Monday, December 14, 2015

simple rule to block JOOMLA 0-day code execution with MODSECURITY


based on the information provided at SUCURIs blog this simple MOD-SECURITY rule should block the attack.

SecRule REQUEST_HEADERS:User-Agent "JDatabaseDriverMysqli" "phase:1,t:none,log,deny,msg:'Joomla 0-day code execution'"