/etc/snort/rules/community-web-php.rules is in snort-rules-default 2.9.7.0-5.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 | # Copyright 2005 Sourcefire, Inc. All Rights Reserved. # These rules are licensed under the GNU General Public License.
# Please see the file LICENSE in this directory for more details.
# $Id: community-web-php.rules,v 1.32 2007/02/22 20:44:35 akirk Exp $
#Rules submitted by rmkml
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP piranha default passwd attempt"; flow:to_server,established; uricontent:"/piranha/secure/control.php3"; content:"Authorization|3A| Basic cGlyYW5oYTp"; reference:bugtraq,1148; reference:cve,2000-0248; reference:nessus,10381; classtype:attempted-recon; sid:100000151; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpinfo access"; flow:to_server,established; uricontent:"/phpinfo.php"; nocase; reference:bugtraq,5789; reference:cve,2002-1149; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=3356; classtype:successful-recon-limited; sid:100000186; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP XSS attempt"; flow:to_server,established; uricontent:"|2E|php"; nocase; uricontent:"|3C|script|3E|"; nocase; uricontent:"|3C 2F|script|3E|"; nocase; classtype:web-application-attack; sid:100000187; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Vubb Path attempt"; flow:to_server,established; uricontent:"/forum/index.php"; nocase; content:"|26 66 3D 27|"; reference:cve,2005-3513; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=113087965608496&w=2; classtype:web-application-attack; sid:100000188; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP _SERVER HTTP_ACCEPT_LANGUAGE access"; flow:to_server,established; content:"GET"; nocase; depth:3; uricontent:"|2E|php"; nocase; uricontent:"|5F|SERVER|5B|HTTP|5F|ACCEPT|5F|LANGUAGE|5D|"; nocase; reference:bugtraq,15414; reference:cve,2005-3347; classtype:web-application-attack; sid:100000195; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CuteNews flood.db.php access"; flow:to_server,established; uricontent:"/data/flood.db.php"; nocase; reference:bugtraq,14869; reference:cve,2005-3010; reference:nessus,19756; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19478; classtype:web-application-attack; sid:100000201; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB topic.php access"; flow:to_server,established; uricontent:"/topic.php"; nocase; uricontent:"tid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19404; classtype:web-application-attack; sid:100000202; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB misc.php access"; flow:to_server,established; uricontent:"/misc.php"; nocase; uricontent:"uid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19405; classtype:web-application-attack; sid:100000203; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB pm.php access"; flow:to_server,established; uricontent:"/pm.php"; nocase; uricontent:"uid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19407; classtype:web-application-attack; sid:100000204; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB forums.php access"; flow:to_server,established; uricontent:"/forums.php"; nocase; uricontent:"fid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19406; classtype:web-application-attack; sid:100000205; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB newpost.php access"; flow:to_server,established; uricontent:"/newpost.php"; nocase; uricontent:"fid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19408; classtype:web-application-attack; sid:100000206; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gallery g2_itemId access"; flow:to_server,established; uricontent:"/main.php"; nocase; uricontent:"g2_itemId|3D|"; nocase; reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034; classtype:web-application-attack; sid:100000211; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gallery g2_return access"; flow:to_server,established; uricontent:"/main.php"; nocase; uricontent:"g2_return|3D|"; nocase; reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034; classtype:web-application-attack; sid:100000212; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gallery g2_view access"; flow:to_server,established; uricontent:"/main.php"; nocase; uricontent:"g2_view|3D|"; nocase; reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034; classtype:web-application-attack; sid:100000213; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gallery g2_subView access"; flow:to_server,established; uricontent:"/main.php"; nocase; uricontent:"g2_subView|3D|"; nocase; reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034; classtype:web-application-attack; sid:100000214; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MailGust SQL Injection email attempt"; flow:to_server,established; uricontent:"method|3D|remind_password"; nocase; uricontent:"list|3D|maillistuser"; nocase; uricontent:"email|3D 27|"; nocase; reference:bugtraq,14933; reference:cve,2005-3063; reference:nessus,19947; classtype:web-application-attack; sid:100000218; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP-Nuke admin_styles.php phpbb_root_path access"; flow:to_server,established; uricontent:"/modules/Forums/admin/admin_styles.php"; nocase; uricontent:"phpbb_root_path|3D|"; nocase; reference:url,www.autistici.org/anacron-group-italy/file/txt/sile002adv.txt; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=16244; classtype:web-application-attack; sid:100000220; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP AppServ main.php appserv_root param access"; flow:to_server,established; uricontent:"/appserv/main.php"; nocase; uricontent:"appserv_root|3D|"; nocase; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=22228; classtype:web-application-attack; sid:100000221; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ldap_var.inc.php remote file include attempt"; flow:to_server,established; uricontent:"ldap_var.inc.php"; nocase; uricontent:"includePath="; nocase; pcre:"/includePath=(https?|ftp)/Ui"; reference:bugtraq,17915; classtype:web-application-attack; sid:100000285; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP X Poll admin access"; flow:to_server,established; uricontent:"/admin/images/add.php"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114710173409997&w=2; classtype:web-application-attack; sid:100000286; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline ldap.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/ldap.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000287; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline atutor.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/atutor.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000288; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline db-generic.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/db-generic.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000289; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline docebo.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/docebo.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000290; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline dokeos.1.6.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/dokeos.1.6.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000291; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline dokeos.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/dokeos.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000292; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline ganesha.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/ganesha.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000293; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline mambo.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/mambo.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000294; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline moodle.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/moodle.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000295; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline phpnuke.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/phpnuke.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000296; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline postnuke.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/postnuke.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000297; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline spip.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/spip.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000298; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline event/init_event_manager.inc.php access"; flow:to_server,established; uricontent:"claroline/inc/lib/event/init_event_manager.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000299; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline export_exe_tracking.class.php access"; flow:to_server,established; uricontent:"claroline/inc/lib/export_exe_tracking.class.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000300; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto index.php rep parameter remote file include attempt"; flow:to_server,established; uricontent:"index.php"; nocase; uricontent:"rep="; nocase; pcre:"/rep=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000304; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto index.php image parameter remote file include attempt"; flow:to_server,established; uricontent:"index.php"; nocase; uricontent:"image="; nocase; pcre:"/image=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000305; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto diapho.php rep parameter remote file include attempt"; flow:to_server,established; uricontent:"diapho.php"; nocase; uricontent:"rep="; nocase; pcre:"/rep=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000306; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto diapho.php image parameter remote file include attempt"; flow:to_server,established; uricontent:"diapho.php"; nocase; uricontent:"image="; nocase; pcre:"/image=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000307; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto affich.php rep parameter remote file include attempt"; flow:to_server,established; uricontent:"affich.php"; nocase; uricontent:"rep="; nocase; pcre:"/rep=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000308; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto affich.php image parameter remote file include attempt"; flow:to_server,established; uricontent:"affich.php"; nocase; uricontent:"image="; nocase; pcre:"/image=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000309; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Particle Gallery Viewimage PHP Variable Injection Attempt"; flow:to_server,established; uricontent:"viewimage.php?imageid="; nocase; pcre:"/viewimage\.php\?imageid=(![\d]+[\sa-zA-Z_]+)|([\d]+[\sa-zA-Z_]+)/Ui"; reference:bugtraq,18270; classtype:web-application-attack; sid:100000445; rev:1;)
#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Particle Wiki PHP SQL Injection attempt"; flow:to_server,established; uricontent:"version="; nocase; pcre:"/[\x3f\x26\x3b]version=(![\d]+[\sa-zA-Z_]+)|([\d]+[\sa-zA-Z_]+)/Ui"; reference:bugtraq,18273; classtype:web-application-attack; sid:100000446; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Joomla joomla.php remote file include"; flow:to_server,established; uricontent:"/joomla.php"; nocase; uricontent:"includepath="; nocase; pcre:"/includepath=(https?|ftp)/Ui"; reference:bugtraq,18363; classtype:web-application-attack; sid:100000463; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP LoveCompass AEPartner design.inc.php remote file include"; flow:to_server,established; uricontent:"/design.inc.php"; nocase; uricontent:"dir[data]="; nocase; pcre:"/dir\[data\]=(https?|ftp)/Ui"; reference:bugtraq,18370; classtype:web-application-attack; sid:100000464; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Empris sql_fcnsOLD.php remote file include"; flow:to_server,established; uricontent:"/sql_fcnsOLD.php"; nocase; uricontent:"phormationdir="; nocase; pcre:"/phormationdir=(https?|ftp)/Ui"; reference:bugtraq,18371; classtype:web-application-attack; sid:100000465; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard post.php remote file include"; flow:to_server,established; uricontent:"/post.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18373; classtype:web-application-attack; sid:100000466; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP WebprojectDB nav.php remote file include"; flow:to_server,established; uricontent:"/nav.php"; nocase; uricontent:"INCDIR="; nocase; pcre:"/INCDIR=(https?|ftp)/Ui"; reference:bugtraq,18378; classtype:web-application-attack; sid:100000467; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP WebprojectDB lang.php remote file include"; flow:to_server,established; uricontent:"/lang.php"; nocase; uricontent:"INCDIR="; nocase; pcre:"/INCDIR=(https?|ftp)/Ui"; reference:bugtraq,18378; classtype:web-application-attack; sid:100000468; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP iFoto index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"dir="; nocase; pcre:"/dir(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18391; classtype:web-application-attack; sid:100000469; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Foing manage_songs.php remote file include"; flow:to_server,established; uricontent:"/manage_songs.php"; nocase; uricontent:"foing_root_path="; nocase; pcre:"/foing_root_path=(https?|ftp)/Ui"; reference:bugtraq,18392; classtype:web-application-attack; sid:100000470; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom show.php SQL injection attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"objectID="; nocase; pcre:"/objectID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000471; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom show.php SQL injection attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"MAINID="; nocase; pcre:"/MAINID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000472; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom language.php SQL injection attempt"; flow:to_server,established; uricontent:"/language.php"; nocase; uricontent:"Action="; nocase; pcre:"/Action(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000473; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt"; flow:to_server,established; uricontent:"/meaning.php"; nocase; uricontent:"QuaranID="; nocase; pcre:"/QuaranID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000474; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt"; flow:to_server,established; uricontent:"/meaning.php"; nocase; uricontent:"ShowByQuranID="; nocase; pcre:"/ShowByQuranID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000475; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt"; flow:to_server,established; uricontent:"/meaning.php"; nocase; uricontent:"Action="; nocase; pcre:"/Action(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000476; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom subject.php SQL injection attempt"; flow:to_server,established; uricontent:"/subject.php"; nocase; uricontent:"MainID="; nocase; pcre:"/MainID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000477; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP aWebNews visview.php remote file include"; flow:to_server,established; uricontent:"/visview.php"; nocase; uricontent:"path_to_news="; nocase; pcre:"/path_to_news=(https?|ftp)/Ui"; reference:bugtraq,18406; classtype:web-application-attack; sid:100000478; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CzarNews headlines.php remote file include"; flow:to_server,established; uricontent:"/headlines.php"; nocase; uricontent:"tpath="; nocase; pcre:"/tpath=(https?|ftp)/Ui"; reference:bugtraq,18411; classtype:web-application-attack; sid:100000479; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Somery team.php remote file include"; flow:to_server,established; uricontent:"/team.php"; nocase; uricontent:"checkauth="; nocase; pcre:"/checkauth=(https?|ftp)/Ui"; reference:bugtraq,18412; classtype:web-application-attack; sid:100000480; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Hinton Design PHPHG signed.php remote file include"; flow:to_server,established; uricontent:"/signed.php"; nocase; uricontent:"phphg_real_path="; nocase; pcre:"/phphg_real_path=(https?|ftp)/Ui"; reference:bugtraq,18413; classtype:web-application-attack; sid:100000481; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BoastMachine vote.php remote file include"; flow:to_server,established; uricontent:"/vote.php"; nocase; uricontent:"bmc_dir="; nocase; pcre:"/bmc_dir=(https?|ftp)/Ui"; reference:bugtraq,18415; classtype:web-application-attack; sid:100000482; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Wheatblog view_links.php remote file include"; flow:to_server,established; uricontent:"/view_links.php"; nocase; uricontent:"wb_inc_dir="; nocase; pcre:"/wb_inc_dir=(https?|ftp)/Ui"; reference:bugtraq,18416; classtype:web-application-attack; sid:100000483; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Confixx ftp_index.php xss attempt"; flow:to_server,established; uricontent:"/ftp_index.php"; nocase; uricontent:"lpath="; nocase; pcre:"/lpath(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18426; classtype:web-application-attack; sid:100000484; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP RahnemaCo page.php remote file include"; flow:to_server,established; uricontent:"/page.php"; nocase; uricontent:"osCsid="; nocase; pcre:"/osCsid=(https?|ftp)/Ui"; reference:bugtraq,18435; classtype:web-application-attack; sid:100000485; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PhpBlueDragon CMS template.php remote file include"; flow:to_server,established; uricontent:"/template.php"; nocase; uricontent:"vsDragonRootPath="; nocase; pcre:"/vsDragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18440; classtype:web-application-attack; sid:100000486; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ISPConfig server.inc.php remote file include"; flow:to_server,established; uricontent:"/server.inc.php"; nocase; uricontent:"go_info[isp][classes_root]="; nocase; pcre:"/go_info\[isp\]\[classes_root\]=(https?|ftp)/Ui"; reference:bugtraq,18441; classtype:web-application-attack; sid:100000487; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ISPConfig app.inc.php remote file include"; flow:to_server,established; uricontent:"/app.inc.php"; nocase; uricontent:"go_info[isp][classes_root]="; nocase; pcre:"/go_info\[isp\]\[classes_root\]=(https?|ftp)/Ui"; reference:bugtraq,18441; classtype:web-application-attack; sid:100000488; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ISPConfig login.php remote file include"; flow:to_server,established; uricontent:"/login.php"; nocase; uricontent:"go_info[isp][classes_root]="; nocase; pcre:"/go_info\[isp\]\[classes_root\]=(https?|ftp)/Ui"; reference:bugtraq,18441; classtype:web-application-attack; sid:100000489; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ISPConfig trylogin.php remote file include"; flow:to_server,established; uricontent:"/trylogin.php"; nocase; uricontent:"go_info[isp][classes_root]="; nocase; pcre:"/go_info\[isp\]\[classes_root\]=(https?|ftp)/Ui"; reference:bugtraq,18441; classtype:web-application-attack; sid:100000490; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB posting.php remote file include"; flow:to_server,established; uricontent:"/posting.php"; nocase; uricontent:"templatefolder="; nocase; pcre:"/templatefolder=(https?|ftp)/Ui"; reference:bugtraq,18455; classtype:web-application-attack; sid:100000491; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB newpm.php remote file include"; flow:to_server,established; uricontent:"/newpm.php"; nocase; uricontent:"templatefolder="; nocase; pcre:"/templatefolder=(https?|ftp)/Ui"; reference:bugtraq,18455; classtype:web-application-attack; sid:100000492; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB postreply.php remote file include"; flow:to_server,established; uricontent:"/postreply.php"; nocase; uricontent:"templatefolder="; nocase; pcre:"/templatefolder=(https?|ftp)/Ui"; reference:bugtraq,18455; classtype:web-application-attack; sid:100000493; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Zeroboard write_ok.php xss attempt"; flow:to_server,established; uricontent:"/write_ok.php"; nocase; uricontent:"$s_file_name="; nocase; pcre:"/$s_file_name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18458; classtype:web-application-attack; sid:100000494; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Zeroboard write_ok.php xss attempt"; flow:to_server,established; uricontent:"/write_ok.php"; nocase; uricontent:"$file_name="; nocase; pcre:"/$file_name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18458; classtype:web-application-attack; sid:100000495; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Chipmailer index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"anfang="; nocase; pcre:"/anfang(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18463; classtype:web-application-attack; sid:100000496; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Calendarix cal_event.php SQL injection attempt"; flow:to_server,established; uricontent:"/cal_event.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18469; classtype:web-application-attack; sid:100000497; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Calendarix cal_popup.php SQL injection attempt"; flow:to_server,established; uricontent:"/cal_popup.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18469; classtype:web-application-attack; sid:100000498; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PictureDis thumstbl.php remote file include"; flow:to_server,established; uricontent:"/thumstbl.php"; nocase; uricontent:"lang="; nocase; pcre:"/lang=(https?|ftp)/Ui"; reference:bugtraq,18471; classtype:web-application-attack; sid:100000499; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PictureDis wpfiles.php remote file include"; flow:to_server,established; uricontent:"/wpfiles.php"; nocase; uricontent:"lang="; nocase; pcre:"/lang=(https?|ftp)/Ui"; reference:bugtraq,18471; classtype:web-application-attack; sid:100000500; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PictureDis wallpapr.php remote file include"; flow:to_server,established; uricontent:"/wallpapr.php"; nocase; uricontent:"lang="; nocase; pcre:"/lang=(https?|ftp)/Ui"; reference:bugtraq,18471; classtype:web-application-attack; sid:100000501; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Ji-Takz tag.class.php remote file include"; flow:to_server,established; uricontent:"/tag.class.php"; nocase; uricontent:"mycfg="; nocase; pcre:"/mycfg=(https?|ftp)/Ui"; reference:bugtraq,18474; classtype:web-application-attack; sid:100000502; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Nucleus CMS action.php remote file include"; flow:to_server,established; uricontent:"/action.php"; nocase; uricontent:"DIR_LIB="; nocase; pcre:"/DIR_LIB=(https?|ftp)/Ui"; reference:bugtraq,18475; classtype:web-application-attack; sid:100000503; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Nucleus CMS media.php remote file include"; flow:to_server,established; uricontent:"/media.php"; nocase; uricontent:"DIR_LIB="; nocase; pcre:"/DIR_LIB=(https?|ftp)/Ui"; reference:bugtraq,18475; classtype:web-application-attack; sid:100000504; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Nucleus CMS server.php remote file include"; flow:to_server,established; uricontent:"/server.php"; nocase; uricontent:"DIR_LIB="; nocase; pcre:"/DIR_LIB=(https?|ftp)/Ui"; reference:bugtraq,18475; classtype:web-application-attack; sid:100000505; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Nucleus CMS api_metaweblog.inc.php remote file include"; flow:to_server,established; uricontent:"/api_metaweblog.inc.php"; nocase; uricontent:"DIR_LIB="; nocase; pcre:"/DIR_LIB=(https?|ftp)/Ui"; reference:bugtraq,18475; classtype:web-application-attack; sid:100000506; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FlashChat adminips.php remote file include"; flow:to_server,established; uricontent:"/adminips.php"; nocase; uricontent:"banned_file="; nocase; pcre:"/banned_file=(https?|ftp)/Ui"; reference:bugtraq,18480; classtype:web-application-attack; sid:100000507; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Wikkawiki wakka.php access"; flow:to_server,established; uricontent:"/wakka.php"; nocase; uricontent:"="; nocase; reference:bugtraq,18481; classtype:web-application-activity; sid:100000508; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP RahnemaCo page.php remote file include"; flow:to_server,established; uricontent:"/page.php"; nocase; uricontent:"pageid="; nocase; pcre:"/pageid=(https?|ftp)/Ui"; reference:bugtraq,18490; classtype:web-application-attack; sid:100000509; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom rank.php SQL injection attempt"; flow:to_server,established; uricontent:"/rank.php"; nocase; uricontent:"MemberID="; nocase; pcre:"/MemberID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18497; classtype:web-application-attack; sid:100000510; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom message.php SQL injection attempt"; flow:to_server,established; uricontent:"/message.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18497; classtype:web-application-attack; sid:100000511; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom lng.php SQL injection attempt"; flow:to_server,established; uricontent:"/lng.php"; nocase; uricontent:"QuranID="; nocase; pcre:"/QuranID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18497; classtype:web-application-attack; sid:100000512; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SAPHPLesson showcat.php SQL injection attempt"; flow:to_server,established; uricontent:"/showcat.php"; nocase; uricontent:"forumid="; nocase; pcre:"/forumid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18501; classtype:web-application-attack; sid:100000513; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SAPHPLesson misc.php SQL injection attempt"; flow:to_server,established; uricontent:"/misc.php"; nocase; uricontent:"action="; nocase; pcre:"/action(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18501; classtype:web-application-attack; sid:100000514; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CMS Faethon header.php xss attempt"; flow:to_server,established; uricontent:"data/header.php"; nocase; uricontent:"mainpath="; nocase; pcre:"/mainpath(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18505; classtype:web-application-attack; sid:100000515; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CMS Faethon footer.php xss attempt"; flow:to_server,established; uricontent:"data/footer.php"; nocase; uricontent:"mainpath="; nocase; pcre:"/mainpath(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18505; classtype:web-application-attack; sid:100000516; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP e107 search.php xss attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"ep="; nocase; pcre:"/ep(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18508; classtype:web-application-attack; sid:100000517; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Live Helper initiate.php remote file include"; flow:to_server,established; uricontent:"/initiate.php"; nocase; uricontent:"abs_path="; nocase; pcre:"/abs_path=(https?|ftp)/Ui"; reference:bugtraq,18509; classtype:web-application-attack; sid:100000518; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VUBB index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"user="; nocase; pcre:"/user(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18516; classtype:web-application-attack; sid:100000519; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Xarancms xaramcms_haupt.php SQL injection attempt"; flow:to_server,established; uricontent:"/xaramcms_haupt.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18520; classtype:web-application-attack; sid:100000520; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP TPL Design TplShop category.php SQL injection attempt"; flow:to_server,established; uricontent:"/category.php"; nocase; uricontent:"first_row="; nocase; pcre:"/first_row(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18524; classtype:web-application-attack; sid:100000521; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP The Edge eCommerce Shop productDetail.php xss attempt"; flow:to_server,established; uricontent:"/productDetail.php"; nocase; uricontent:"cart_id="; nocase; pcre:"/cart_id(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18528; classtype:web-application-attack; sid:100000522; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CavoxCms index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"page="; nocase; pcre:"/page(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18533; classtype:web-application-attack; sid:100000523; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Micro CMS microcms-include.php remote file include"; flow:to_server,established; uricontent:"/microcms-include.php"; nocase; uricontent:"microcms_path="; nocase; pcre:"/microcms_path=(https?|ftp)/Ui"; reference:bugtraq,18537; classtype:web-application-attack; sid:100000524; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMyDirectory offer-pix.php xss attempt"; flow:to_server,established; uricontent:"/offer-pix.php"; nocase; uricontent:"PIC="; nocase; pcre:"/PIC(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18539; classtype:web-application-attack; sid:100000525; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMyDirectory index.php xss attempt"; flow:to_server,established; uricontent:"cp/index.php"; nocase; uricontent:"from="; nocase; pcre:"/from(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18539; classtype:web-application-attack; sid:100000526; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP AssoCIateD index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"menu="; nocase; pcre:"/menu(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18541; classtype:web-application-attack; sid:100000527; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMyForum topic.php xss attempt"; flow:to_server,established; uricontent:"/topic.php"; nocase; uricontent:"highlight="; nocase; pcre:"/highlight(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18542; classtype:web-application-attack; sid:100000528; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP NC Linklist index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"cat="; nocase; pcre:"/cat(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18546; classtype:web-application-attack; sid:100000529; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP NC Linklist index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"view="; nocase; pcre:"/view(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18546; classtype:web-application-attack; sid:100000530; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BtitTracker torrents.php SQL injection attempt"; flow:to_server,established; uricontent:"/torrents.php"; nocase; uricontent:"by="; nocase; pcre:"/by(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18549; classtype:web-application-attack; sid:100000531; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BtitTracker torrents.php SQL injection attempt"; flow:to_server,established; uricontent:"/torrents.php"; nocase; uricontent:"order="; nocase; pcre:"/order(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18549; classtype:web-application-attack; sid:100000532; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VUBB functions.php SQL injection attempt"; flow:to_server,established; uricontent:"includes/functions.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18561; classtype:web-application-attack; sid:100000533; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VUBB english.php xss attempt"; flow:to_server,established; uricontent:"language/english.php"; nocase; uricontent:"user="; nocase; pcre:"/user(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18562; classtype:web-application-attack; sid:100000534; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IMGallery galeria.php SQL injection attempt"; flow:to_server,established; uricontent:"/galeria.php"; nocase; uricontent:"start="; nocase; pcre:"/start(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18566; classtype:web-application-attack; sid:100000535; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IMGallery galeria.php SQL injection attempt"; flow:to_server,established; uricontent:"/galeria.php"; nocase; uricontent:"sort="; nocase; pcre:"/sort(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18566; classtype:web-application-attack; sid:100000536; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP thinkWMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18567; classtype:web-application-attack; sid:100000537; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP thinkWMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"catid="; nocase; pcre:"/catid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18567; classtype:web-application-attack; sid:100000538; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP thinkWMS printarticle.php SQL injection attempt"; flow:to_server,established; uricontent:"/printarticle.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18567; classtype:web-application-attack; sid:100000539; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Enterprise Groupware index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"module="; nocase; pcre:"/module(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18590; classtype:web-application-attack; sid:100000540; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dating Agent picture.php SQL injection attempt"; flow:to_server,established; uricontent:"/picture.php"; nocase; uricontent:"pid="; nocase; pcre:"/pid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18607; classtype:web-application-attack; sid:100000541; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dating Agent mem.php SQL injection attempt"; flow:to_server,established; uricontent:"/mem.php"; nocase; uricontent:"mid="; nocase; pcre:"/mid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18607; classtype:web-application-attack; sid:100000542; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dating Agent search.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"sex="; nocase; pcre:"/sex(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18607; classtype:web-application-attack; sid:100000543; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dating Agent search.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"relationship="; nocase; pcre:"/relationship(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18607; classtype:web-application-attack; sid:100000544; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Blue Dragon CMS team_admin.php remote file include"; flow:to_server,established; uricontent:"root_includes/root_modules/team_admin.php"; nocase; uricontent:"DragonRootPath="; nocase; pcre:"/DragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18609; classtype:web-application-attack; sid:100000545; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Blue Dragon CMS rss_admin.php remote file include"; flow:to_server,established; uricontent:"root_includes/root_modules/rss_admin.php"; nocase; uricontent:"DragonRootPath="; nocase; pcre:"/DragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18609; classtype:web-application-attack; sid:100000546; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Blue Dragon CMS manual_admin.php remote file include"; flow:to_server,established; uricontent:"root_includes/root_modules/manual_admin.php"; nocase; uricontent:"DragonRootPath="; nocase; pcre:"/DragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18609; classtype:web-application-attack; sid:100000547; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Blue Dragon CMS forum_admin.php remote file include"; flow:to_server,established; uricontent:"root_includes/root_modules/forum_admin.php"; nocase; uricontent:"DragonRootPath="; nocase; pcre:"/DragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18609; classtype:web-application-attack; sid:100000548; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Custom Datin Biz user_view.php xss attempt"; flow:to_server,established; uricontent:"/user_view.php"; nocase; uricontent:"u="; nocase; pcre:"/u(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18626; classtype:web-application-attack; sid:100000549; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Project Eros BBSEngine comment.php access"; flow:to_server,established; uricontent:"/comment.php"; nocase; uricontent:"="; nocase; reference:bugtraq,18627; classtype:web-application-activity; sid:100000550; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Project Eros BBSEngine aolbonics.php access"; flow:to_server,established; uricontent:"/aolbonics.php"; nocase; uricontent:"="; nocase; reference:bugtraq,18627; classtype:web-application-activity; sid:100000551; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS inc_foot.php remote file include"; flow:to_server,established; uricontent:"include/inc_foot.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18628; classtype:web-application-attack; sid:100000552; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMySMS gateway.php remote file include"; flow:to_server,established; uricontent:"sms_config/gateway.php"; nocase; uricontent:"ROOT_PATH="; nocase; pcre:"/ROOT_PATH=(https?|ftp)/Ui"; reference:bugtraq,18633; classtype:web-application-attack; sid:100000553; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau error.php xss attempt"; flow:to_server,established; uricontent:"/error.php"; nocase; uricontent:"tid="; nocase; pcre:"/tid(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000554; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau error.php xss attempt"; flow:to_server,established; uricontent:"/error.php"; nocase; uricontent:"lid="; nocase; pcre:"/lid(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000555; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau error.php xss attempt"; flow:to_server,established; uricontent:"/error.php"; nocase; uricontent:"sid="; nocase; pcre:"/sid(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000556; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"f_user="; nocase; pcre:"/f_user(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000557; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau messages.php xss attempt"; flow:to_server,established; uricontent:"/messages.php"; nocase; uricontent:"pag="; nocase; pcre:"/pag(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000558; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Infinite Core Technologies ICT index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"post="; nocase; pcre:"/post(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18644; classtype:web-application-attack; sid:100000559; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP eNpaper1 root_header.php remote file include"; flow:to_server,established; uricontent:"/root_header.php"; nocase; uricontent:"ppath="; nocase; pcre:"/ppath=(https?|ftp)/Ui"; reference:bugtraq,18649; classtype:web-application-attack; sid:100000560; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP dotProject ui.class.php xss attempt"; flow:to_server,established; uricontent:"/ui.class.php"; nocase; uricontent:"login="; nocase; pcre:"/login(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18650; classtype:web-application-attack; sid:100000561; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"sort="; nocase; pcre:"/sort(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18651; classtype:web-application-attack; sid:100000562; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"page="; nocase; pcre:"/page(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18651; classtype:web-application-attack; sid:100000563; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"search="; nocase; pcre:"/search(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18651; classtype:web-application-attack; sid:100000564; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"action="; nocase; pcre:"/action(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18651; classtype:web-application-attack; sid:100000565; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP XennoBB messages.php xss attempt"; flow:to_server,established; uricontent:"/messages.php"; nocase; uricontent:"tid="; nocase; pcre:"/tid(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18652; classtype:web-application-attack; sid:100000566; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Qdig index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"pre_gallery="; nocase; pcre:"/pre_gallery(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18653; classtype:web-application-attack; sid:100000567; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Qdig index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"post_gallery="; nocase; pcre:"/post_gallery(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18653; classtype:web-application-attack; sid:100000568; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_change_email.php remote file include"; flow:to_server,established; uricontent:"admin/app_change_email.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000569; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_change_pwd.php remote file include"; flow:to_server,established; uricontent:"admin/app_change_pwd.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000570; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_mod_rewrite.php remote file include"; flow:to_server,established; uricontent:"admin/app_mod_rewrite.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000571; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_page_caching.php remote file include"; flow:to_server,established; uricontent:"admin/app_page_caching.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000572; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_setup.php remote file include"; flow:to_server,established; uricontent:"admin/app_setup.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000573; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_add.php remote file include"; flow:to_server,established; uricontent:"admin/cat_add.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000574; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_delete.php remote file include"; flow:to_server,established; uricontent:"admin/cat_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000575; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_edit.php remote file include"; flow:to_server,established; uricontent:"admin/cat_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000576; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_path_update.php remote file include"; flow:to_server,established; uricontent:"admin/cat_path_update.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000577; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_search.php remote file include"; flow:to_server,established; uricontent:"admin/cat_search.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000578; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_struc.php remote file include"; flow:to_server,established; uricontent:"admin/cat_struc.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000579; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_view.php remote file include"; flow:to_server,established; uricontent:"admin/cat_view.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000580; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_view_hidden.php remote file include"; flow:to_server,established; uricontent:"admin/cat_view_hidden.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000581; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_view_hierarchy.php remote file include"; flow:to_server,established; uricontent:"admin/cat_view_hierarchy.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000582; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_view_registered_only.php remote file include"; flow:to_server,established; uricontent:"admin/cat_view_registered_only.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000583; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu checkurl_web.php remote file include"; flow:to_server,established; uricontent:"admin/checkurl_web.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000584; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_alter.php remote file include"; flow:to_server,established; uricontent:"admin/db_alter.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000585; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_alter_change.php remote file include"; flow:to_server,established; uricontent:"admin/db_alter_change.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000586; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_backup.php remote file include"; flow:to_server,established; uricontent:"admin/db_backup.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000587; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_export.php remote file include"; flow:to_server,established; uricontent:"admin/db_export.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000588; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_import.php remote file include"; flow:to_server,established; uricontent:"admin/db_import.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000589; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu editor_add.php remote file include"; flow:to_server,established; uricontent:"admin/editor_add.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000590; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu editor_delete.php remote file include"; flow:to_server,established; uricontent:"admin/editor_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000591; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu editor_validate.php remote file include"; flow:to_server,established; uricontent:"admin/editor_validate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000592; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu head.php remote file include"; flow:to_server,established; uricontent:"admin/head.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000593; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu index.php remote file include"; flow:to_server,established; uricontent:"admin/index.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000594; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_config.php remote file include"; flow:to_server,established; uricontent:"admin/inv_config.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000595; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_config_payment.php remote file include"; flow:to_server,established; uricontent:"admin/inv_config_payment.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000596; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_create.php remote file include"; flow:to_server,established; uricontent:"admin/inv_create.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000597; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_delete.php remote file include"; flow:to_server,established; uricontent:"admin/inv_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000598; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_edit.php remote file include"; flow:to_server,established; uricontent:"admin/inv_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000599; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_markpaid.php remote file include"; flow:to_server,established; uricontent:"admin/inv_markpaid.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000600; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_markunpaid.php remote file include"; flow:to_server,established; uricontent:"admin/inv_markunpaid.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000601; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_overdue.php remote file include"; flow:to_server,established; uricontent:"admin/inv_overdue.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000602; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_paid.php remote file include"; flow:to_server,established; uricontent:"admin/inv_paid.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000603; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_send.php remote file include"; flow:to_server,established; uricontent:"admin/inv_send.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000604; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_unpaid.php remote file include"; flow:to_server,established; uricontent:"admin/inv_unpaid.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000605; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu lang_modify.php remote file include"; flow:to_server,established; uricontent:"admin/lang_modify.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000606; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_add.php remote file include"; flow:to_server,established; uricontent:"admin/link_add.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000607; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_bad.php remote file include"; flow:to_server,established; uricontent:"admin/link_bad.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000608; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_bad_delete.php remote file include"; flow:to_server,established; uricontent:"admin/link_bad_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000609; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_checkurl.php remote file include"; flow:to_server,established; uricontent:"admin/link_checkurl.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000610; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_delete.php remote file include"; flow:to_server,established; uricontent:"admin/link_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000611; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_duplicate.php remote file include"; flow:to_server,established; uricontent:"admin/link_duplicate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000612; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_edit.php remote file include"; flow:to_server,established; uricontent:"admin/link_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000613; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_premium_listing.php remote file include"; flow:to_server,established; uricontent:"admin/link_premium_listing.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000614; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_premium_sponsored.php remote file include"; flow:to_server,established; uricontent:"admin/link_premium_sponsored.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000615; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_search.php remote file include"; flow:to_server,established; uricontent:"admin/link_search.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000616; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_sponsored_listing.php remote file include"; flow:to_server,established; uricontent:"admin/link_sponsored_listing.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000617; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_validate.php remote file include"; flow:to_server,established; uricontent:"admin/link_validate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000618; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_validate_edit.php remote file include"; flow:to_server,established; uricontent:"admin/link_validate_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000619; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_view.php remote file include"; flow:to_server,established; uricontent:"admin/link_view.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000620; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu log_search.php remote file include"; flow:to_server,established; uricontent:"admin/log_search.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000621; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu mail_modify.php remote file include"; flow:to_server,established; uricontent:"admin/mail_modify.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000622; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu menu.php remote file include"; flow:to_server,established; uricontent:"admin/menu.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000623; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_create.php remote file include"; flow:to_server,established; uricontent:"admin/message_create.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000624; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_delete.php remote file include"; flow:to_server,established; uricontent:"admin/message_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000625; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_edit.php remote file include"; flow:to_server,established; uricontent:"admin/message_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000626; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_send.php remote file include"; flow:to_server,established; uricontent:"admin/message_send.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000627; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_subscriber.php remote file include"; flow:to_server,established; uricontent:"admin/message_subscriber.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000628; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_view.php remote file include"; flow:to_server,established; uricontent:"admin/message_view.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000629; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu review_validate.php remote file include"; flow:to_server,established; uricontent:"admin/review_validate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000630; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu review_validate_edit.php remote file include"; flow:to_server,established; uricontent:"admin/review_validate_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000631; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu summary.php remote file include"; flow:to_server,established; uricontent:"admin/summary.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000632; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_active.php remote file include"; flow:to_server,established; uricontent:"admin/template_active.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000633; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_add_custom.php remote file include"; flow:to_server,established; uricontent:"admin/template_add_custom.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000634; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_delete.php remote file include"; flow:to_server,established; uricontent:"admin/template_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000635; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_delete_file.php remote file include"; flow:to_server,established; uricontent:"admin/template_delete_file.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000636; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_duplicate.php remote file include"; flow:to_server,established; uricontent:"admin/template_duplicate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000637; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_export.php remote file include"; flow:to_server,established; uricontent:"admin/template_export.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000638; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_import.php remote file include"; flow:to_server,established; uricontent:"admin/template_import.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000639; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_manager.php remote file include"; flow:to_server,established; uricontent:"admin/template_manager.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000640; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_modify.php remote file include"; flow:to_server,established; uricontent:"admin/template_modify.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000641; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_modify_file.php remote file include"; flow:to_server,established; uricontent:"admin/template_modify_file.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000642; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_rename.php remote file include"; flow:to_server,established; uricontent:"admin/template_rename.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000643; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu user_add.php remote file include"; flow:to_server,established; uricontent:"admin/user_add.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000644; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu user_delete.php remote file include"; flow:to_server,established; uricontent:"admin/user_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000645; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu user_edit.php remote file include"; flow:to_server,established; uricontent:"admin/user_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000646; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu user_search.php remote file include"; flow:to_server,established; uricontent:"admin/user_search.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000647; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu whos.php remote file include"; flow:to_server,established; uricontent:"admin/whos.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000648; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"comment="; nocase; pcre:"/comment(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000649; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000650; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"homepage="; nocase; pcre:"/homepage(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000651; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000652; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000653; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000654; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"comment="; nocase; pcre:"/comment(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000655; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000656; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"homepage="; nocase; pcre:"/homepage(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000657; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"number="; nocase; pcre:"/number(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000658; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000659; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000660; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000661; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"homepage="; nocase; pcre:"/homepage(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000662; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"icq="; nocase; pcre:"/icq(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000663; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000664; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000665; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia files.php remote file include"; flow:to_server,established; uricontent:"/files.php"; nocase; uricontent:"footer_prog="; nocase; pcre:"/footer_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000666; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia files.php remote file include"; flow:to_server,established; uricontent:"/files.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000667; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia pheader.php remote file include"; flow:to_server,established; uricontent:"/pheader.php"; nocase; uricontent:"theme_root="; nocase; pcre:"/theme_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000668; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia headlines.php remote file include"; flow:to_server,established; uricontent:"/headlines.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000669; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia web_statsConfig.php remote file include"; flow:to_server,established; uricontent:"/web_statsConfig.php"; nocase; uricontent:"mod_dir="; nocase; pcre:"/mod_dir=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000670; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia preload.php remote file include"; flow:to_server,established; uricontent:"/preload.php"; nocase; uricontent:"func_prog="; nocase; pcre:"/func_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000671; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia users.php remote file include"; flow:to_server,established; uricontent:"/users.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000672; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia web_statsConfig.php remote file include"; flow:to_server,established; uricontent:"/web_statsConfig.php"; nocase; uricontent:"php_ext="; nocase; pcre:"/php_ext=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000673; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia footer.php remote file include"; flow:to_server,established; uricontent:"/footer.php"; nocase; uricontent:"theme_root="; nocase; pcre:"/theme_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000674; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia pfooter.php remote file include"; flow:to_server,established; uricontent:"/pfooter.php"; nocase; uricontent:"theme_root="; nocase; pcre:"/theme_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000675; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia missing.php remote file include"; flow:to_server,established; uricontent:"/missing.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000676; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia topics.php remote file include"; flow:to_server,established; uricontent:"/topics.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000677; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia header.php remote file include"; flow:to_server,established; uricontent:"/header.php"; nocase; uricontent:"mod_root="; nocase; pcre:"/mod_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000678; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"func_prog="; nocase; pcre:"/func_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000679; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia search.php remote file include"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000680; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia header.php remote file include"; flow:to_server,established; uricontent:"/header.php"; nocase; uricontent:"theme_root="; nocase; pcre:"/theme_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000681; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia email.php remote file include"; flow:to_server,established; uricontent:"/email.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000682; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP cPanel select.html xss attempt"; flow:to_server,established; uricontent:"/select.html"; nocase; uricontent:"file="; nocase; pcre:"/file(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18655; classtype:web-application-attack; sid:100000683; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde index.php show XSS attempt"; flow:established,to_server; uricontent:"/services/help/index.php"; nocase; uricontent:"show="; nocase; uricontent:"URL=javascript"; nocase; reference:bugtraq,18845; classtype:web-application-attack; sid:100000703; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS comment.php remote file include"; flow:to_server,established; uricontent:"/comment.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000704; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS test.php remote file include"; flow:to_server,established; uricontent:"admin/test.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000705; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS index.php remote file include"; flow:to_server,established; uricontent:"admin/index.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000706; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS inc_adminfoot.php remote file include"; flow:to_server,established; uricontent:"admin/include/inc_adminfoot.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000707; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS comedit.php remote file include"; flow:to_server,established; uricontent:"admin/comedit.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000708; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SquirrelMail search.php xss attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"mailbox="; nocase; pcre:"/mailbox(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18700; classtype:web-application-attack; sid:100000709; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Xoops MyAds Module annonces-p-f.php SQL injection attempt"; flow:to_server,established; uricontent:"/annonces-p-f.php"; nocase; uricontent:"lid="; nocase; pcre:"/lid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18718; classtype:web-application-attack; sid:100000710; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid raids.php remote file include"; flow:to_server,established; uricontent:"/raids.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000711; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid register.php remote file include"; flow:to_server,established; uricontent:"/register.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000712; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid roster.php remote file include"; flow:to_server,established; uricontent:"/roster.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000713; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid view.php remote file include"; flow:to_server,established; uricontent:"/view.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000714; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid logs.php remote file include"; flow:to_server,established; uricontent:"/logs.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000715; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid users.php remote file include"; flow:to_server,established; uricontent:"/users.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000716; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid configuration.php remote file include"; flow:to_server,established; uricontent:"/configuration.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000717; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid guilds.php remote file include"; flow:to_server,established; uricontent:"/guilds.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000718; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000719; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid locations.php remote file include"; flow:to_server,established; uricontent:"/locations.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000720; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid login.php remote file include"; flow:to_server,established; uricontent:"/login.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000721; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid lua_output.php remote file include"; flow:to_server,established; uricontent:"/lua_output.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000722; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid permissions.php remote file include"; flow:to_server,established; uricontent:"/permissions.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000723; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid profile.php remote file include"; flow:to_server,established; uricontent:"/profile.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000724; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid view.php SQL injection attempt"; flow:to_server,established; uricontent:"/view.php"; nocase; uricontent:"raid_id="; nocase; pcre:"/raid_id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18720; classtype:web-application-attack; sid:100000725; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Vincent-Leclercq News diver.php SQL injection attempt"; flow:to_server,established; uricontent:"/diver.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18729; classtype:web-application-attack; sid:100000726; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Softbiz Banner Exchange insertmember.php xss attempt"; flow:to_server,established; uricontent:"/insertmember.php"; nocase; uricontent:"city="; nocase; pcre:"/city(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18735; classtype:web-application-attack; sid:100000727; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog functions.inc remote file include"; flow:to_server,established; uricontent:"plugins/links/functions.inc"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000728; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog functions.inc remote file include"; flow:to_server,established; uricontent:"plugins/polls/functions.inc"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000729; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog BlackList.Examine.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/BlackList.Examine.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000730; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog DeleteComment.Action.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/DeleteComment.Action.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000731; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog EditIPofURL.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/EditIPofURL.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000732; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog MTBlackList.Examine.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/MTBlackList.Examine.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000733; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog MassDelete.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/MassDelete.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000734; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog MailAdmin.Action.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/MailAdmin.Action.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000735; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog MassDelTrackback.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/MassDelTrackback.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000736; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog EditHeader.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/EditHeader.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000737; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog EditIP.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/EditIP.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000738; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog IPofUrl.Examine.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/IPofUrl.Examine.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000739; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog Import.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/Import.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000740; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog LogView.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/LogView.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000741; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog functions.inc remote file include"; flow:to_server,established; uricontent:"plugins/staticpages/functions.inc"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000742; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Plume CMS dbinstall.php remote file include"; flow:to_server,established; uricontent:"/dbinstall.php"; nocase; uricontent:"_PX_config[manager_path]="; nocase; pcre:"/_PX_config\[manager_path\]=(https?|ftp)/Ui"; reference:bugtraq,18750; classtype:web-application-attack; sid:100000743; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyNewsGroups tree.php SQL injection attempt"; flow:to_server,established; uricontent:"/tree.php"; nocase; uricontent:"grp_id="; nocase; pcre:"/grp_id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18757; classtype:web-application-attack; sid:100000744; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Diesel Joke Site category.php SQL injection attempt"; flow:to_server,established; uricontent:"/category.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18760; classtype:web-application-attack; sid:100000745; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Randshop header.inc.php remote file include"; flow:to_server,established; uricontent:"/header.inc.php"; nocase; uricontent:"dateiPfad="; nocase; pcre:"/dateiPfad=(https?|ftp)/Ui"; reference:bugtraq,18763; classtype:web-application-attack; sid:100000746; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Plume CMS index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"_PX_config[manager_path]="; nocase; pcre:"/_PX_config\[manager_path\]=(https?|ftp)/Ui"; reference:bugtraq,18780; classtype:web-application-attack; sid:100000747; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Plume CMS rss.php remote file include"; flow:to_server,established; uricontent:"/rss.php"; nocase; uricontent:"_PX_config[manager_path]="; nocase; pcre:"/_PX_config\[manager_path\]=(https?|ftp)/Ui"; reference:bugtraq,18780; classtype:web-application-attack; sid:100000748; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Plume CMS search.php remote file include"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"_PX_config[manager_path]="; nocase; pcre:"/_PX_config\[manager_path\]=(https?|ftp)/Ui"; reference:bugtraq,18780; classtype:web-application-attack; sid:100000749; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000750; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard about.php remote file include"; flow:to_server,established; uricontent:"/about.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000751; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard contact.php remote file include"; flow:to_server,established; uricontent:"/contact.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000752; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard delete.php remote file include"; flow:to_server,established; uricontent:"/delete.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000753; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard faq.php remote file include"; flow:to_server,established; uricontent:"/faq.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000754; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard features.php remote file include"; flow:to_server,established; uricontent:"/features.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000755; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard history.php remote file include"; flow:to_server,established; uricontent:"/history.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000756; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt"; flow:to_server,established; uricontent:"/qtofm.php"; nocase; uricontent:"delete="; nocase; pcre:"/delete(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18791; classtype:web-application-attack; sid:100000757; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt"; flow:to_server,established; uricontent:"/qtofm.php"; nocase; uricontent:"pathext="; nocase; pcre:"/pathext(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18791; classtype:web-application-attack; sid:100000758; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt"; flow:to_server,established; uricontent:"/qtofm.php"; nocase; uricontent:"edit="; nocase; pcre:"/edit(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18791; classtype:web-application-attack; sid:100000759; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP The Banner Engine top.php xss attempt"; flow:to_server,established; uricontent:"/top.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18793; classtype:web-application-attack; sid:100000760; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPWebGallery comments.php xss attempt"; flow:to_server,established; uricontent:"/comments.php"; nocase; uricontent:"keyword="; nocase; pcre:"/keyword(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18798; classtype:web-application-attack; sid:100000761; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Randshop index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"incl="; nocase; pcre:"/incl=(https?|ftp)/Ui"; reference:bugtraq,18809; classtype:web-application-attack; sid:100000762; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Kamikaze-QSCM config.inc access"; flow:to_server,established; uricontent:"/config.inc"; nocase; uricontent:"="; nocase; reference:bugtraq,18816; classtype:web-application-activity; sid:100000763; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP CMS global_header.php remote file include"; flow:to_server,established; uricontent:"/global_header.php"; nocase; uricontent:"domain="; nocase; pcre:"/domain=(https?|ftp)/Ui"; reference:bugtraq,18834; classtype:web-application-attack; sid:100000764; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP LifeType index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"date="; nocase; pcre:"/date(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18835; classtype:web-application-attack; sid:100000765; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS thumb.php remote file include"; flow:to_server,established; uricontent:"/thumb.php"; nocase; uricontent:"gallery="; nocase; pcre:"/gallery=(https?|ftp)/Ui"; reference:bugtraq,18837; classtype:web-application-attack; sid:100000766; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"item="; nocase; pcre:"/item(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000767; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"blog="; nocase; pcre:"/blog(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000768; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"member="; nocase; pcre:"/member(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000769; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"typeface="; nocase; pcre:"/typeface(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000770; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"results="; nocase; pcre:"/results(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000771; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"DokiWiki="; nocase; pcre:"/DokiWiki(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000772; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"archives="; nocase; pcre:"/archives(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000773; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"category="; nocase; pcre:"/category(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000774; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"PHPSESSID="; nocase; pcre:"/PHPSESSID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000775; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"query="; nocase; pcre:"/query(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000776; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS action.php SQL injection attempt"; flow:to_server,established; uricontent:"/action.php"; nocase; uricontent:"action="; nocase; pcre:"/action(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000777; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMailList maillist.php xss attempt"; flow:to_server,established; uricontent:"/maillist.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18840; classtype:web-application-attack; sid:100000778; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde index.php xss attempt"; flow:to_server,established; uricontent:"services/help/index.php"; nocase; uricontent:"show="; nocase; pcre:"/show(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18845; classtype:web-application-attack; sid:100000779; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde problem.php xss attempt"; flow:to_server,established; uricontent:"services/problem.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18845; classtype:web-application-attack; sid:100000780; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde go.php xss attempt"; flow:to_server,established; uricontent:"services/go.php"; nocase; uricontent:"untrusted="; nocase; pcre:"/untrusted(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18845; classtype:web-application-attack; sid:100000781; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde go.php xss attempt"; flow:to_server,established; uricontent:"services/go.php"; nocase; uricontent:"url="; nocase; pcre:"/url(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18845; classtype:web-application-attack; sid:100000782; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor create_course.php xss attempt"; flow:to_server,established; uricontent:"/create_course.php"; nocase; uricontent:"show_courses="; nocase; pcre:"/show_courses(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000783; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor create_course.php xss attempt"; flow:to_server,established; uricontent:"/create_course.php"; nocase; uricontent:"current_cat="; nocase; pcre:"/current_cat(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000784; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor password_reminder.php xss attempt"; flow:to_server,established; uricontent:"/password_reminder.php"; nocase; uricontent:"forgot="; nocase; pcre:"/forgot(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000785; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor browse.php xss attempt"; flow:to_server,established; uricontent:"/browse.php"; nocase; uricontent:"cat="; nocase; pcre:"/cat(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000786; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor fix_content.php xss attempt"; flow:to_server,established; uricontent:"/fix_content.php"; nocase; uricontent:"submit="; nocase; pcre:"/submit(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000787; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FreeWebshop search.php xss attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"page="; nocase; pcre:"/page(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18878; classtype:web-application-attack; sid:100000788; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FreeWebshop details.php SQL injection attempt"; flow:to_server,established; uricontent:"/details.php"; nocase; uricontent:"prod="; nocase; pcre:"/prod(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18878; classtype:web-application-attack; sid:100000789; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot edit_new.php remote file include"; flow:to_server,established; uricontent:"/edit_new.php"; nocase; uricontent:"Paths[extensions_path]="; nocase; pcre:"/Paths\[extensions_path\]=(https?|ftp)/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000790; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot pv_core.php access"; flow:to_server,established; uricontent:"/pv_core.php"; nocase; uricontent:"="; nocase; reference:bugtraq,18881; classtype:web-application-activity; sid:100000791; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"fg="; nocase; pcre:"/fg(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000792; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"line1="; nocase; pcre:"/line1(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000793; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"line2="; nocase; pcre:"/line2(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000794; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"bg="; nocase; pcre:"/bg(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000795; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"c1="; nocase; pcre:"/c1(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000796; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"c2="; nocase; pcre:"/c2(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000797; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"c3="; nocase; pcre:"/c3(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000798; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"c4="; nocase; pcre:"/c4(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000799; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot editor_menu.php xss attempt"; flow:to_server,established; uricontent:"/editor_menu.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000800; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot editor_menu.php xss attempt"; flow:to_server,established; uricontent:"/editor_menu.php"; nocase; uricontent:"js_name="; nocase; pcre:"/js_name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000801; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000802; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds recent.php remote file include"; flow:to_server,established; uricontent:"/recent.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000803; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds account.php remote file include"; flow:to_server,established; uricontent:"/account.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000804; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds classified.php remote file include"; flow:to_server,established; uricontent:"/classified.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000805; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds search.php remote file include"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000806; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CommonSense search.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"q="; nocase; pcre:"/q(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18893; classtype:web-application-attack; sid:100000807; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP AjaxPortal ajaxp.php SQL injection attempt"; flow:to_server,established; uricontent:"/ajaxp.php"; nocase; uricontent:"username="; nocase; pcre:"/username(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18897; classtype:web-application-attack; sid:100000808; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP RW Download stats.php remote file include"; flow:to_server,established; uricontent:"/stats.php"; nocase; uricontent:"root_path="; nocase; pcre:"/root_path=(https?|ftp)/Ui"; reference:bugtraq,18901; classtype:web-application-attack; sid:100000809; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPBB download.php remote file include"; flow:to_server,established; uricontent:"/download.php"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,18914; classtype:web-application-attack; sid:100000810; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPBB attach_rules.php remote file include"; flow:to_server,established; uricontent:"/attach_rules.php"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,18914; classtype:web-application-attack; sid:100000811; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SimpleBoard SBP index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"sbp="; nocase; pcre:"/sbp=(https?|ftp)/Ui"; reference:bugtraq,18917; classtype:web-application-attack; sid:100000812; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SimpleBoard SBP file_upload.php remote file include"; flow:to_server,established; uricontent:"/file_upload.php"; nocase; uricontent:"sbp="; nocase; pcre:"/sbp=(https?|ftp)/Ui"; reference:bugtraq,18917; classtype:web-application-attack; sid:100000813; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SimpleBoard SBP image_upload.php remote file include"; flow:to_server,established; uricontent:"/image_upload.php"; nocase; uricontent:"sbp="; nocase; pcre:"/sbp=(https?|ftp)/Ui"; reference:bugtraq,18917; classtype:web-application-attack; sid:100000814; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SimpleBoard SBP performs.php remote file include"; flow:to_server,established; uricontent:"/performs.php"; nocase; uricontent:"sbp="; nocase; pcre:"/sbp=(https?|ftp)/Ui"; reference:bugtraq,18917; classtype:web-application-attack; sid:100000815; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PC_CookBook pccookbook.php remote file include"; flow:to_server,established; uricontent:"/pccookbook.php"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18919; classtype:web-application-attack; sid:100000816; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SMF Forum smf.php remote file include"; flow:to_server,established; uricontent:"/smf.php"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18924; classtype:web-application-attack; sid:100000817; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Graffiti Forums topics.php SQL injection attempt"; flow:to_server,established; uricontent:"/topics.php"; nocase; uricontent:"f="; nocase; pcre:"/f(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18928; classtype:web-application-attack; sid:100000818; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SaPHPLesson add.php SQL injection attempt"; flow:to_server,established; uricontent:"/add.php"; nocase; uricontent:"forumid="; nocase; pcre:"/forumid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18934; classtype:web-application-attack; sid:100000820; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZooM sub-join.php SQL injection attempt"; flow:to_server,established; uricontent:"/sub-join.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18937; classtype:web-application-attack; sid:100000821; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZooM reply.php SQL injection attempt"; flow:to_server,established; uricontent:"/reply.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18937; classtype:web-application-attack; sid:100000822; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZooM ignore-pm.php SQL injection attempt"; flow:to_server,established; uricontent:"/ignore-pm.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18937; classtype:web-application-attack; sid:100000823; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZooM sendmail.php SQL injection attempt"; flow:to_server,established; uricontent:"/sendmail.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18937; classtype:web-application-attack; sid:100000824; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Phorum posting.php xss attempt"; flow:to_server,established; uricontent:"/posting.php"; nocase; uricontent:"mode="; nocase; pcre:"/mode(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18941; classtype:web-application-attack; sid:100000825; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Phorum search.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"mode="; nocase; pcre:"/mode(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18941; classtype:web-application-attack; sid:100000826; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail address.view.php xss attempt"; flow:to_server,established; uricontent:"/address.view.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000827; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail address.view.php xss attempt"; flow:to_server,established; uricontent:"/address.view.php"; nocase; uricontent:"cond="; nocase; pcre:"/cond(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000828; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail address.view.php xss attempt"; flow:to_server,established; uricontent:"/address.view.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000829; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"dayprune="; nocase; pcre:"/dayprune(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000830; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail compose.email.php xss attempt"; flow:to_server,established; uricontent:"/compose.email.php"; nocase; uricontent:"data[to]="; nocase; pcre:"/data\[to\](=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000831; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail read.markas.php xss attempt"; flow:to_server,established; uricontent:"/read.markas.php"; nocase; uricontent:"markas="; nocase; pcre:"/markas(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000832; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail search.results.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.results.php"; nocase; uricontent:"fields[]="; nocase; pcre:"/fields\[\](=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000833; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Lazarus codes-english.php xss attempt"; flow:to_server,established; uricontent:"/codes-english.php"; nocase; uricontent:"show="; nocase; pcre:"/show(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18956; classtype:web-application-attack; sid:100000834; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Lazarus picture.php xss attempt"; flow:to_server,established; uricontent:"/picture.php"; nocase; uricontent:"img="; nocase; pcre:"/img(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18956; classtype:web-application-attack; sid:100000835; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MiniBB com_minibb.php remote file include"; flow:to_server,established; uricontent:"/com_minibb.php"; nocase; uricontent:"absolute_path="; nocase; pcre:"/absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18998; classtype:web-application-attack; sid:100000836; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MiniBB index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"absolute_path="; nocase; pcre:"/absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18998; classtype:web-application-attack; sid:100000837; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PhotoCycle photocycle.php xss attempt"; flow:to_server,established; uricontent:"/photocycle.php"; nocase; uricontent:"phppage="; nocase; pcre:"/phppage(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18964; classtype:web-application-attack; sid:100000838; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Event Calendar calendar.php remote file include"; flow:to_server,established; uricontent:"/calendar.php"; nocase; uricontent:"path_to_calendar="; nocase; pcre:"/path_to_calendar=(https?|ftp)/Ui"; reference:bugtraq,18965; classtype:web-application-attack; sid:100000839; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FlatNuke index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"mod="; nocase; pcre:"/mod=(https?|ftp)/Ui"; reference:bugtraq,18966; classtype:web-application-attack; sid:100000840; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PerForms performs.php remote file include"; flow:to_server,established; uricontent:"/performs.php"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18968; classtype:web-application-attack; sid:100000841; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPBB 3 memberlist.php SQL injection attempt"; flow:to_server,established; uricontent:"/memberlist.php"; nocase; uricontent:"ip="; nocase; pcre:"/ip(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18969; classtype:web-application-attack; sid:100000842; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Koobi Pro index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"showtopic="; nocase; pcre:"/showtopic(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18970; classtype:web-application-attack; sid:100000843; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Koobi Pro index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"showtopic="; nocase; pcre:"/showtopic(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18970; classtype:web-application-attack; sid:100000844; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Invision Power Board ipsclass.php SQL injection attempt"; flow:to_server,established; uricontent:"/ipsclass.php"; nocase; uricontent:"HTTP_CLIENT_IP="; nocase; pcre:"/HTTP_CLIENT_IP(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18984; classtype:web-application-attack; sid:100000845; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Subberz Lite user-func.php remote file include"; flow:to_server,established; uricontent:"/user-func.php"; nocase; uricontent:"myadmindir="; nocase; pcre:"/myadmindir=(https?|ftp)/i"; reference:bugtraq,18990; classtype:web-application-attack; sid:100000846; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Sitemap sitemap.xml.php remote file include"; flow:to_server,established; uricontent:"components/com_sitemap/sitemap.xml.php"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18991; classtype:web-application-attack; sid:100000847; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp include.php remote file include"; flow:to_server,established; uricontent:"accounts/inc/include.php"; nocase; uricontent:"language="; nocase; pcre:"/language=(https?|ftp)/i"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000849; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp include.php remote file include"; flow:to_server,established; uricontent:"accounts/inc/include.php"; nocase; uricontent:"lang_settings="; nocase; pcre:"/lang_settings=(https?|ftp)/Ui"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000850; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp include.php remote file include"; flow:to_server,established; uricontent:"admin/inc/include.php"; nocase; uricontent:"language="; nocase; pcre:"/language=(https?|ftp)/Ui"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000851; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp include.php remote file include"; flow:to_server,established; uricontent:"admin/inc/include.php"; nocase; uricontent:"lang_settings="; nocase; pcre:"/lang_settings=(https?|ftp)/Ui"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000852; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp settings.html remote file include"; flow:to_server,established; uricontent:"mail/settings.html"; nocase; uricontent:"language="; nocase; pcre:"/language=(https?|ftp)/Ui"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000853; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ListMessenger listmessenger.php remote file include"; flow:to_server,established; uricontent:"/listmessenger.php"; nocase; uricontent:"lm_path="; nocase; pcre:"/lm_path=(https?|ftp)/Ui"; reference:bugtraq,19014; classtype:web-application-attack; sid:100000854; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000855; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"mail="; nocase; pcre:"/mail(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000856; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"ip="; nocase; pcre:"/ip(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000857; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000858; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"hidemail="; nocase; pcre:"/hidemail(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000859; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Francisco Charrua Photo-Gallery room.php SQL injection attempt"; flow:to_server,established; uricontent:"/room.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19020; classtype:web-application-attack; sid:100000860; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include"; flow:to_server,established; uricontent:"Include/editor/rich_files/class.rich.php"; nocase; uricontent:"class_path="; nocase; pcre:"/class_path=(https?|ftp)/Ui"; reference:bugtraq,19023; classtype:web-application-attack; sid:100000861; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include"; flow:to_server,established; uricontent:"Include/editor/class.rich.php"; nocase; uricontent:"class_path="; nocase; pcre:"/class_path=(https?|ftp)/Ui"; reference:bugtraq,19023; classtype:web-application-attack; sid:100000862; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMyRing view_com.php SQL injection attempt"; flow:to_server,established; uricontent:"/view_com.php"; nocase; uricontent:"idsite="; nocase; pcre:"/idsite(=|\x3f)?\w*\x27/Ui"; reference:url,secunia.com/advisories/21451/; classtype:web-application-attack; sid:100000863; rev:1;)
# Rules from <urleet@gmail.com>
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s01"; flow:to_server,established; uricontent:"/s01.php|3f|shopid|3d|"; nocase; pcre:"/s01.php\x3fshopid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000865; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s02"; flow:to_server,established; uricontent:"/s02.php|3f|shopid|3d|"; nocase; pcre:"/s02.php\x3fshopid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000866; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s03"; flow:to_server,established; uricontent:"/s03.php|3f|shopid|3d|"; nocase; pcre:"/s03.php\x3fshopid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000867; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s04"; flow:to_server,established; uricontent:"/s04.php|3f|shopid|3d|"; nocase; pcre:"/s04.php\x3fshopid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000868; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit sid variant"; flow:to_server,established; uricontent:"/sid|3d|"; nocase; content:"|26|shopid|3d|"; nocase; within:20; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000869; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file inclusion exploit sid variant 2"; flow:to_server,established; uricontent:"/sid|3d|"; nocase; pcre:"/sid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000870; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CubeCart XSS attack"; flow:to_server,established; uricontent:"/admin/filemanager/preview.php?file="; nocase; pcre:"/((1)?&(x|y)=)?/Ri"; reference:url,retrogod.altervista.org/cubecart_3011_adv.html; classtype:web-application-attack; sid:100000871; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CubeCart XSS attack"; flow:to_server,established; uricontent:"/admin/login.php?email="; nocase; reference:url,retrogod.altervista.org/cubecart_3011_adv.html; classtype:web-application-attack; sid:100000872; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP discloser 0.0.4 Remote File Inclusion"; flow:to_server,established; uricontent:"/plugins/plugins.php?type="; nocase; pcre:"/type\x3d(https?|ftp)/Ui"; classtype:web-application-attack; sid:100000873; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Live Helper globals.php remote file include"; flow:to_server,established; uricontent:"/globals.php"; nocase; uricontent:"abs_path="; nocase; pcre:"/abs_path=(https?|ftp)/Ui"; reference:bugtraq,19349; classtype:web-application-attack; sid:100000882; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Inlink remote file inclusion exploit"; flow:to_server,established; uricontent:"/includes/adodb/back/adodb-postgres7.inc.php"; nocase; reference:url,milw0rm.com/exploits/2295; classtype:web-application-attack; sid:100000883; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-MISC SimpleBlog Remote SQL Injection attempt"; flow:to_server,established; uricontent:"/default.asp"; nocase; content:"view=plink"; nocase; reference:url,milw0rm.com/exploits/2296; classtype:web-application-attack; sid:100000884; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP pHNews access attempt"; flow:to_server,established; uricontent:"/modules/commens.php"; nocase; content:"templates_dir"; nocase; content:"cmd="; nocase; reference:url,milw0rm.com/exploits/2298; classtype:web-application-attack; sid:100000885; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Proxima access attempt"; flow:to_server,established; uricontent:"/modules/Forums/bb_smilies.php"; nocase; content:"name="; nocase; content:"cmd="; nocase; reference:url,milw0rm.com/exploits/2299; classtype:web-application-attack; sid:100000886; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP pmwiki exploit attempt"; flow:to_server,established; content:"POST"; nocase; depth:4; content:"pmwiki.php"; nocase; distance:0; content:"n=PmWiki.BasicEditing"; nocase; distance:0; content:"action=edit"; nocase; distance:0; reference:url,milw0rm.com/exploits/2291; classtype:web-application-attack; sid:100000887; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP tikiwiki exploit attempt"; flow:to_server,established; content:"POST"; nocase; depth:4; content:"jhot.php"; nocase; distance:0; reference:url,milw0rm.com/exploits/2288; classtype:web-application-attack; sid:100000888; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP yappa-ng exploit attempt"; flow:to_server,established; uricontent:"/admin_modules/admin_module_deldir.inc.php"; nocase; content:"config"; nocase; reference:url,milw0rm.com/exploits/2292; classtype:web-application-attack; sid:100000889; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP UBB.threads remote file include"; flow:to_server,established; uricontent:"addpost_newpoll.php?"; nocase; uricontent:"thispath="; nocase; pcre:"/addpost_newpoll\x2Ephp\x3F[^\r\n]*thispath=(https?|ftp)/Ui"; classtype:web-application-attack; sid:100000906; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpMyWebmin change_preferences2 script remote file include"; flow:to_server,established; uricontent:"change_preferences.php?"; nocase; uricontent:"target="; nocase; pcre:"/target=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/bid/20281/info; classtype:web-application-attack; sid:100000907; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpMyWebmin create_file script remote file include"; flow:to_server,established; uricontent:"create_file.php?"; nocase; uricontent:"target="; nocase; pcre:"/target=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/bid/20281/info; classtype:web-application-attack; sid:100000908; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpMyWebmin upload_local script remote file include"; flow:to_server,established; uricontent:"upload_local.php?"; nocase; uricontent:"target="; nocase; pcre:"/target=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/bid/20281/info; classtype:web-application-attack; sid:100000909; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpMyWebmin upload_multi script remote file include"; flow:to_server,established; uricontent:"upload_multi.php?"; nocase; uricontent:"target="; nocase; pcre:"/target=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/bid/20281/info; classtype:web-application-attack; sid:100000910; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dayfox Blog adminlog.php module remote file include"; flow:to_server,established; uricontent:"/edit/adminlog.php?"; nocase; uricontent:"slogin="; nocase; pcre:"/slogin=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/archive/1/447500/30/0/threaded; classtype:web-application-attack; sid:100000911; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dayfox Blog postblog.php module remote file include"; flow:to_server,established; uricontent:"/edit/postblog.php?"; nocase; uricontent:"slogin="; nocase; pcre:"/slogin=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/archive/1/447500/30/0/threaded; classtype:web-application-attack; sid:100000912; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dayfox Blog index.php module remote file include"; flow:to_server,established; uricontent:"/edit/index.php?"; nocase; uricontent:"slogin="; nocase; pcre:"/slogin=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/archive/1/447500/30/0/threaded; classtype:web-application-attack; sid:100000913; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dayfox Blog index2.php module remote file include"; flow:to_server,established; uricontent:"/edit/index2.php?"; nocase; uricontent:"slogin="; nocase; pcre:"/slogin=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/archive/1/447500/30/0/threaded; classtype:web-application-attack; sid:100000914; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Somery Include.php remote file include"; flow:established,to_server; uricontent:"/include.php"; nocase; content:"skindir="; nocase; pcre:"/skindir=(https?|ftp)/Ui"; reference:bugtraq,19912; classtype:web-application-attack; sid:100000915; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyBulletinBoard Functions_Post.php xss attempt"; flow:established,to_server; uricontent:"/functions_post.php?"; nocase; content:"script="; nocase; pcre:"/script(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,19770; classtype:web-application-attack; sid:100000916; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP-Dimension functions_kb.php remote file include attempt";flow:established,to_server; uricontent:"/includes/functions_kb.php?"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,20367; classtype:web-application-attack; sid:100000917; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP-Dimension themen_portal_mitte.php remote include attempt"; flow:established,to_server; uricontent:"/includes/themen_portal_mitte.php?"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,20367; classtype:web-application-attack; sid:100000918; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Segue CMS themesettings.inc.php remote file include attempt"; flow:established,to_server; uricontent:"themesettings.inc.php"; uricontent:"themesdir="; pcre:"/themesdir=(https?|ftp|\x2F)/Ui"; reference:bugtraq,20640; reference:cve,2006-5497; reference:url,osvdb.org/29904; reference:nessus,22922; reference:url,www.milw0rm.com/exploits/2600; classtype:web-application-attack; sid:100000919; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MiniBB bb_func_txt.php pathToFiles variable remote file include"; flow:to_server,established; uricontent:"/bb_func_txt.php"; nocase; uricontent:"pathToFiles="; nocase; pcre:"/pathToFiles=(https?|ftp|\x2F)/Ui"; reference:bugtraq,20757; reference:url,osvdb.org/29971; reference:nessus,22926; classtype:web-application-attack; sid:100000920; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PunBB register.php language variable remote file include"; flow:to_server,established; content:"register.php"; nocase; content:"language="; nocase; pcre:"/language=(\x2F|\x2E)/Ui"; reference:bugtraq,20786; reference:cve,2006-5735; reference:url,osvdb.org/30132; reference:nessus,22932; classtype:web-application-attack; sid:100000921; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Etomite CMS index.php id variable SQL injection"; flow:to_server,established; uricontent:"/etomite/index.php"; nocase; uricontent:"id="; nocase; pcre:"/id=[A-Za-z0-9]{1,}\'/Ui"; reference:bugtraq,21135; reference:url,osvdb.org/30442; reference:url,secunia.com/advisories/22885; classtype:web-application-attack; sid:100000922; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY-WEB-PHP ADP Forum Attempted Password Recon"; uricontent:"/users/admin.txt"; nocase; reference:url,www.milw0rm.com/exploits/3053; classtype:web-application-attack; sid:100000925; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY-WEB-PHP EasyNews PRO News Attempted Password Recon"; uricontent:"/newsboard/data/users.txt"; nocase; reference:url,www.milw0rm.com/exploits/3039; classtype:web-application-attack; sid:100000926; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Xoops module Articles SQL Injection Exploit"; flow:to_server,established; uricontent:"/modules/articles/index.php"; nocase; uricontent:"cat_id="; nocase; reference:url,www.securityfocus.com/archive/1/463916; classtype:web-application-attack; sid:100000929; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Drake CMS 404.php Local File Include Vulnerability"; flow:established,to_server; uricontent:"404.php?"; nocase; uricontent:"d_private="; nocase; reference:bugtraq,23215; classtype:web-application-attack; sid:100000930; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Softerra Time-Assistant remote include attempt";flow:established,to_server; uricontent:"/lib/timesheet.class.php?"; nocase; uricontent:"lib_dir="; nocase; pcre:"/lib_dir=(https?|ftp)/Ui"; classtype:web-application-attack; reference:bugtraq,23203; sid:100000931; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Softerra Time-Assistant remote include attempt";flow:established,to_server; uricontent:"/lib/timesheet.class.php?"; nocase; uricontent:"inc_dir="; nocase; pcre:"/inc_dir=(https?|ftp)/Ui"; classtype:web-application-attack; reference:bugtraq,23203; sid:100000932; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Aardvark button/settings_sql.php File Include Vulnerability"; flow:established,to_server; uricontent:"/button/settings_sql.php"; nocase; content:"path="; nocase; pcre:"/path=(https?|ftp)/Ui"; priority:3; reference:url,securityfocus.com/archive/1/464351; classtype:web-application-attack; sid:100000933; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Aardvark button/new_day.php File Include Vulnerability"; flow:established,to_server; uricontent:"/button/new_day.php"; nocase; content:"path="; nocase; pcre:"/path=(https?|ftp)/Ui"; priority:3; reference:url,securityfocus.com/archive/1/464351; classtype:web-application-attack; sid:100000934; rev:1;)
|