Extension 2.0.12 Remote Code Execution vulnerability'
+      },
+      {
+        match = '2.0.13</title',
+        output = 'Joomla JCE Extension 2.0.13 Remote Code Execution vulnerability'
+      },
+      {
+        match = '2.0.14</title',
+        output = 'Joomla JCE Extension 2.0.14 Remote Code Execution vulnerability'
+      },
+      {
+        match = '2.0.15</title',
+        output = 'Joomla JCE Extension 2.0.11 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.10</title',
+        output = 'Joomla JCE Extension 1.5.7.10 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.10</title',
+        output = 'Joomla JCE Extension 1.5.7.10 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.11</title',
+        output = 'Joomla JCE Extension 1.5.7.11 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.12</title',
+        output = 'Joomla JCE Extension 1.5.7.12 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.13</title',
+        output = 'Joomla JCE Extension 1.5.7.13 Remote Code Execution vulnerability'
+      },
+      {
+        match = '1.5.7.14</title',
+        output = 'Joomla JCE Extension 1.5.7.14 Remote Code Execution vulnerability'
+      }
+   }
+  });
 ------------------------------------------------
 ----        Open Source CMS checks          ----
 ------------------------------------------------