1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
|
SecRule REQUEST_FILENAME "!@pmFromFile modsecurity_46_et_sql_injection.data" "phase:2,nolog,pass,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,skipAfter:END_ET_SQLI_RULES"
# (sid 2007508) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007508,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:vehicleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007514) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007514,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:categoryID_list/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007520) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007520,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sale_type/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007526) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007526,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:stock_number/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007532) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007532,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:manufacturer/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007538) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007538,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:model/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007544) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007544,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:vehicleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007550) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007550,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:year/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007556) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007556,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:vin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007562) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price
SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007562,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:listing_price/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004063) ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating
SecRule REQUEST_URI_RAW "(?i:\/includes\/rating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004063,rev:4,msg:'ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project'"
SecRule &TX:'/SQL_INJECTION.*ARGS:rating/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004075) ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id
SecRule REQUEST_URI_RAW "(?i:\/includes\/rating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004075,rev:4,msg:'ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project'"
SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007221) ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id
SecRule REQUEST_URI_RAW "(?i:\/admin\/edit\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007221,rev:3,msg:'ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005061) ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod
SecRule REQUEST_URI_RAW "(?i:\/templates\/modif\.html)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005061,rev:4,msg:'ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005577) ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name
SecRule REQUEST_URI_RAW "(?i:\/shared\/code\/cp_authorization\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005577,rev:3,msg:'ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:xuser_name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005583) ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did
SecRule REQUEST_URI_RAW "(?i:\/public\/code\/cp_downloads\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005583,rev:3,msg:'ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004533) ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id
SecRule REQUEST_URI_RAW "(?i:\/subcat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004533,rev:4,msg:'ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cate_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004539) ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id
SecRule REQUEST_URI_RAW "(?i:\/view_profile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004539,rev:4,msg:'ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004545) ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid
SecRule REQUEST_URI_RAW "(?i:\/postingdetails\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004545,rev:4,msg:'ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
SecRule &TX:'/SQL_INJECTION.*ARGS:postingid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004550) ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id
SecRule REQUEST_URI_RAW "(?i:\/topic_title\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004550,rev:4,msg:'ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
SecRule &TX:'/SQL_INJECTION.*ARGS:td_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006823) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid
SecRule REQUEST_URI_RAW "(?i:\/forum2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006823,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:soruid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006829) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak
SecRule REQUEST_URI_RAW "(?i:\/kullanicilistesi\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006829,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ak/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006835) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler
SecRule REQUEST_URI_RAW "(?i:\/aramayap\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006835,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kelimeler/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006841) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi
SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006841,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kullaniciadi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006847) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno
SecRule REQUEST_URI_RAW "(?i:\/mesajkutum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006847,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:mesajno/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006853) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf
SecRule REQUEST_URI_RAW "(?i:\/kullanicilistesi\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006853,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:harf/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006859) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik
SecRule REQUEST_URI_RAW "(?i:\/forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006859,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:baslik/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005109) ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username
SecRule REQUEST_URI_RAW "(?i:\/artreplydelete\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005109,rev:4,msg:'ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005168) ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id
SecRule REQUEST_URI_RAW "(?i:\/news_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005168,rev:4,msg:'ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005174) ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user
SecRule REQUEST_URI_RAW "(?i:\/user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005174,rev:4,msg:'ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005887) ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005887,rev:4,msg:'ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iPro/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007004) ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID
SecRule REQUEST_URI_RAW "(?i:\/listpics\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007004,rev:3,msg:'ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004323) ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid
SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004323,rev:3,msg:'ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007396) ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid
SecRule REQUEST_URI_RAW "(?i:\/product\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007396,rev:3,msg:'ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:productid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007402) ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007402,rev:3,msg:'ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:search/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007480) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID
SecRule REQUEST_URI_RAW "(?i:\/activenews_view\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007480,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:articleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007485) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007485,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007491) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID
SecRule REQUEST_URI_RAW "(?i:\/activeNews_categories\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007491,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007497) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID
SecRule REQUEST_URI_RAW "(?i:\/activeNews_comments\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007497,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:articleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007503) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query
SecRule REQUEST_URI_RAW "(?i:\/activenews_search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007503,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:query/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004891) ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id
SecRule REQUEST_URI_RAW "(?i:\/HaberDetay\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004891,rev:4,msg:'ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004897) ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid
SecRule REQUEST_URI_RAW "(?i:\/rss\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004897,rev:4,msg:'ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005776) ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005776,rev:4,msg:'ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook'"
SecRule &TX:'/SQL_INJECTION.*ARGS:lang/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004021) ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004021,rev:4,msg:'ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pack/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004721) ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id
SecRule REQUEST_URI_RAW "(?i:\/section\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004721,rev:4,msg:'ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006565) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id
SecRule REQUEST_URI_RAW "(?i:\/email\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006565,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006571) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no
SecRule REQUEST_URI_RAW "(?i:\/voirannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006571,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:no/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006577) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre
SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_membre\/fiche_membre\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006577,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:idmembre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006583) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce
SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_annonce\/okvalannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006583,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:idannonce/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006589) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce
SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_annonce\/changeannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006589,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:idannonce/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006787) ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici
SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006787,rev:3,msg:'ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kullanici/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006793) ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola
SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006793,rev:3,msg:'ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee'"
SecRule &TX:'/SQL_INJECTION.*ARGS:parola/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004728) ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID
SecRule REQUEST_URI_RAW "(?i:\/system\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004728,rev:4,msg:'ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins'"
SecRule &TX:'/SQL_INJECTION.*ARGS:PHPSESSID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007456) ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob
SecRule REQUEST_URI_RAW "(?i:\/publications_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007456,rev:3,msg:'ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:vjob/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007462) ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID
SecRule REQUEST_URI_RAW "(?i:\/publication_view\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007462,rev:3,msg:'ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:InfoID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004335) ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004335,rev:4,msg:'ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:layout/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007215) ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id
SecRule REQUEST_URI_RAW "(?i:\/edit\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007215,rev:3,msg:'ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006337) ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php
SecRule REQUEST_URI_RAW "(?i:\/bt\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006337,rev:4,msg:'ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004832) ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd
SecRule REQUEST_URI_RAW "(?i:\/admin\/config\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004832,rev:4,msg:'ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sqlcmd/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004027) ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style
SecRule REQUEST_URI_RAW "(?i:\/account_change\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004027,rev:4,msg:'ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:style/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004033) ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue
SecRule REQUEST_URI_RAW "(?i:\/account_change\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004033,rev:4,msg:'ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:langue/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004989) ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by
SecRule REQUEST_URI_RAW "(?i:\/torrents\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004989,rev:4,msg:'ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:by/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004995) ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order
SecRule REQUEST_URI_RAW "(?i:\/torrents\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004995,rev:4,msg:'ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003780) ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id
SecRule REQUEST_URI_RAW "(?i:\/bry\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003780,rev:4,msg:'ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006253) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid
SecRule REQUEST_URI_RAW "(?i:\/HABERLER\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006253,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006259) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id
SecRule REQUEST_URI_RAW "(?i:\/HABERLER\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006259,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006265) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id
SecRule REQUEST_URI_RAW "(?i:\/ASPKAT\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006265,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006271) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid
SecRule REQUEST_URI_RAW "(?i:\/ASPKAT\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006271,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006277) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id
SecRule REQUEST_URI_RAW "(?i:\/down\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006277,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003797) ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid
SecRule REQUEST_URI_RAW "(?i:\/stylesheet\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003797,rev:5,msg:'ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:templateid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006169) ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID
SecRule REQUEST_URI_RAW "(?i:\/calendar_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006169,rev:4,msg:'ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006187) ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID
SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_mail_adressee\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006187,rev:4,msg:'ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007468) ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy
SecRule REQUEST_URI_RAW "(?i:\/openPolicy\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007468,rev:3,msg:'ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress'"
SecRule &TX:'/SQL_INJECTION.*ARGS:policy/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007474) ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand
SecRule REQUEST_URI_RAW "(?i:\/prodList\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007474,rev:3,msg:'ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress'"
SecRule &TX:'/SQL_INJECTION.*ARGS:brand/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007227) ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date
SecRule REQUEST_URI_RAW "(?i:\/displayCalendar\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007227,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:date/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007233) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage
SecRule REQUEST_URI_RAW "(?i:\/view_gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007233,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007239) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id
SecRule REQUEST_URI_RAW "(?i:\/view_gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007239,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:gallery_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007245) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id
SecRule REQUEST_URI_RAW "(?i:\/download_image\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007245,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:image_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007251) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage
SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007251,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007257) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby
SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007257,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:orderby/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007263) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage
SecRule REQUEST_URI_RAW "(?i:\/view_recent\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007263,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007269) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007269,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:AlphaSort/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007275) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007275,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:In/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007281) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007281,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
SecRule &TX:'/SQL_INJECTION.*ARGS:orderby/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004879) ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID
SecRule REQUEST_URI_RAW "(?i:\/inc_listnews\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004879,rev:4,msg:'ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance'"
SecRule &TX:'/SQL_INJECTION.*ARGS:CAT_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006508) ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct
SecRule REQUEST_URI_RAW "(?i:\/comersus_optReviewReadExec\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006508,rev:4,msg:'ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus'"
SecRule &TX:'/SQL_INJECTION.*ARGS:idProduct/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004639) ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004639,rev:4,msg:'ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal'"
SecRule &TX:'/SQL_INJECTION.*ARGS:epi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004709) ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage
SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004709,rev:4,msg:'ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal'"
SecRule &TX:'/SQL_INJECTION.*ARGS:uploadimage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004715) ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004715,rev:4,msg:'ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal'"
SecRule &TX:'/SQL_INJECTION.*ARGS:p_skin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007340) ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007340,rev:3,msg:'ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pageid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006307) ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id
SecRule REQUEST_URI_RAW "(?i:\/haber\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006307,rev:4,msg:'ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004813) ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav
SecRule REQUEST_URI_RAW "(?i:\/thumbnails\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004813,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cpg131_fav/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005845) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat
SecRule REQUEST_URI_RAW "(?i:\/albmgr\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005845,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005851) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid
SecRule REQUEST_URI_RAW "(?i:\/usermgr\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005851,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:gid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005857) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start
SecRule REQUEST_URI_RAW "(?i:\/db_ecard\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005857,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:start/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003756) ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id
SecRule REQUEST_URI_RAW "(?i:\/error\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003756,rev:4,msg:'ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005863) ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid
SecRule REQUEST_URI_RAW "(?i:\/cats\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005863,rev:4,msg:'ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004039) ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php
SecRule REQUEST_URI_RAW "(?i:\/cart\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004039,rev:4,msg:'ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2004087) ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid
SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004087,rev:4,msg:'ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004460) ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid
SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004460,rev:4,msg:'ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newsid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004687) ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid
SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004687,rev:4,msg:'ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
SecRule &TX:'/SQL_INJECTION.*ARGS:mid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006085) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp
SecRule REQUEST_URI_RAW "(?i:\/set_preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006085,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2006091) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp
SecRule REQUEST_URI_RAW "(?i:\/send_password_preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006091,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2006097) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp
SecRule REQUEST_URI_RAW "(?i:\/SecureLoginManager\/list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006097,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2006103) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent
SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006103,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006109) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent
SecRule REQUEST_URI_RAW "(?i:\/content\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006109,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006115) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent
SecRule REQUEST_URI_RAW "(?i:\/members\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006115,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006121) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent
SecRule REQUEST_URI_RAW "(?i:\/applications\/SecureLoginManager\/inc_secureloginmanager\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006121,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005899) ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005899,rev:4,msg:'ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ordernum/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004838) ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id
SecRule REQUEST_URI_RAW "(?i:\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004838,rev:4,msg:'ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online'"
SecRule &TX:'/SQL_INJECTION.*ARGS:art_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005595) ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id
SecRule REQUEST_URI_RAW "(?i:\/visu_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005595,rev:4,msg:'ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005839) ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id
SecRule REQUEST_URI_RAW "(?i:\/info_book\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005839,rev:4,msg:'ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez'"
SecRule &TX:'/SQL_INJECTION.*ARGS:book_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004051) ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen
SecRule REQUEST_URI_RAW "(?i:\/tracking\/courseLog\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004051,rev:4,msg:'ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos'"
SecRule &TX:'/SQL_INJECTION.*ARGS:scormcontopen/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004069) ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course
SecRule REQUEST_URI_RAW "(?i:\/main\/auth\/my_progress\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004069,rev:4,msg:'ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos'"
SecRule &TX:'/SQL_INJECTION.*ARGS:course/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006145) ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID
SecRule REQUEST_URI_RAW "(?i:\/bus_details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006145,rev:4,msg:'ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004389) ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id
SecRule REQUEST_URI_RAW "(?i:\/goster\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004389,rev:4,msg:'ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006691) ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006691,rev:4,msg:'ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iFile/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006698) ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006698,rev:4,msg:'ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
SecRule &TX:'/SQL_INJECTION.*ARGS:action/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006704) ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006704,rev:4,msg:'ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006710) ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006710,rev:4,msg:'ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iCity/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006716) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006716,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iNews/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006722) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006722,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006728) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006728,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Action/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003774) ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a
SecRule REQUEST_URI_RAW "(?i:\/home\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003774,rev:4,msg:'ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:a/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004628) ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank
SecRule REQUEST_URI_RAW "(?i:\/listmembers\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004628,rev:4,msg:'ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp'"
SecRule &TX:'/SQL_INJECTION.*ARGS:rank/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005272) ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword
SecRule REQUEST_URI_RAW "(?i:\/admin\/memberlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005272,rev:4,msg:'ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay'"
SecRule &TX:'/SQL_INJECTION.*ARGS:keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005278) ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row
SecRule REQUEST_URI_RAW "(?i:\/admin\/memberlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005278,rev:4,msg:'ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay'"
SecRule &TX:'/SQL_INJECTION.*ARGS:init_row/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005043) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i
SecRule REQUEST_URI_RAW "(?i:\/add_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005043,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:i/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005049) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id
SecRule REQUEST_URI_RAW "(?i:\/add_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005049,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005055) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i
SecRule REQUEST_URI_RAW "(?i:\/list_comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005055,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:i/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006558) ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId
SecRule REQUEST_URI_RAW "(?i:\/sptrees\/default\.aspx)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006558,rev:3,msg:'ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyPage'"
SecRule &TX:'/SQL_INJECTION.*ARGS:docId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005091) ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005091,rev:4,msg:'ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eclectic_Designs'"
SecRule &TX:'/SQL_INJECTION.*ARGS:qid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005115) ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005115,rev:4,msg:'ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eclectic_Designs'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005989) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup
SecRule REQUEST_URI_RAW "(?i:\/admin\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005989,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
SecRule &TX:'/SQL_INJECTION.*ARGS:grup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005995) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005995,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006001) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id
SecRule REQUEST_URI_RAW "(?i:\/admin\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006001,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006163) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006163,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
SecRule &TX:'/SQL_INJECTION.*ARGS:grup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006453) ET WEB_SPECIFIC Elxis CMS SQL Injection Attempt -- mod_banners.php
SecRule REQUEST_URI_RAW "(?i:\/mod_banners\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006453,rev:4,msg:'ET WEB_SPECIFIC Elxis CMS SQL Injection Attempt -- mod_banners.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Elxis'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2006139) ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID
SecRule REQUEST_URI_RAW "(?i:\/newsdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006139,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006151) ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id
SecRule REQUEST_URI_RAW "(?i:\/Types\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006151,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Type_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006157) ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID
SecRule REQUEST_URI_RAW "(?i:\/actualpic\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006157,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Biz_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007046) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID
SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007046,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:AD_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007052) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id
SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007052,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007058) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id
SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007058,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sub_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007028) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id
SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007028,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ad_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007034) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid
SecRule REQUEST_URI_RAW "(?i:\/dircat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007034,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007040) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid
SecRule REQUEST_URI_RAW "(?i:\/dirSub\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007040,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007080) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid
SecRule REQUEST_URI_RAW "(?i:\/dircat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007080,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007086) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid
SecRule REQUEST_URI_RAW "(?i:\/dirSub\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007086,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007092) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID
SecRule REQUEST_URI_RAW "(?i:\/types\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007092,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:TYPE_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007098) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID
SecRule REQUEST_URI_RAW "(?i:\/homeDetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007098,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:AD_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007104) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat
SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007104,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007110) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare
SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007110,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:compare/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007116) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear
SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007116,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:clear/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007122) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID
SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007122,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:adID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007128) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice
SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007128,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:aminprice/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007134) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice
SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007134,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:amaxprice/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007140) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms
SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007140,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
SecRule &TX:'/SQL_INJECTION.*ARGS:abedrooms/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005260) ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat
SecRule REQUEST_URI_RAW "(?i:\/show_owned\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005260,rev:4,msg:'ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthusiast'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005266) ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat
SecRule REQUEST_URI_RAW "(?i:\/show_joined\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005266,rev:4,msg:'ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthusiast'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006223) ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user
SecRule REQUEST_URI_RAW "(?i:\/administration\/administre2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006223,rev:4,msg:'ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eric_Guillaume'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id_user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005881) ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id
SecRule REQUEST_URI_RAW "(?i:\/productdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005881,rev:4,msg:'ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Esmartcart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:product_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005340) ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template
SecRule REQUEST_URI_RAW "(?i:\/style\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005340,rev:4,msg:'ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Evision'"
SecRule &TX:'/SQL_INJECTION.*ARGS:template/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007064) ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno
SecRule REQUEST_URI_RAW "(?i:\/products\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007064,rev:3,msg:'ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Evolve'"
SecRule &TX:'/SQL_INJECTION.*ARGS:partno/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005085) ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id
SecRule REQUEST_URI_RAW "(?i:\/faq\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005085,rev:4,msg:'ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ExoPHPDesk'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006817) ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex
SecRule REQUEST_URI_RAW "(?i:\/articles\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006817,rev:4,msg:'ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Expinion.net'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ex/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006343) ET WEB_SPECIFIC EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp
SecRule REQUEST_URI_RAW "(?i:\/vdateUsr\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006343,rev:4,msg:'ET WEB_SPECIFIC EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EzHRS'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005619) ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid
SecRule REQUEST_URI_RAW "(?i:\/boxx\/ShowAppendix\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005619,rev:4,msg:'ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ezboxx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003850) ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref
SecRule REQUEST_URI_RAW "(?i:\/question\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003850,rev:4,msg:'ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FAQEngine'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:questionref/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006127) ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006127,rev:4,msg:'ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FUM'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006331) ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id
SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006331,rev:4,msg:'ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fantastic_News'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003792) ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003792,rev:4,msg:'ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FileRun'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006902) ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat
SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006902,rev:4,msg:'ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FipsSHOP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006908) ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did
SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006908,rev:4,msg:'ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FipsSHOP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007186) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id
SecRule REQUEST_URI_RAW "(?i:\/filelist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007186,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:show_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007192) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid
SecRule REQUEST_URI_RAW "(?i:\/filelist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007192,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:parentid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007198) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid
SecRule REQUEST_URI_RAW "(?i:\/showfile\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007198,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003827) ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid
SecRule REQUEST_URI_RAW "(?i:\/game\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003827,rev:4,msg:'ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Flashgames'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:lid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005150) ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user
SecRule REQUEST_URI_RAW "(?i:\/info_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005150,rev:4,msg:'ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Forum_Livre'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004921) ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat
SecRule REQUEST_URI_RAW "(?i:\/listmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004921,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005079) ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id
SecRule REQUEST_URI_RAW "(?i:\/windows\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005079,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kategori_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005376) ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id
SecRule REQUEST_URI_RAW "(?i:\/down_indir\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005376,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006465) ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- index.cfm
SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006465,rev:4,msg:'ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- index.cfm ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fusetalk'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2006471) ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode
SecRule REQUEST_URI_RAW "(?i:\/forum\/include\/error\/autherror\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006471,rev:4,msg:'ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fusetalk'"
SecRule &TX:'/SQL_INJECTION.*ARGS:errorcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006193) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId
SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006193,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newsId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006199) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid
SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006199,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006205) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId
SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006205,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
SecRule &TX:'/SQL_INJECTION.*ARGS:langId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005334) ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic
SecRule REQUEST_URI_RAW "(?i:\/low\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005334,rev:4,msg:'ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fuzzylime'"
SecRule &TX:'/SQL_INJECTION.*ARGS:topic/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004003) ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id
SecRule REQUEST_URI_RAW "(?i:\/down_indir\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004003,rev:4,msg:'ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Gazi'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004401) ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori
SecRule REQUEST_URI_RAW "(?i:\/kategori\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004401,rev:4,msg:'ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_GaziYapBoz'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kategori/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005013) ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user
SecRule REQUEST_URI_RAW "(?i:\/inc\/common\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005013,rev:4,msg:'ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_GlobalMegaCorp'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003844) ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid
SecRule REQUEST_URI_RAW "(?i:\/glossaire\-p\-f\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003844,rev:4,msg:'ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Glossaire'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004353) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id
SecRule REQUEST_URI_RAW "(?i:\/userdetail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004353,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004359) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id
SecRule REQUEST_URI_RAW "(?i:\/jump\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004359,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004365) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id
SecRule REQUEST_URI_RAW "(?i:\/detail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004365,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004371) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url
SecRule REQUEST_URI_RAW "(?i:\/jump\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004371,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:url/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005311) ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id
SecRule REQUEST_URI_RAW "(?i:\/print\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005311,rev:4,msg:'ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Guo_Xu_Guos'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004395) ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004395,rev:4,msg:'ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HC_News'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007408) ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd
SecRule REQUEST_URI_RAW "(?i:\/addrating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007408,rev:3,msg:'ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HIOX'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ipadd/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007414) ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url
SecRule REQUEST_URI_RAW "(?i:\/addrating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007414,rev:3,msg:'ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HIOX'"
SecRule &TX:'/SQL_INJECTION.*ARGS:url/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004425) ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre
SecRule REQUEST_URI_RAW "(?i:\/giris_yap\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004425,rev:4,msg:'ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hazir'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sifre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004633) ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id
SecRule REQUEST_URI_RAW "(?i:\/haberoku\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004633,rev:4,msg:'ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hunkaray'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005067) ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id
SecRule REQUEST_URI_RAW "(?i:\/oku\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005067,rev:4,msg:'ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hunkaray'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005643) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id
SecRule REQUEST_URI_RAW "(?i:\/dispimage\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005643,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005649) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005649,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005655) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005655,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006866) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id
SecRule REQUEST_URI_RAW "(?i:\/rating\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006866,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006872) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid
SecRule REQUEST_URI_RAW "(?i:\/meal_rest\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006872,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
SecRule &TX:'/SQL_INJECTION.*ARGS:mealid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006878) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid
SecRule REQUEST_URI_RAW "(?i:\/res_details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006878,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
SecRule &TX:'/SQL_INJECTION.*ARGS:resid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004801) ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP
SecRule REQUEST_URI_RAW "(?i:\/classes\/class_session\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004801,rev:4,msg:'ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
SecRule &TX:'/SQL_INJECTION.*ARGS:CLIENT_IP/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006673) ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img
SecRule REQUEST_URI_RAW "(?i:\/forum\/modules\/gallery\/post\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006673,rev:4,msg:'ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
SecRule &TX:'/SQL_INJECTION.*ARGS:img/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006679) ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006679,rev:4,msg:'ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
SecRule &TX:'/SQL_INJECTION.*ARGS:img/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006685) ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid
SecRule REQUEST_URI_RAW "(?i:\/lib\/entry_reply_entry\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006685,rev:4,msg:'ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
SecRule &TX:'/SQL_INJECTION.*ARGS:eid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006211) ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id
SecRule REQUEST_URI_RAW "(?i:\/ixm_ixpnews\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006211,rev:4,msg:'ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ixprim'"
SecRule &TX:'/SQL_INJECTION.*ARGS:story_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005346) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass
SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005346,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005364) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user
SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005364,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005370) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass
SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005370,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004156) ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004156,rev:4,msg:'ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JGBBS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:title/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004341) ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004341,rev:4,msg:'ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JGBBS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:author/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004484) ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq
SecRule REQUEST_URI_RAW "(?i:\/G_Display\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004484,rev:4,msg:'ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JackKnife'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iCategoryUnq/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004490) ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID
SecRule REQUEST_URI_RAW "(?i:\/Search\/DisplayResults\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004490,rev:4,msg:'ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JackKnife'"
SecRule &TX:'/SQL_INJECTION.*ARGS:iSearchID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006496) ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username
SecRule REQUEST_URI_RAW "(?i:\/login\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006496,rev:4,msg:'ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jasmine_CMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:login_username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006502) ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item
SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006502,rev:4,msg:'ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jasmine_CMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:item/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004081) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php
SecRule REQUEST_URI_RAW "(?i:\/admincp\/attachment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004081,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2004150) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php
SecRule REQUEST_URI_RAW "(?i:\/admincp\/attachment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004150,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004670) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids
SecRule REQUEST_URI_RAW "(?i:\/inlinemod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004670,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
SecRule &TX:'/SQL_INJECTION.*ARGS:postids/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003943) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- main_page.php
SecRule REQUEST_URI_RAW "(?i:\/main_page\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003943,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- main_page.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2003949) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- open_tree.php
SecRule REQUEST_URI_RAW "(?i:\/open_tree\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003949,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- open_tree.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2003955) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- outputs.php
SecRule REQUEST_URI_RAW "(?i:\/outputs\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003955,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- outputs.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2003961) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003961,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
SecRule &TX:'/SQL_INJECTION.*ARGS:view/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003967) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- opentree.php id
SecRule REQUEST_URI_RAW "(?i:\/admin\/cms\/opentree\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003967,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- opentree.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
SecRule REQUEST_URI_RAW "@contains id[" "chain"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2003973) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003973,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
SecRule &TX:'/SQL_INJECTION.*ARGS:login/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007348) ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID
SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007348,rev:3,msg:'ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
SecRule &TX:'/SQL_INJECTION.*ARGS:tID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007354) ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID
SecRule REQUEST_URI_RAW "(?i:\/openlink\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007354,rev:3,msg:'ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
SecRule &TX:'/SQL_INJECTION.*ARGS:LinkID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007360) ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID
SecRule REQUEST_URI_RAW "(?i:\/viewlinks\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007360,rev:3,msg:'ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
SecRule &TX:'/SQL_INJECTION.*ARGS:CategoryID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004377) ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary
SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004377,rev:4,msg:'ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jobsitepro'"
SecRule &TX:'/SQL_INJECTION.*ARGS:salary/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003762) ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003762,rev:4,msg:'ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_John_Mordo'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005296) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid
SecRule REQUEST_URI_RAW "(?i:\/models\/category\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005296,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005302) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id
SecRule REQUEST_URI_RAW "(?i:\/letterman\.class\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005302,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005394) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php
SecRule REQUEST_URI_RAW "(?i:\/plugins\/user\/example\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005394,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005400) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- gmail.php
SecRule REQUEST_URI_RAW "(?i:\/gmail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005400,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- gmail.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005406) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php
SecRule REQUEST_URI_RAW "(?i:\/example\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005406,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005412) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- ldap.php
SecRule REQUEST_URI_RAW "(?i:\/plugins\/authentication\/ldap\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005412,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- ldap.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005418) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- menu.php
SecRule REQUEST_URI_RAW "(?i:\/modules\/mod_mainmenu\/menu\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005418,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- menu.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005424) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where
SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/content\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005424,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule &TX:'/SQL_INJECTION.*ARGS:where/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005430) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where
SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/weblinks\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005430,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule &TX:'/SQL_INJECTION.*ARGS:where/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005436) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text
SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/contacts\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005436,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005442) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text
SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/categories\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005442,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005448) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text
SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/sections\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005448,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005454) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email
SecRule REQUEST_URI_RAW "(?i:\/database\/table\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005454,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
SecRule &TX:'/SQL_INJECTION.*ARGS:email/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006764) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category
SecRule REQUEST_URI_RAW "(?i:\/search_listing\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006764,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
SecRule &TX:'/SQL_INJECTION.*ARGS:category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006770) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent
SecRule REQUEST_URI_RAW "(?i:\/search_listing\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006770,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
SecRule &TX:'/SQL_INJECTION.*ARGS:agent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006776) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006776,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
SecRule &TX:'/SQL_INJECTION.*ARGS:property_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004645) ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id
SecRule REQUEST_URI_RAW "(?i:\/news\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004645,rev:4,msg:'ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kartli'"
SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004126) ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004126,rev:4,msg:'ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Katalog_Plyt'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kolumna/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004983) ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid
SecRule REQUEST_URI_RAW "(?i:\/forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004983,rev:4,msg:'ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kisisel'"
SecRule &TX:'/SQL_INJECTION.*ARGS:forumid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005800) ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id
SecRule REQUEST_URI_RAW "(?i:\/down\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005800,rev:4,msg:'ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kolayindir'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004693) ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004693,rev:4,msg:'ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kubix'"
SecRule &TX:'/SQL_INJECTION.*ARGS:member_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005073) ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid
SecRule REQUEST_URI_RAW "(?i:\/i\-search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005073,rev:4,msg:'ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_L2J_DropCalc'"
SecRule &TX:'/SQL_INJECTION.*ARGS:itemid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005977) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w
SecRule REQUEST_URI_RAW "(?i:\/journal\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005977,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LDU'"
SecRule &TX:'/SQL_INJECTION.*ARGS:w/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006319) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id
SecRule REQUEST_URI_RAW "(?i:\/polls\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006319,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LDU'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004527) ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country
SecRule REQUEST_URI_RAW "(?i:\/guestbook\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004527,rev:4,msg:'ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LI_Guestbook'"
SecRule &TX:'/SQL_INJECTION.*ARGS:country/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007298) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id
SecRule REQUEST_URI_RAW "(?i:\/inout\/status\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007298,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007304) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id
SecRule REQUEST_URI_RAW "(?i:\/inout\/update\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007304,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007310) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id
SecRule REQUEST_URI_RAW "(?i:\/forgotpass\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007310,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007316) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid
SecRule REQUEST_URI_RAW "(?i:\/forgotpass\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007316,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007322) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid
SecRule REQUEST_URI_RAW "(?i:\/inout\/update\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007322,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007328) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid
SecRule REQUEST_URI_RAW "(?i:\/inout\/status\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007328,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007334) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id
SecRule REQUEST_URI_RAW "(?i:\/details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007334,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006661) ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni
SecRule REQUEST_URI_RAW "(?i:\/navigacija\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006661,rev:4,msg:'ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_CMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:IDMeniGlavni/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006667) ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci
SecRule REQUEST_URI_RAW "(?i:\/prikazInformacije\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006667,rev:4,msg:'ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_CMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:IDStranicaPodaci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007366) ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch
SecRule REQUEST_URI_RAW "(?i:\/linkslist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007366,rev:3,msg:'ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_Exchange_Lite'"
SecRule &TX:'/SQL_INJECTION.*ARGS:psearch/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007372) ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- search.asp
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007372,rev:3,msg:'ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- search.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_Exchange_Lite'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2004413) ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004413,rev:4,msg:'ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Links_Management'"
SecRule &TX:'/SQL_INJECTION.*ARGS:lcnt/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006477) ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid
SecRule REQUEST_URI_RAW "(?i:\/categoria\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006477,rev:4,msg:'ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LiveCMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005833) ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID
SecRule REQUEST_URI_RAW "(?i:\/main\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005833,rev:4,msg:'ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LocazoList'"
SecRule &TX:'/SQL_INJECTION.*ARGS:subcatID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006325) ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID
SecRule REQUEST_URI_RAW "(?i:\/ProductDetails\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006325,rev:4,msg:'ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lotfian'"
SecRule &TX:'/SQL_INJECTION.*ARGS:PID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004965) ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id
SecRule REQUEST_URI_RAW "(?i:\/comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004965,rev:4,msg:'ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lushi'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004971) ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id
SecRule REQUEST_URI_RAW "(?i:\/register\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004971,rev:4,msg:'ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lushi'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005139) ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005139,rev:4,msg:'ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MDPro'"
SecRule &TX:'/SQL_INJECTION.*ARGS:startrow/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005516) ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id
SecRule REQUEST_URI_RAW "(?i:\/email\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005516,rev:4,msg:'ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGB'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006229) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p
SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006229,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
SecRule &TX:'/SQL_INJECTION.*ARGS:p/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006235) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l
SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006235,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
SecRule &TX:'/SQL_INJECTION.*ARGS:l/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006241) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ
SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006241,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
SecRule &TX:'/SQL_INJECTION.*ARGS:typ/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006247) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc
SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006247,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
SecRule &TX:'/SQL_INJECTION.*ARGS:loc/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003991) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003991,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
SecRule &TX:'/SQL_INJECTION.*ARGS:listid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004431) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname
SecRule REQUEST_URI_RAW "(?i:\/moscomment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004431,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
SecRule &TX:'/SQL_INJECTION.*ARGS:mcname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004437) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname
SecRule REQUEST_URI_RAW "(?i:\/com_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004437,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
SecRule &TX:'/SQL_INJECTION.*ARGS:mcname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004770) ET WEB_SPECIFIC Mambo LaiThai SQL Injection Attempt -- mambo.php
SecRule REQUEST_URI_RAW "(?i:\/includes\/mambo\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004770,rev:4,msg:'ET WEB_SPECIFIC Mambo LaiThai SQL Injection Attempt -- mambo.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005145) ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid
SecRule REQUEST_URI_RAW "(?i:\/news_page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005145,rev:4,msg:'ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Martyn_Kilbryde_Newsposter'"
SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004269) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x
SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004269,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
SecRule REQUEST_URI_RAW "@contains x[" "chain"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004275) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t
SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004275,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
SecRule &TX:'/SQL_INJECTION.*ARGS:t/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004281) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId
SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004281,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
SecRule &TX:'/SQL_INJECTION.*ARGS:productId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004287) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk
SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004287,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sk/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004293) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x
SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004293,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
SecRule &TX:'/SQL_INJECTION.*ARGS:x/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004299) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so
SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004299,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
SecRule &TX:'/SQL_INJECTION.*ARGS:so/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004305) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo
SecRule REQUEST_URI_RAW "(?i:\/order\-track\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004305,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
SecRule &TX:'/SQL_INJECTION.*ARGS:orderNo/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006349) ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa
SecRule REQUEST_URI_RAW "(?i:\/lire\-avis\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006349,rev:4,msg:'ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Messageriescripthp'"
SecRule &TX:'/SQL_INJECTION.*ARGS:aa/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006799) ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi
SecRule REQUEST_URI_RAW "(?i:\/uye_giris_islem\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006799,rev:4,msg:'ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Metyus'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kullanici_ismi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006805) ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre
SecRule REQUEST_URI_RAW "(?i:\/uye_giris_islem\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006805,rev:4,msg:'ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Metyus'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sifre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005607) ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id
SecRule REQUEST_URI_RAW "(?i:\/duyuru\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005607,rev:4,msg:'ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MiNT'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007010) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant
SecRule REQUEST_URI_RAW "(?i:\/item_show\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007010,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id2006quant/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007016) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup
SecRule REQUEST_URI_RAW "(?i:\/item_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007016,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:maingroup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007022) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup
SecRule REQUEST_URI_RAW "(?i:\/item_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007022,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:secondgroup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004168) ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c
SecRule REQUEST_URI_RAW "(?i:\/forum\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004168,rev:4,msg:'ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Minerva'"
SecRule &TX:'/SQL_INJECTION.*ARGS:c/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005782) ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName
SecRule REQUEST_URI_RAW "(?i:\/admin_check_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005782,rev:4,msg:'ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Motionborg'"
SecRule &TX:'/SQL_INJECTION.*ARGS:txtUserName/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003839) ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003839,rev:4,msg:'ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MyConference'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006631) ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details
SecRule REQUEST_URI_RAW "(?i:\/mystats\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006631,rev:4,msg:'ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MyStats'"
SecRule &TX:'/SQL_INJECTION.*ARGS:details/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004616) ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete
SecRule REQUEST_URI_RAW "(?i:\/diary\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004616,rev:4,msg:'ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_My_Datebook'"
SecRule &TX:'/SQL_INJECTION.*ARGS:delete/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004099) ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004099,rev:4,msg:'ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_My_Little_Forum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004746) ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv
SecRule REQUEST_URI_RAW "(?i:\/result\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004746,rev:4,msg:'ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Nabopoll'"
SecRule &TX:'/SQL_INJECTION.*ARGS:surv/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006884) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id
SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006884,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neochrome'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006740) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php
SecRule REQUEST_URI_RAW "(?i:\/plugins\/ipsearch\/ipsearch\.admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006740,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2006746) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php
SecRule REQUEST_URI_RAW "(?i:\/pfs\/pfs\.edit\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006746,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2006752) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.register.inc.php
SecRule REQUEST_URI_RAW "(?i:\/system\/core\/users\/users\.register\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006752,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.register.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2006758) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id
SecRule REQUEST_URI_RAW "(?i:\/polls\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006758,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007292) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id
SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007292,rev:3,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006551) ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id
SecRule REQUEST_URI_RAW "(?i:\/ViewCat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006551,rev:4,msg:'ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NetClassifieds'"
SecRule &TX:'/SQL_INJECTION.*ARGS:s_user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004162) ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID
SecRule REQUEST_URI_RAW "(?i:\/News\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004162,rev:4,msg:'ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NetVIOS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:NewsID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004940) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname
SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004940,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:commentname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004947) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail
SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004947,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:commentmail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004953) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite
SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004953,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:commentwebsite/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004959) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment
SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004959,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:comment/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005679) ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category
SecRule REQUEST_URI_RAW "(?i:\/shared\/code\/cp_functions_downloads\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005679,rev:4,msg:'ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Nicola_Asuni'"
SecRule &TX:'/SQL_INJECTION.*ARGS:download_category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005019) ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id
SecRule REQUEST_URI_RAW "(?i:\/view\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005019,rev:4,msg:'ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Noname_Media_Gallerie'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006595) ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid
SecRule REQUEST_URI_RAW "(?i:\/dagent\/downloadreport\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006595,rev:4,msg:'ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Novell_Zenworks'"
SecRule &TX:'/SQL_INJECTION.*ARGS:agentid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006601) ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass
SecRule REQUEST_URI_RAW "(?i:\/dagent\/downloadreport\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006601,rev:4,msg:'ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Novell_Zenworks'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004311) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php
SecRule REQUEST_URI_RAW "(?i:\/nukesentinel\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004311,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004734) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php
SecRule REQUEST_URI_RAW "(?i:\/nukesentinel\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004734,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004740) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nsbypass.php
SecRule REQUEST_URI_RAW "(?i:\/includes\/nsbypass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004740,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nsbypass.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2006811) ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid
SecRule REQUEST_URI_RAW "(?i:\/viewthread\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006811,rev:4,msg:'ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_O2PHP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005601) ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id
SecRule REQUEST_URI_RAW "(?i:\/etkinlikbak\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005601,rev:4,msg:'ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Okul'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004454) ET WEB_SPECIFIC Omegasoft SQL Injection Attempt -- OmegaMw7.asp
SecRule REQUEST_URI_RAW "(?i:\/OmegaMw7\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004454,rev:4,msg:'ET WEB_SPECIFIC Omegasoft SQL Injection Attempt -- OmegaMw7.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Omegasoft'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004849) ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id
SecRule REQUEST_URI_RAW "(?i:\/user_pages\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004849,rev:4,msg:'ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Online_Web_Building'"
SecRule &TX:'/SQL_INJECTION.*ARGS:art_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005941) ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate
SecRule REQUEST_URI_RAW "(?i:\/login\/register\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005941,rev:4,msg:'ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Outfront'"
SecRule &TX:'/SQL_INJECTION.*ARGS:UserUpdate/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005947) ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- a_register.asp
SecRule REQUEST_URI_RAW "(?i:\/includes\/a_register\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005947,rev:4,msg:'ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- a_register.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Outfront'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004245) ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip
SecRule REQUEST_URI_RAW "(?i:\/php\-stats\.recphp\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004245,rev:4,msg:'ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP-Stats'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ip/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006514) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006514,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Outgoing_Type_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006520) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006520,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Outgoing_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006526) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006526,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Project_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006532) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006532,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Client_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006538) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006538,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Invoice_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006544) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006544,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Vendor_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005971) ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id
SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_acronyms\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005971,rev:4,msg:'ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPBB'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006973) ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id
SecRule REQUEST_URI_RAW "(?i:\/admin_hacks_list\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006973,rev:4,msg:'ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPBB'"
SecRule &TX:'/SQL_INJECTION.*ARGS:hack_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004045) ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id
SecRule REQUEST_URI_RAW "(?i:\/modules\/admin\/modules\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004045,rev:4,msg:'ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPEcho'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003809) ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER
SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003809,rev:4,msg:'ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPHoo3'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:ADMIN_USER/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003815) ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS
SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003815,rev:4,msg:'ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPHoo3'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:ADMIN_PASS/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004699) ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid
SecRule REQUEST_URI_RAW "(?i:\/include\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004699,rev:4,msg:'ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPKit'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005788) ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid
SecRule REQUEST_URI_RAW "(?i:\/comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005788,rev:4,msg:'ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPKit'"
SecRule &TX:'/SQL_INJECTION.*ARGS:subid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004704) ET WEB_SPECIFIC PHPWind SQL Injection Attempt -- admin.php
SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004704,rev:4,msg:'ET WEB_SPECIFIC PHPWind SQL Injection Attempt -- admin.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPWind'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004329) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang
SecRule REQUEST_URI_RAW "(?i:\/mainfile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004329,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:lang/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004855) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id
SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004855,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:category_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005460) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active
SecRule REQUEST_URI_RAW "(?i:\/admin\/modules\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005460,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:active/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005466) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class
SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005466,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ad_class/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005472) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl
SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005472,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:imageurl/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005478) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl
SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005478,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:clickurl/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005484) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code
SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005484,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ad_code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005491) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position
SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005491,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:position/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005589) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat
SecRule REQUEST_URI_RAW "(?i:\/blocks\/block\-Old_Articles\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005589,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006931) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid
SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006931,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006937) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid
SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006937,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007180) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid
SecRule REQUEST_URI_RAW "(?i:\/modules\/News\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007180,rev:3,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005905) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage
SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005905,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newmessage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005911) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname
SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005911,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005917) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite
SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005917,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newwebsite/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005923) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail
SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005923,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newemail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004610) ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004610,rev:4,msg:'ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PNphpBB2'"
SecRule &TX:'/SQL_INJECTION.*ARGS:c/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004934) ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id
SecRule REQUEST_URI_RAW "(?i:\/item\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004934,rev:4,msg:'ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PSY_Auction'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006734) ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006734,rev:4,msg:'ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PWP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:main/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004263) ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid
SecRule REQUEST_URI_RAW "(?i:\/post\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004263,rev:4,msg:'ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Blogger'"
SecRule &TX:'/SQL_INJECTION.*ARGS:postid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005220) ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month
SecRule REQUEST_URI_RAW "(?i:\/archives\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005220,rev:4,msg:'ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Blogger'"
SecRule &TX:'/SQL_INJECTION.*ARGS:month/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004622) ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment
SecRule REQUEST_URI_RAW "(?i:\/viewimage\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004622,rev:4,msg:'ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Gallery'"
SecRule &TX:'/SQL_INJECTION.*ARGS:editcomment/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004093) ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004093,rev:4,msg:'ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Phil-A-Form'"
SecRule &TX:'/SQL_INJECTION.*ARGS:form_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004928) ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid
SecRule REQUEST_URI_RAW "(?i:\/philboard_forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004928,rev:4,msg:'ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Philboard'"
SecRule &TX:'/SQL_INJECTION.*ARGS:forumid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004909) ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id
SecRule REQUEST_URI_RAW "(?i:\/pollmentorres\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004909,rev:4,msg:'ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PollMentor'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005625) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid
SecRule REQUEST_URI_RAW "(?i:\/simplog\/archive\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005625,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
SecRule &TX:'/SQL_INJECTION.*ARGS:blogid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005631) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid
SecRule REQUEST_URI_RAW "(?i:\/simplog\/archive\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005631,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005637) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid
SecRule REQUEST_URI_RAW "(?i:\/simplog\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005637,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
SecRule &TX:'/SQL_INJECTION.*ARGS:blogid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003803) ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003803,rev:4,msg:'ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PostNuke'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006355) ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa
SecRule REQUEST_URI_RAW "(?i:\/lire\-avis\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006355,rev:4,msg:'ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ProNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:aa/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005685) ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id
SecRule REQUEST_URI_RAW "(?i:\/viewad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005685,rev:4,msg:'ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rapid_Classified'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005025) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user
SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005025,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005031) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password
SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005031,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
SecRule &TX:'/SQL_INJECTION.*ARGS:password/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005097) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id
SecRule REQUEST_URI_RAW "(?i:\/user_confirm\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005097,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005103) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass
SecRule REQUEST_URI_RAW "(?i:\/user_confirm\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005103,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006943) ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid
SecRule REQUEST_URI_RAW "(?i:\/recipe\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006943,rev:3,msg:'ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Recipes_Complete'"
SecRule &TX:'/SQL_INJECTION.*ARGS:recipeid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006949) ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid
SecRule REQUEST_URI_RAW "(?i:\/list\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006949,rev:3,msg:'ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Recipes_Complete'"
SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003833) ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv
SecRule REQUEST_URI_RAW "(?i:\/edit_day\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003833,rev:4,msg:'ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ResManager'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:id_reserv/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004604) ET WEB_SPECIFIC RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php
SecRule REQUEST_URI_RAW "(?i:\/inc\/class_users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004604,rev:4,msg:'ET WEB_SPECIFIC RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RevokeSoft'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005691) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID
SecRule REQUEST_URI_RAW "(?i:\/listfull\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005691,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005697) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID
SecRule REQUEST_URI_RAW "(?i:\/printmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005697,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005703) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat
SecRule REQUEST_URI_RAW "(?i:\/listmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005703,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005709) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat
SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005709,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005715) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat
SecRule REQUEST_URI_RAW "(?i:\/searchmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005715,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005721) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword
SecRule REQUEST_URI_RAW "(?i:\/searchkey\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005721,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005727) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area
SecRule REQUEST_URI_RAW "(?i:\/searchmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005727,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:area/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005733) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area
SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005733,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:area/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005740) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin
SecRule REQUEST_URI_RAW "(?i:\/searchkey\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005740,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:searchin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005746) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1
SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005746,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cost1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005752) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2
SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005752,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cost2/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005758) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1
SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005758,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:acreage1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005764) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1
SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005764,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
SecRule &TX:'/SQL_INJECTION.*ARGS:squarefeet1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004664) ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004664,rev:4,msg:'ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rigter_portal'"
SecRule &TX:'/SQL_INJECTION.*ARGS:categoria/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003821) ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries
SecRule REQUEST_URI_RAW "(?i:\/class\/debug\/debug_show\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003821,rev:4,msg:'ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RunCMS'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:executed_queries/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003862) ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id
SecRule REQUEST_URI_RAW "(?i:\/devami\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003862,rev:4,msg:'ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RunawaySoft'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004467) ET WEB_SPECIFIC SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp
SecRule REQUEST_URI_RAW "(?i:\/cgi\-bin\/reorder2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004467,rev:4,msg:'ET WEB_SPECIFIC SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Salescart'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004497) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name
SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004497,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
SecRule &TX:'/SQL_INJECTION.*ARGS:name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004503) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country
SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004503,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
SecRule &TX:'/SQL_INJECTION.*ARGS:country/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004509) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email
SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004509,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
SecRule &TX:'/SQL_INJECTION.*ARGS:email/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004515) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website
SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004515,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
SecRule &TX:'/SQL_INJECTION.*ARGS:website/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004521) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message
SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004521,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
SecRule &TX:'/SQL_INJECTION.*ARGS:message/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004120) ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004120,rev:4,msg:'ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ScriptMagix'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006313) ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid
SecRule REQUEST_URI_RAW "(?i:\/utilities\/usermessages\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006313,rev:4,msg:'ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ScriptMate'"
SecRule &TX:'/SQL_INJECTION.*ARGS:mesid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004419) ET WEB_SPECIFIC Serendipity SQL Injection Attempt -- index.php serendipity
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004419,rev:4,msg:'ET WEB_SPECIFIC Serendipity SQL Injection Attempt -- index.php serendipity ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Serendipity'"
SecRule REQUEST_URI_RAW "@contains serendipity[multiCat][" "chain"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005794) ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID
SecRule REQUEST_URI_RAW "(?i:\/orange\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005794,rev:4,msg:'ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ShopStoreNow'"
SecRule &TX:'/SQL_INJECTION.*ARGS:CatID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003856) ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr
SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003856,rev:4,msg:'ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SimpleNews'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:newsnr/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004783) ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username
SecRule REQUEST_URI_RAW "(?i:\/logon_user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004783,rev:4,msg:'ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_PHP_Portal'"
SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004789) ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username
SecRule REQUEST_URI_RAW "(?i:\/update_profile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004789,rev:4,msg:'ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_PHP_Portal'"
SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005875) ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id
SecRule REQUEST_URI_RAW "(?i:\/page\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005875,rev:4,msg:'ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_Web_CMS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005522) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005522,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ps/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005528) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005528,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:us/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005534) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005534,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:f/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005540) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005540,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005546) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code
SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005546,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005552) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f
SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005552,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:f/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005558) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us
SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005558,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:us/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005564) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps
SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005564,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ps/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004867) ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id
SecRule REQUEST_URI_RAW "(?i:\/pop_profile\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004867,rev:4,msg:'ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Snitz'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006133) ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent
SecRule REQUEST_URI_RAW "(?i:\/list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006133,rev:4,msg:'ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Softwebs'"
SecRule &TX:'/SQL_INJECTION.*ARGS:agent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006484) ET WEB_SPECIFIC Solar Empire SQL Injection Attempt -- game_listing.php
SecRule REQUEST_URI_RAW "(?i:\/game_listing\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006484,rev:4,msg:'ET WEB_SPECIFIC Solar Empire SQL Injection Attempt -- game_listing.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Solar_Empire'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2004383) ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004383,rev:4,msg:'ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SonicMailer'"
SecRule &TX:'/SQL_INJECTION.*ARGS:list/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004820) ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category
SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004820,rev:4,msg:'ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Sphider'"
SecRule &TX:'/SQL_INJECTION.*ARGS:category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005156) ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines
SecRule REQUEST_URI_RAW "(?i:\/rss\/show_webfeed\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005156,rev:4,msg:'ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SpoonLabs'"
SecRule &TX:'/SQL_INJECTION.*ARGS:wcHeadlines/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004826) ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat
SecRule REQUEST_URI_RAW "(?i:\/directory\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004826,rev:4,msg:'ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Super_Link_Exchange'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006637) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp
SecRule REQUEST_URI_RAW "(?i:\/sendarticle\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006637,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2006643) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp
SecRule REQUEST_URI_RAW "(?i:\/printarticle\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006643,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
# (sid 2006649) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID
SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006649,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006655) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID
SecRule REQUEST_URI_RAW "(?i:\/preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006655,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005571) ET WEB_SPECIFIC ThWboard SQL Injection Attempt -- index.php board
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005571,rev:4,msg:'ET WEB_SPECIFIC ThWboard SQL Injection Attempt -- index.php board ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ThWboard'"
SecRule REQUEST_URI_RAW "@contains board[" "chain"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2006007) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006007,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:lastname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006013) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006013,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:firstname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006019) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006019,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:passwordOld/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006025) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006025,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:passwordNew/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006031) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006031,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006037) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006037,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:language/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006043) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006043,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:defaultLetter/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006049) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006049,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newuserPass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006055) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006055,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newuserType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006061) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006061,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newuserEmail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006067) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo
SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006067,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:goTo/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006073) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search
SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006073,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:search/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006079) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName
SecRule REQUEST_URI_RAW "(?i:\/save\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006079,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
SecRule &TX:'/SQL_INJECTION.*ARGS:groupAddName/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004873) ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id
SecRule REQUEST_URI_RAW "(?i:\/h_goster\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004873,rev:4,msg:'ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Turuncu'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004676) ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug
SecRule REQUEST_URI_RAW "(?i:\/ViewReport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004676,rev:4,msg:'ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Tyger_Bug_Tracker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:bug/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004681) ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s
SecRule REQUEST_URI_RAW "(?i:\/ViewBugs\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004681,rev:4,msg:'ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Tyger_Bug_Tracker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:s/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005237) ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid
SecRule REQUEST_URI_RAW "(?i:\/banner\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005237,rev:4,msg:'ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_UDS'"
SecRule &TX:'/SQL_INJECTION.*ARGS:bid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006890) ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci
SecRule REQUEST_URI_RAW "(?i:\/slideshow\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006890,rev:4,msg:'ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Uapplication'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006896) ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci
SecRule REQUEST_URI_RAW "(?i:\/thumbnails\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006896,rev:4,msg:'ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Uapplication'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005007) ET WEB_SPECIFIC Ublog Reload SQL Injection Attempt -- badword.asp
SecRule REQUEST_URI_RAW "(?i:\/badword\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005007,rev:4,msg:'ET WEB_SPECIFIC Ublog Reload SQL Injection Attempt -- badword.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ublog'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2007203) ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat
SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007203,rev:3,msg:'ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ultimate_Survey'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007209) ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did
SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007209,rev:3,msg:'ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ultimate_Survey'"
SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005673) ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname
SecRule REQUEST_URI_RAW "(?i:\/shopgiftregsearch\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005673,rev:4,msg:'ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_VP-ASP'"
SecRule &TX:'/SQL_INJECTION.*ARGS:LoginLastname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006607) ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user
SecRule REQUEST_URI_RAW "(?i:\/vf_memberdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006607,rev:4,msg:'ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_VT_Forum'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006283) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod
SecRule REQUEST_URI_RAW "(?i:\/repass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006283,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:nick_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006289) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick
SecRule REQUEST_URI_RAW "(?i:\/repass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006289,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:nick/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006295) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick
SecRule REQUEST_URI_RAW "(?i:\/verify\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006295,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:nick/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006301) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod
SecRule REQUEST_URI_RAW "(?i:\/verify\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006301,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:nick_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005497) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid
SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005497,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:Itemid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005503) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id
SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005503,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:product_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005509) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id
SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005509,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
SecRule &TX:'/SQL_INJECTION.*ARGS:category_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003997) ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id
SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003997,rev:4,msg:'ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vizayn'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005893) ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id
SecRule REQUEST_URI_RAW "(?i:\/haberdetay\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005893,rev:4,msg:'ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vizayn'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007420) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat
SecRule REQUEST_URI_RAW "(?i:\/cat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007420,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007426) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007426,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007432) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007432,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007438) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007438,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sort/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007444) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007444,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:menuSelect/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007450) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state
SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007450,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
SecRule &TX:'/SQL_INJECTION.*ARGS:state/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004132) ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum
SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004132,rev:4,msg:'ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W-Agora'"
SecRule &TX:'/SQL_INJECTION.*ARGS:search_forum/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004138) ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user
SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004138,rev:4,msg:'ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W-Agora'"
SecRule &TX:'/SQL_INJECTION.*ARGS:search_user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004651) ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id
SecRule REQUEST_URI_RAW "(?i:\/urunbak\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004651,rev:4,msg:'ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W1L3D4_WEBmarlet'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005308) ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft
SecRule REQUEST_URI_RAW "(?i:\/mailer\.w2b)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005308,rev:4,msg:'ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W2B'"
SecRule &TX:'/SQL_INJECTION.*ARGS:draft/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005190) ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay
SecRule REQUEST_URI_RAW "(?i:\/DocPay\.w2b)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005190,rev:4,msg:'ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W2B'"
SecRule &TX:'/SQL_INJECTION.*ARGS:listDocPay/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004318) ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004318,rev:4,msg:'ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WBBlog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:e_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005953) ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key
SecRule REQUEST_URI_RAW "(?i:\/coupon_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005953,rev:4,msg:'ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WDFL'"
SecRule &TX:'/SQL_INJECTION.*ARGS:key/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003768) ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid
SecRule REQUEST_URI_RAW "(?i:\/viewcat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003768,rev:4,msg:'ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WF-Links'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004257) ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id
SecRule REQUEST_URI_RAW "(?i:\/comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004257,rev:4,msg:'ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WSN'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006459) ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page
SecRule REQUEST_URI_RAW "(?i:\/content\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006459,rev:4,msg:'ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WSPortal'"
SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005959) ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num
SecRule REQUEST_URI_RAW "(?i:\/phonemessage\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005959,rev:4,msg:'ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WYWO'"
SecRule &TX:'/SQL_INJECTION.*ARGS:num/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005965) ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode
SecRule REQUEST_URI_RAW "(?i:\/faqDsp\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005965,rev:4,msg:'ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WYWO'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006979) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login
SecRule REQUEST_URI_RAW "(?i:\/process\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006979,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
SecRule &TX:'/SQL_INJECTION.*ARGS:login/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006985) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password
SecRule REQUEST_URI_RAW "(?i:\/process\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006985,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
SecRule &TX:'/SQL_INJECTION.*ARGS:password/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006991) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid
SecRule REQUEST_URI_RAW "(?i:\/dlwallpaper\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006991,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
SecRule &TX:'/SQL_INJECTION.*ARGS:wallpaperid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006997) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid
SecRule REQUEST_URI_RAW "(?i:\/wallpaper\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006997,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
SecRule &TX:'/SQL_INJECTION.*ARGS:wallpaperid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007074) ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID
SecRule REQUEST_URI_RAW "(?i:\/item\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007074,rev:3,msg:'ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Warhound'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ItemID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004758) ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004758,rev:4,msg:'ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebMplayer'"
SecRule &TX:'/SQL_INJECTION.*ARGS:strid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004764) ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- filecheck.php id
SecRule REQUEST_URI_RAW "(?i:\/filecheck\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004764,rev:4,msg:'ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- filecheck.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebMplayer'"
SecRule REQUEST_URI_RAW "@contains id[" "chain"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004915) ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID
SecRule REQUEST_URI_RAW "(?i:\/directions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004915,rev:4,msg:'ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebTester'"
SecRule &TX:'/SQL_INJECTION.*ARGS:testID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004776) ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id
SecRule REQUEST_URI_RAW "(?i:\/connexion\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004776,rev:4,msg:'ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Ban'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004228) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- functions_filters.asp
SecRule REQUEST_URI_RAW "(?i:\/functions\/functions_filters\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004228,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- functions_filters.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004439) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name
SecRule REQUEST_URI_RAW "(?i:\/forum\/pop_up_member_search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004439,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
SecRule &TX:'/SQL_INJECTION.*ARGS:name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004239) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID
SecRule REQUEST_URI_RAW "(?i:\/News\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004239,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
SecRule &TX:'/SQL_INJECTION.*ARGS:NewsID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005231) ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID
SecRule REQUEST_URI_RAW "(?i:\/eWebQuiz\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005231,rev:4,msg:'ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Website_Baker'"
SecRule &TX:'/SQL_INJECTION.*ARGS:QuizID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004144) ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order
SecRule REQUEST_URI_RAW "(?i:\/check_vote\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004144,rev:4,msg:'ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Weekly_Drawing'"
SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004251) ET WEB_SPECIFIC Woltlab Burning Board SQL Injection Attempt -- usergroups.php
SecRule REQUEST_URI_RAW "(?i:\/usergroups\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004251,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board SQL Injection Attempt -- usergroups.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005001) ET WEB_SPECIFIC Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid
SecRule REQUEST_URI_RAW "(?i:\/pms\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005001,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
SecRule REQUEST_URI_RAW "@contains pmid[" "chain"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005284) ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids
SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005284,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
SecRule REQUEST_URI_RAW "@contains boardids[" "chain"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005290) ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board
SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005290,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
SecRule REQUEST_URI_RAW "@contains board[" "chain"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2006925) ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit
SecRule REQUEST_URI_RAW "(?i:\/thread\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006925,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
SecRule &TX:'/SQL_INJECTION.*ARGS:threadvisit/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004015) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie
SecRule REQUEST_URI_RAW "(?i:\/wp\-admin\/admin\-ajax\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004015,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cookie/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004407) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-functions.php
SecRule REQUEST_URI_RAW "(?i:\/wp\-admin\/admin\-functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004407,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-functions.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004658) ET WEB_SPECIFIC Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php
SecRule REQUEST_URI_RAW "(?i:\/xmlrpc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004658,rev:4,msg:'ET WEB_SPECIFIC Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005661) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php
SecRule REQUEST_URI_RAW "(?i:\/wp\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005661,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005869) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php
SecRule REQUEST_URI_RAW "(?i:\/wp\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005869,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2004347) ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id
SecRule REQUEST_URI_RAW "(?i:\/devami\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004347,rev:4,msg:'ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-Ice_News'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005121) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id
SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005121,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005127) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from
SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005127,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
SecRule &TX:'/SQL_INJECTION.*ARGS:from/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005133) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q
SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005133,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
SecRule &TX:'/SQL_INJECTION.*ARGS:q/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004861) ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album
SecRule REQUEST_URI_RAW "(?i:\/view\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004861,rev:4,msg:'ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_XLAtunes'"
SecRule &TX:'/SQL_INJECTION.*ARGS:album/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005382) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id
SecRule REQUEST_URI_RAW "(?i:\/kernel\/group\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005382,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005388) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid
SecRule REQUEST_URI_RAW "(?i:\/class\/table_broken\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005388,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
SecRule &TX:'/SQL_INJECTION.*ARGS:lid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006490) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id
SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006490,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006217) ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news
SecRule REQUEST_URI_RAW "(?i:\/show_news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006217,rev:4,msg:'ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xt-News'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id_news/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005613) ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder
SecRule REQUEST_URI_RAW "(?i:\/displaypic\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005613,rev:4,msg:'ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xtreme'"
SecRule &TX:'/SQL_INJECTION.*ARGS:sortorder/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004807) ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id
SecRule REQUEST_URI_RAW "(?i:\/functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004807,rev:4,msg:'ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ZephyrSoft'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005196) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id
SecRule REQUEST_URI_RAW "(?i:\/mezungiris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005196,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005202) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass
SecRule REQUEST_URI_RAW "(?i:\/mezungiris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005202,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005208) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass
SecRule REQUEST_URI_RAW "(?i:\/ogretmenkontrol\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005208,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005214) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id
SecRule REQUEST_URI_RAW "(?i:\/ogretmenkontrol\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005214,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003985) ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler
SecRule REQUEST_URI_RAW "(?i:\/plugins\/mp3playlist\/mp3playlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003985,rev:4,msg:'ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zomplog'"
SecRule &TX:'/SQL_INJECTION.*ARGS:speler/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005983) ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode
SecRule REQUEST_URI_RAW "(?i:\/faqDsp\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005983,rev:4,msg:'ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_aFAQ'"
SecRule &TX:'/SQL_INJECTION.*ARGS:catcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005328) ET WEB_SPECIFIC bbPress SQL Injection Attempt -- formatting-functions.php
SecRule REQUEST_URI_RAW "(?i:\/bb\-includes\/formatting\-functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005328,rev:4,msg:'ET WEB_SPECIFIC bbPress SQL Injection Attempt -- formatting-functions.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_bbPress'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005770) ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk
SecRule REQUEST_URI_RAW "(?i:\/newsletters\/edition\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005770,rev:4,msg:'ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_bitweaver'"
SecRule &TX:'/SQL_INJECTION.*ARGS:tk/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006175) ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse
SecRule REQUEST_URI_RAW "(?i:\/SelGruFra\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006175,rev:4,msg:'ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_chatwm'"
SecRule &TX:'/SQL_INJECTION.*ARGS:txtUse/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006181) ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas
SecRule REQUEST_URI_RAW "(?i:\/SelGruFra\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006181,rev:4,msg:'ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_chatwm'"
SecRule &TX:'/SQL_INJECTION.*ARGS:txtPas/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004057) ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category
SecRule REQUEST_URI_RAW "(?i:\/category\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004057,rev:4,msg:'ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_cpCommerce'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id_category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004105) ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer
SecRule REQUEST_URI_RAW "(?i:\/manufacturer\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004105,rev:4,msg:'ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_cpCommerce'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id_manufacturer/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005037) ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id
SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005037,rev:4,msg:'ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dB_Masters'"
SecRule &TX:'/SQL_INJECTION.*ARGS:c_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006955) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006955,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
SecRule &TX:'/SQL_INJECTION.*ARGS:seite_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006961) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006961,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
SecRule &TX:'/SQL_INJECTION.*ARGS:gruppe_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006967) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006967,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
SecRule &TX:'/SQL_INJECTION.*ARGS:go_target/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006619) ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc
SecRule REQUEST_URI_RAW "(?i:\/dettaglio\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006619,rev:4,msg:'ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dol_storye'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id_doc/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006625) ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut
SecRule REQUEST_URI_RAW "(?i:\/dettaglio\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006625,rev:4,msg:'ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dol_storye'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id_aut/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005929) ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did
SecRule REQUEST_URI_RAW "(?i:\/mod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005929,rev:4,msg:'ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_eNdonesia'"
SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005935) ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid
SecRule REQUEST_URI_RAW "(?i:\/mod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005935,rev:4,msg:'ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_eNdonesia'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007378) ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which
SecRule REQUEST_URI_RAW "(?i:\/index1\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007378,rev:3,msg:'ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
SecRule &TX:'/SQL_INJECTION.*ARGS:which/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007384) ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat
SecRule REQUEST_URI_RAW "(?i:\/default2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007384,rev:3,msg:'ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
SecRule &TX:'/SQL_INJECTION.*ARGS:kat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2007390) ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid
SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007390,rev:3,msg:'ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004112) ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid
SecRule REQUEST_URI_RAW "(?i:\/getnewsitem\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004112,rev:4,msg:'ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_gCards'"
SecRule &TX:'/SQL_INJECTION.*ARGS:newsid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005809) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id
SecRule REQUEST_URI_RAW "(?i:\/display_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005809,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005815) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie
SecRule REQUEST_URI_RAW "(?i:\/display_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005815,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user_login_cookie/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005821) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id
SecRule REQUEST_URI_RAW "(?i:\/compare_product\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005821,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005827) ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id
SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005827,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2006613) ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006613,rev:4,msg:'ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iWare_Pro'"
SecRule &TX:'/SQL_INJECTION.*ARGS:D/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004844) ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor
SecRule REQUEST_URI_RAW "(?i:\/install\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004844,rev:4,msg:'ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_mcRefer'"
SecRule &TX:'/SQL_INJECTION.*ARGS:bgcolor/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004472) ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004472,rev:4,msg:'ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_myBloggie'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004478) ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004478,rev:4,msg:'ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_myBloggie'"
SecRule &TX:'/SQL_INJECTION.*ARGS:year/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004009) ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id
SecRule REQUEST_URI_RAW "(?i:\/read\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004009,rev:4,msg:'ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_olboolmarks'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004903) ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid
SecRule REQUEST_URI_RAW "(?i:\/nickpage\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004903,rev:4,msg:'ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpCC'"
SecRule &TX:'/SQL_INJECTION.*ARGS:npid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004174) ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id
SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004174,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:image_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004180) ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id
SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004180,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004186) ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id
SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004186,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004192) ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id
SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004192,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004198) ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id
SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004198,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:news_cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004204) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id
SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004204,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004210) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id
SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004210,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:topic_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004216) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id
SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004216,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004222) ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id
SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004222,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
SecRule &TX:'/SQL_INJECTION.*ARGS:user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2003786) ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003786,rev:4,msg:'ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_pnFlashGames'"
SecRule REQUEST_URI_RAW "@contains (" "chain"
SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005667) ET WEB_SPECIFIC uniForum SQL Injection Attempt -- wbsearch.aspx
SecRule REQUEST_URI_RAW "(?i:\/wbsearch\.aspx)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005667,rev:4,msg:'ET WEB_SPECIFIC uniForum SQL Injection Attempt -- wbsearch.aspx ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_uniForm'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005352) ET WEB_SPECIFIC vBSupport SQL Injection Attempt -- vBSupport.php
SecRule REQUEST_URI_RAW "(?i:\/vBSupport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005352,rev:4,msg:'ET WEB_SPECIFIC vBSupport SQL Injection Attempt -- vBSupport.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_vBSupport'"
SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
# (sid 2005358) ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid
SecRule REQUEST_URI_RAW "(?i:\/vBSupport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005358,rev:4,msg:'ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_vSupport'"
SecRule &TX:'/SQL_INJECTION.*ARGS:ticketid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004752) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic
SecRule REQUEST_URI_RAW "(?i:\/printview\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004752,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
SecRule &TX:'/SQL_INJECTION.*ARGS:topic/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2004885) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly
SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004885,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
SecRule &TX:'/SQL_INJECTION.*ARGS:showonly/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005243) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID
SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005243,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
SecRule &TX:'/SQL_INJECTION.*ARGS:picID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005249) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id
SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005249,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005254) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID
SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005254,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
SecRule &TX:'/SQL_INJECTION.*ARGS:galleryID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
# (sid 2005162) ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id
SecRule REQUEST_URI_RAW "(?i:\/xNews\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005162,rev:4,msg:'ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_xNews'"
SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
SecMarker END_ET_SQLI_RULES
|
