File: community-web-php.rules

package info (click to toggle)
snort 2.9.7.0-5
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid, stretch
  • size: 55,000 kB
  • ctags: 38,464
  • sloc: ansic: 266,667; sh: 12,508; makefile: 2,908; yacc: 497; perl: 496; lex: 261; sed: 14
file content (474 lines) | stat: -rw-r--r-- 163,259 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
# Copyright 2005 Sourcefire, Inc. All Rights Reserved.  # These rules are licensed under the GNU General Public License.
# Please see the file LICENSE in this directory for more details.
# $Id: community-web-php.rules,v 1.32 2007/02/22 20:44:35 akirk Exp $

#Rules submitted by rmkml
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP piranha default passwd attempt"; flow:to_server,established; uricontent:"/piranha/secure/control.php3"; content:"Authorization|3A| Basic cGlyYW5oYTp"; reference:bugtraq,1148; reference:cve,2000-0248; reference:nessus,10381; classtype:attempted-recon; sid:100000151; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpinfo access"; flow:to_server,established; uricontent:"/phpinfo.php"; nocase; reference:bugtraq,5789; reference:cve,2002-1149; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=3356; classtype:successful-recon-limited; sid:100000186; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP XSS attempt"; flow:to_server,established; uricontent:"|2E|php"; nocase; uricontent:"|3C|script|3E|"; nocase; uricontent:"|3C 2F|script|3E|"; nocase; classtype:web-application-attack; sid:100000187; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Vubb Path attempt"; flow:to_server,established; uricontent:"/forum/index.php"; nocase; content:"|26 66 3D 27|"; reference:cve,2005-3513; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=113087965608496&w=2; classtype:web-application-attack; sid:100000188; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP _SERVER HTTP_ACCEPT_LANGUAGE access"; flow:to_server,established; content:"GET"; nocase; depth:3; uricontent:"|2E|php"; nocase; uricontent:"|5F|SERVER|5B|HTTP|5F|ACCEPT|5F|LANGUAGE|5D|"; nocase; reference:bugtraq,15414; reference:cve,2005-3347; classtype:web-application-attack; sid:100000195; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CuteNews flood.db.php access"; flow:to_server,established; uricontent:"/data/flood.db.php"; nocase; reference:bugtraq,14869; reference:cve,2005-3010; reference:nessus,19756; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19478; classtype:web-application-attack; sid:100000201; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB topic.php access"; flow:to_server,established; uricontent:"/topic.php"; nocase; uricontent:"tid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19404; classtype:web-application-attack; sid:100000202; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB misc.php access"; flow:to_server,established; uricontent:"/misc.php"; nocase; uricontent:"uid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19405; classtype:web-application-attack; sid:100000203; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB pm.php access"; flow:to_server,established; uricontent:"/pm.php"; nocase; uricontent:"uid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19407; classtype:web-application-attack; sid:100000204; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB forums.php access"; flow:to_server,established; uricontent:"/forums.php"; nocase; uricontent:"fid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19406; classtype:web-application-attack; sid:100000205; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB newpost.php access"; flow:to_server,established; uricontent:"/newpost.php"; nocase; uricontent:"fid|3D|"; nocase; reference:bugtraq,14851; reference:cve,2005-2989; reference:nessus,19750; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=19408; classtype:web-application-attack; sid:100000206; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gallery g2_itemId access"; flow:to_server,established; uricontent:"/main.php"; nocase; uricontent:"g2_itemId|3D|"; nocase; reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034; classtype:web-application-attack; sid:100000211; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gallery g2_return access"; flow:to_server,established; uricontent:"/main.php"; nocase; uricontent:"g2_return|3D|"; nocase; reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034; classtype:web-application-attack; sid:100000212; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gallery g2_view access"; flow:to_server,established; uricontent:"/main.php"; nocase; uricontent:"g2_view|3D|"; nocase; reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034; classtype:web-application-attack; sid:100000213; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gallery g2_subView access"; flow:to_server,established; uricontent:"/main.php"; nocase; uricontent:"g2_subView|3D|"; nocase; reference:bugtraq,15108; reference:cve,2005-0222; reference:nessus,20015; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=13034; classtype:web-application-attack; sid:100000214; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MailGust SQL Injection email attempt"; flow:to_server,established; uricontent:"method|3D|remind_password"; nocase; uricontent:"list|3D|maillistuser"; nocase; uricontent:"email|3D 27|"; nocase; reference:bugtraq,14933; reference:cve,2005-3063; reference:nessus,19947; classtype:web-application-attack; sid:100000218; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP-Nuke admin_styles.php phpbb_root_path access"; flow:to_server,established; uricontent:"/modules/Forums/admin/admin_styles.php"; nocase; uricontent:"phpbb_root_path|3D|"; nocase; reference:url,www.autistici.org/anacron-group-italy/file/txt/sile002adv.txt; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=16244; classtype:web-application-attack; sid:100000220; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP AppServ main.php appserv_root param access"; flow:to_server,established; uricontent:"/appserv/main.php"; nocase; uricontent:"appserv_root|3D|"; nocase; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=22228; classtype:web-application-attack; sid:100000221; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ldap_var.inc.php remote file include attempt"; flow:to_server,established; uricontent:"ldap_var.inc.php"; nocase; uricontent:"includePath="; nocase; pcre:"/includePath=(https?|ftp)/Ui"; reference:bugtraq,17915; classtype:web-application-attack; sid:100000285; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP X Poll admin access"; flow:to_server,established; uricontent:"/admin/images/add.php"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114710173409997&w=2; classtype:web-application-attack; sid:100000286; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline ldap.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/ldap.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000287; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline atutor.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/atutor.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000288; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline db-generic.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/db-generic.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000289; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline docebo.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/docebo.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000290; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline dokeos.1.6.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/dokeos.1.6.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000291; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline dokeos.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/dokeos.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000292; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline ganesha.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/ganesha.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000293; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline mambo.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/mambo.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000294; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline moodle.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/moodle.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000295; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline phpnuke.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/phpnuke.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000296; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline postnuke.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/postnuke.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000297; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline spip.inc.php access"; flow:to_server,established; uricontent:"claroline/auth/extauth/drivers/spip.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000298; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline event/init_event_manager.inc.php access"; flow:to_server,established; uricontent:"claroline/inc/lib/event/init_event_manager.inc.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000299; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Claroline export_exe_tracking.class.php access"; flow:to_server,established; uricontent:"claroline/inc/lib/export_exe_tracking.class.php"; reference:url,www.claroline.net; reference:url,marc.theaimsgroup.com/?l=full-disclosure&m=114710378713072&w=2; classtype:web-application-attack; sid:100000300; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto index.php rep parameter remote file include attempt"; flow:to_server,established; uricontent:"index.php"; nocase; uricontent:"rep="; nocase; pcre:"/rep=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000304; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto index.php image parameter remote file include attempt"; flow:to_server,established; uricontent:"index.php"; nocase; uricontent:"image="; nocase; pcre:"/image=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000305; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto diapho.php rep parameter remote file include attempt"; flow:to_server,established; uricontent:"diapho.php"; nocase; uricontent:"rep="; nocase; pcre:"/rep=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000306; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto diapho.php image parameter remote file include attempt"; flow:to_server,established; uricontent:"diapho.php"; nocase; uricontent:"image="; nocase; pcre:"/image=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000307; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto affich.php rep parameter remote file include attempt"; flow:to_server,established; uricontent:"affich.php"; nocase; uricontent:"rep="; nocase; pcre:"/rep=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000308; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Gphoto affich.php image parameter remote file include attempt"; flow:to_server,established; uricontent:"affich.php"; nocase; uricontent:"image="; nocase; pcre:"/image=(https?|ftp)/Ui"; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=114754094110073&w=2; classtype:web-application-attack; sid:100000309; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Particle Gallery Viewimage PHP Variable Injection Attempt"; flow:to_server,established; uricontent:"viewimage.php?imageid="; nocase; pcre:"/viewimage\.php\?imageid=(![\d]+[\sa-zA-Z_]+)|([\d]+[\sa-zA-Z_]+)/Ui"; reference:bugtraq,18270; classtype:web-application-attack; sid:100000445; rev:1;)
#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Particle Wiki PHP SQL Injection attempt"; flow:to_server,established; uricontent:"version="; nocase; pcre:"/[\x3f\x26\x3b]version=(![\d]+[\sa-zA-Z_]+)|([\d]+[\sa-zA-Z_]+)/Ui"; reference:bugtraq,18273; classtype:web-application-attack; sid:100000446; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Joomla joomla.php remote file include"; flow:to_server,established; uricontent:"/joomla.php"; nocase; uricontent:"includepath="; nocase; pcre:"/includepath=(https?|ftp)/Ui"; reference:bugtraq,18363; classtype:web-application-attack; sid:100000463; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP LoveCompass AEPartner design.inc.php remote file include"; flow:to_server,established; uricontent:"/design.inc.php"; nocase; uricontent:"dir[data]="; nocase; pcre:"/dir\[data\]=(https?|ftp)/Ui"; reference:bugtraq,18370; classtype:web-application-attack; sid:100000464; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Empris sql_fcnsOLD.php remote file include"; flow:to_server,established; uricontent:"/sql_fcnsOLD.php"; nocase; uricontent:"phormationdir="; nocase; pcre:"/phormationdir=(https?|ftp)/Ui"; reference:bugtraq,18371; classtype:web-application-attack; sid:100000465; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard post.php remote file include"; flow:to_server,established; uricontent:"/post.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18373; classtype:web-application-attack; sid:100000466; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP WebprojectDB nav.php remote file include"; flow:to_server,established; uricontent:"/nav.php"; nocase; uricontent:"INCDIR="; nocase; pcre:"/INCDIR=(https?|ftp)/Ui"; reference:bugtraq,18378; classtype:web-application-attack; sid:100000467; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP WebprojectDB lang.php remote file include"; flow:to_server,established; uricontent:"/lang.php"; nocase; uricontent:"INCDIR="; nocase; pcre:"/INCDIR=(https?|ftp)/Ui"; reference:bugtraq,18378; classtype:web-application-attack; sid:100000468; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP iFoto index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"dir="; nocase; pcre:"/dir(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18391; classtype:web-application-attack; sid:100000469; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Foing manage_songs.php remote file include"; flow:to_server,established; uricontent:"/manage_songs.php"; nocase; uricontent:"foing_root_path="; nocase; pcre:"/foing_root_path=(https?|ftp)/Ui"; reference:bugtraq,18392; classtype:web-application-attack; sid:100000470; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom show.php SQL injection attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"objectID="; nocase; pcre:"/objectID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000471; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom show.php SQL injection attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"MAINID="; nocase; pcre:"/MAINID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000472; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom language.php SQL injection attempt"; flow:to_server,established; uricontent:"/language.php"; nocase; uricontent:"Action="; nocase; pcre:"/Action(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000473; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt"; flow:to_server,established; uricontent:"/meaning.php"; nocase; uricontent:"QuaranID="; nocase; pcre:"/QuaranID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000474; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt"; flow:to_server,established; uricontent:"/meaning.php"; nocase; uricontent:"ShowByQuranID="; nocase; pcre:"/ShowByQuranID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000475; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom meaning.php SQL injection attempt"; flow:to_server,established; uricontent:"/meaning.php"; nocase; uricontent:"Action="; nocase; pcre:"/Action(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000476; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom subject.php SQL injection attempt"; flow:to_server,established; uricontent:"/subject.php"; nocase; uricontent:"MainID="; nocase; pcre:"/MainID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18403; classtype:web-application-attack; sid:100000477; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP aWebNews visview.php remote file include"; flow:to_server,established; uricontent:"/visview.php"; nocase; uricontent:"path_to_news="; nocase; pcre:"/path_to_news=(https?|ftp)/Ui"; reference:bugtraq,18406; classtype:web-application-attack; sid:100000478; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CzarNews headlines.php remote file include"; flow:to_server,established; uricontent:"/headlines.php"; nocase; uricontent:"tpath="; nocase; pcre:"/tpath=(https?|ftp)/Ui"; reference:bugtraq,18411; classtype:web-application-attack; sid:100000479; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Somery team.php remote file include"; flow:to_server,established; uricontent:"/team.php"; nocase; uricontent:"checkauth="; nocase; pcre:"/checkauth=(https?|ftp)/Ui"; reference:bugtraq,18412; classtype:web-application-attack; sid:100000480; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Hinton Design PHPHG signed.php remote file include"; flow:to_server,established; uricontent:"/signed.php"; nocase; uricontent:"phphg_real_path="; nocase; pcre:"/phphg_real_path=(https?|ftp)/Ui"; reference:bugtraq,18413; classtype:web-application-attack; sid:100000481; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BoastMachine vote.php remote file include"; flow:to_server,established; uricontent:"/vote.php"; nocase; uricontent:"bmc_dir="; nocase; pcre:"/bmc_dir=(https?|ftp)/Ui"; reference:bugtraq,18415; classtype:web-application-attack; sid:100000482; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Wheatblog view_links.php remote file include"; flow:to_server,established; uricontent:"/view_links.php"; nocase; uricontent:"wb_inc_dir="; nocase; pcre:"/wb_inc_dir=(https?|ftp)/Ui"; reference:bugtraq,18416; classtype:web-application-attack; sid:100000483; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Confixx ftp_index.php xss attempt"; flow:to_server,established; uricontent:"/ftp_index.php"; nocase; uricontent:"lpath="; nocase; pcre:"/lpath(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18426; classtype:web-application-attack; sid:100000484; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP RahnemaCo page.php remote file include"; flow:to_server,established; uricontent:"/page.php"; nocase; uricontent:"osCsid="; nocase; pcre:"/osCsid=(https?|ftp)/Ui"; reference:bugtraq,18435; classtype:web-application-attack; sid:100000485; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PhpBlueDragon CMS template.php remote file include"; flow:to_server,established; uricontent:"/template.php"; nocase; uricontent:"vsDragonRootPath="; nocase; pcre:"/vsDragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18440; classtype:web-application-attack; sid:100000486; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ISPConfig server.inc.php remote file include"; flow:to_server,established; uricontent:"/server.inc.php"; nocase; uricontent:"go_info[isp][classes_root]="; nocase; pcre:"/go_info\[isp\]\[classes_root\]=(https?|ftp)/Ui"; reference:bugtraq,18441; classtype:web-application-attack; sid:100000487; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ISPConfig app.inc.php remote file include"; flow:to_server,established; uricontent:"/app.inc.php"; nocase; uricontent:"go_info[isp][classes_root]="; nocase; pcre:"/go_info\[isp\]\[classes_root\]=(https?|ftp)/Ui"; reference:bugtraq,18441; classtype:web-application-attack; sid:100000488; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ISPConfig login.php remote file include"; flow:to_server,established; uricontent:"/login.php"; nocase; uricontent:"go_info[isp][classes_root]="; nocase; pcre:"/go_info\[isp\]\[classes_root\]=(https?|ftp)/Ui"; reference:bugtraq,18441; classtype:web-application-attack; sid:100000489; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ISPConfig trylogin.php remote file include"; flow:to_server,established; uricontent:"/trylogin.php"; nocase; uricontent:"go_info[isp][classes_root]="; nocase; pcre:"/go_info\[isp\]\[classes_root\]=(https?|ftp)/Ui"; reference:bugtraq,18441; classtype:web-application-attack; sid:100000490; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB posting.php remote file include"; flow:to_server,established; uricontent:"/posting.php"; nocase; uricontent:"templatefolder="; nocase; pcre:"/templatefolder=(https?|ftp)/Ui"; reference:bugtraq,18455; classtype:web-application-attack; sid:100000491; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB newpm.php remote file include"; flow:to_server,established; uricontent:"/newpm.php"; nocase; uricontent:"templatefolder="; nocase; pcre:"/templatefolder=(https?|ftp)/Ui"; reference:bugtraq,18455; classtype:web-application-attack; sid:100000492; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP DeluxeBB postreply.php remote file include"; flow:to_server,established; uricontent:"/postreply.php"; nocase; uricontent:"templatefolder="; nocase; pcre:"/templatefolder=(https?|ftp)/Ui"; reference:bugtraq,18455; classtype:web-application-attack; sid:100000493; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Zeroboard write_ok.php xss attempt"; flow:to_server,established; uricontent:"/write_ok.php"; nocase; uricontent:"$s_file_name="; nocase; pcre:"/$s_file_name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18458; classtype:web-application-attack; sid:100000494; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Zeroboard write_ok.php xss attempt"; flow:to_server,established; uricontent:"/write_ok.php"; nocase; uricontent:"$file_name="; nocase; pcre:"/$file_name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18458; classtype:web-application-attack; sid:100000495; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Chipmailer index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"anfang="; nocase; pcre:"/anfang(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18463; classtype:web-application-attack; sid:100000496; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Calendarix cal_event.php SQL injection attempt"; flow:to_server,established; uricontent:"/cal_event.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18469; classtype:web-application-attack; sid:100000497; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Calendarix cal_popup.php SQL injection attempt"; flow:to_server,established; uricontent:"/cal_popup.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18469; classtype:web-application-attack; sid:100000498; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PictureDis thumstbl.php remote file include"; flow:to_server,established; uricontent:"/thumstbl.php"; nocase; uricontent:"lang="; nocase; pcre:"/lang=(https?|ftp)/Ui"; reference:bugtraq,18471; classtype:web-application-attack; sid:100000499; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PictureDis wpfiles.php remote file include"; flow:to_server,established; uricontent:"/wpfiles.php"; nocase; uricontent:"lang="; nocase; pcre:"/lang=(https?|ftp)/Ui"; reference:bugtraq,18471; classtype:web-application-attack; sid:100000500; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PictureDis wallpapr.php remote file include"; flow:to_server,established; uricontent:"/wallpapr.php"; nocase; uricontent:"lang="; nocase; pcre:"/lang=(https?|ftp)/Ui"; reference:bugtraq,18471; classtype:web-application-attack; sid:100000501; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Ji-Takz tag.class.php remote file include"; flow:to_server,established; uricontent:"/tag.class.php"; nocase; uricontent:"mycfg="; nocase; pcre:"/mycfg=(https?|ftp)/Ui"; reference:bugtraq,18474; classtype:web-application-attack; sid:100000502; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Nucleus CMS action.php remote file include"; flow:to_server,established; uricontent:"/action.php"; nocase; uricontent:"DIR_LIB="; nocase; pcre:"/DIR_LIB=(https?|ftp)/Ui"; reference:bugtraq,18475; classtype:web-application-attack; sid:100000503; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Nucleus CMS media.php remote file include"; flow:to_server,established; uricontent:"/media.php"; nocase; uricontent:"DIR_LIB="; nocase; pcre:"/DIR_LIB=(https?|ftp)/Ui"; reference:bugtraq,18475; classtype:web-application-attack; sid:100000504; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Nucleus CMS server.php remote file include"; flow:to_server,established; uricontent:"/server.php"; nocase; uricontent:"DIR_LIB="; nocase; pcre:"/DIR_LIB=(https?|ftp)/Ui"; reference:bugtraq,18475; classtype:web-application-attack; sid:100000505; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Nucleus CMS api_metaweblog.inc.php remote file include"; flow:to_server,established; uricontent:"/api_metaweblog.inc.php"; nocase; uricontent:"DIR_LIB="; nocase; pcre:"/DIR_LIB=(https?|ftp)/Ui"; reference:bugtraq,18475; classtype:web-application-attack; sid:100000506; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FlashChat adminips.php remote file include"; flow:to_server,established; uricontent:"/adminips.php"; nocase; uricontent:"banned_file="; nocase; pcre:"/banned_file=(https?|ftp)/Ui"; reference:bugtraq,18480; classtype:web-application-attack; sid:100000507; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Wikkawiki wakka.php access"; flow:to_server,established; uricontent:"/wakka.php"; nocase; uricontent:"="; nocase;  reference:bugtraq,18481; classtype:web-application-activity; sid:100000508; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP RahnemaCo page.php remote file include"; flow:to_server,established; uricontent:"/page.php"; nocase; uricontent:"pageid="; nocase; pcre:"/pageid=(https?|ftp)/Ui"; reference:bugtraq,18490; classtype:web-application-attack; sid:100000509; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom rank.php SQL injection attempt"; flow:to_server,established; uricontent:"/rank.php"; nocase; uricontent:"MemberID="; nocase; pcre:"/MemberID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18497; classtype:web-application-attack; sid:100000510; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom message.php SQL injection attempt"; flow:to_server,established; uricontent:"/message.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18497; classtype:web-application-attack; sid:100000511; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZoom lng.php SQL injection attempt"; flow:to_server,established; uricontent:"/lng.php"; nocase; uricontent:"QuranID="; nocase; pcre:"/QuranID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18497; classtype:web-application-attack; sid:100000512; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SAPHPLesson showcat.php SQL injection attempt"; flow:to_server,established; uricontent:"/showcat.php"; nocase; uricontent:"forumid="; nocase; pcre:"/forumid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18501; classtype:web-application-attack; sid:100000513; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SAPHPLesson misc.php SQL injection attempt"; flow:to_server,established; uricontent:"/misc.php"; nocase; uricontent:"action="; nocase; pcre:"/action(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18501; classtype:web-application-attack; sid:100000514; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CMS Faethon header.php xss attempt"; flow:to_server,established; uricontent:"data/header.php"; nocase; uricontent:"mainpath="; nocase; pcre:"/mainpath(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18505; classtype:web-application-attack; sid:100000515; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CMS Faethon footer.php xss attempt"; flow:to_server,established; uricontent:"data/footer.php"; nocase; uricontent:"mainpath="; nocase; pcre:"/mainpath(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18505; classtype:web-application-attack; sid:100000516; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP e107 search.php xss attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"ep="; nocase; pcre:"/ep(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18508; classtype:web-application-attack; sid:100000517; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Live Helper initiate.php remote file include"; flow:to_server,established; uricontent:"/initiate.php"; nocase; uricontent:"abs_path="; nocase; pcre:"/abs_path=(https?|ftp)/Ui"; reference:bugtraq,18509; classtype:web-application-attack; sid:100000518; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VUBB index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"user="; nocase; pcre:"/user(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18516; classtype:web-application-attack; sid:100000519; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Xarancms xaramcms_haupt.php SQL injection attempt"; flow:to_server,established; uricontent:"/xaramcms_haupt.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18520; classtype:web-application-attack; sid:100000520; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP TPL Design TplShop category.php SQL injection attempt"; flow:to_server,established; uricontent:"/category.php"; nocase; uricontent:"first_row="; nocase; pcre:"/first_row(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18524; classtype:web-application-attack; sid:100000521; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP The Edge eCommerce Shop productDetail.php xss attempt"; flow:to_server,established; uricontent:"/productDetail.php"; nocase; uricontent:"cart_id="; nocase; pcre:"/cart_id(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18528; classtype:web-application-attack; sid:100000522; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CavoxCms index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"page="; nocase; pcre:"/page(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18533; classtype:web-application-attack; sid:100000523; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Micro CMS microcms-include.php remote file include"; flow:to_server,established; uricontent:"/microcms-include.php"; nocase; uricontent:"microcms_path="; nocase; pcre:"/microcms_path=(https?|ftp)/Ui"; reference:bugtraq,18537; classtype:web-application-attack; sid:100000524; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMyDirectory offer-pix.php xss attempt"; flow:to_server,established; uricontent:"/offer-pix.php"; nocase; uricontent:"PIC="; nocase; pcre:"/PIC(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18539; classtype:web-application-attack; sid:100000525; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMyDirectory index.php xss attempt"; flow:to_server,established; uricontent:"cp/index.php"; nocase; uricontent:"from="; nocase; pcre:"/from(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18539; classtype:web-application-attack; sid:100000526; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP AssoCIateD index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"menu="; nocase; pcre:"/menu(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18541; classtype:web-application-attack; sid:100000527; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMyForum topic.php xss attempt"; flow:to_server,established; uricontent:"/topic.php"; nocase; uricontent:"highlight="; nocase; pcre:"/highlight(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18542; classtype:web-application-attack; sid:100000528; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP NC Linklist index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"cat="; nocase; pcre:"/cat(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18546; classtype:web-application-attack; sid:100000529; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP NC Linklist index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"view="; nocase; pcre:"/view(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18546; classtype:web-application-attack; sid:100000530; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BtitTracker torrents.php SQL injection attempt"; flow:to_server,established; uricontent:"/torrents.php"; nocase; uricontent:"by="; nocase; pcre:"/by(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18549; classtype:web-application-attack; sid:100000531; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BtitTracker torrents.php SQL injection attempt"; flow:to_server,established; uricontent:"/torrents.php"; nocase; uricontent:"order="; nocase; pcre:"/order(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18549; classtype:web-application-attack; sid:100000532; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VUBB functions.php SQL injection attempt"; flow:to_server,established; uricontent:"includes/functions.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18561; classtype:web-application-attack; sid:100000533; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VUBB english.php xss attempt"; flow:to_server,established; uricontent:"language/english.php"; nocase; uricontent:"user="; nocase; pcre:"/user(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18562; classtype:web-application-attack; sid:100000534; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IMGallery galeria.php SQL injection attempt"; flow:to_server,established; uricontent:"/galeria.php"; nocase; uricontent:"start="; nocase; pcre:"/start(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18566; classtype:web-application-attack; sid:100000535; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IMGallery galeria.php SQL injection attempt"; flow:to_server,established; uricontent:"/galeria.php"; nocase; uricontent:"sort="; nocase; pcre:"/sort(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18566; classtype:web-application-attack; sid:100000536; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP thinkWMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18567; classtype:web-application-attack; sid:100000537; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP thinkWMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"catid="; nocase; pcre:"/catid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18567; classtype:web-application-attack; sid:100000538; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP thinkWMS printarticle.php SQL injection attempt"; flow:to_server,established; uricontent:"/printarticle.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18567; classtype:web-application-attack; sid:100000539; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Enterprise Groupware index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"module="; nocase; pcre:"/module(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18590; classtype:web-application-attack; sid:100000540; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dating Agent picture.php SQL injection attempt"; flow:to_server,established; uricontent:"/picture.php"; nocase; uricontent:"pid="; nocase; pcre:"/pid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18607; classtype:web-application-attack; sid:100000541; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dating Agent mem.php SQL injection attempt"; flow:to_server,established; uricontent:"/mem.php"; nocase; uricontent:"mid="; nocase; pcre:"/mid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18607; classtype:web-application-attack; sid:100000542; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dating Agent search.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"sex="; nocase; pcre:"/sex(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18607; classtype:web-application-attack; sid:100000543; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dating Agent search.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"relationship="; nocase; pcre:"/relationship(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18607; classtype:web-application-attack; sid:100000544; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Blue Dragon CMS team_admin.php remote file include"; flow:to_server,established; uricontent:"root_includes/root_modules/team_admin.php"; nocase; uricontent:"DragonRootPath="; nocase; pcre:"/DragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18609; classtype:web-application-attack; sid:100000545; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Blue Dragon CMS rss_admin.php remote file include"; flow:to_server,established; uricontent:"root_includes/root_modules/rss_admin.php"; nocase; uricontent:"DragonRootPath="; nocase; pcre:"/DragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18609; classtype:web-application-attack; sid:100000546; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Blue Dragon CMS manual_admin.php remote file include"; flow:to_server,established; uricontent:"root_includes/root_modules/manual_admin.php"; nocase; uricontent:"DragonRootPath="; nocase; pcre:"/DragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18609; classtype:web-application-attack; sid:100000547; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Blue Dragon CMS forum_admin.php remote file include"; flow:to_server,established; uricontent:"root_includes/root_modules/forum_admin.php"; nocase; uricontent:"DragonRootPath="; nocase; pcre:"/DragonRootPath=(https?|ftp)/Ui"; reference:bugtraq,18609; classtype:web-application-attack; sid:100000548; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Custom Datin Biz user_view.php xss attempt"; flow:to_server,established; uricontent:"/user_view.php"; nocase; uricontent:"u="; nocase; pcre:"/u(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18626; classtype:web-application-attack; sid:100000549; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Project Eros BBSEngine comment.php access"; flow:to_server,established; uricontent:"/comment.php"; nocase; uricontent:"="; nocase;  reference:bugtraq,18627; classtype:web-application-activity; sid:100000550; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Project Eros BBSEngine aolbonics.php access"; flow:to_server,established; uricontent:"/aolbonics.php"; nocase; uricontent:"="; nocase;  reference:bugtraq,18627; classtype:web-application-activity; sid:100000551; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS inc_foot.php remote file include"; flow:to_server,established; uricontent:"include/inc_foot.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18628; classtype:web-application-attack; sid:100000552; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMySMS gateway.php remote file include"; flow:to_server,established; uricontent:"sms_config/gateway.php"; nocase; uricontent:"ROOT_PATH="; nocase; pcre:"/ROOT_PATH=(https?|ftp)/Ui"; reference:bugtraq,18633; classtype:web-application-attack; sid:100000553; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau error.php xss attempt"; flow:to_server,established; uricontent:"/error.php"; nocase; uricontent:"tid="; nocase; pcre:"/tid(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000554; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau error.php xss attempt"; flow:to_server,established; uricontent:"/error.php"; nocase; uricontent:"lid="; nocase; pcre:"/lid(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000555; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau error.php xss attempt"; flow:to_server,established; uricontent:"/error.php"; nocase; uricontent:"sid="; nocase; pcre:"/sid(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000556; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"f_user="; nocase; pcre:"/f_user(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000557; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VebiMiau messages.php xss attempt"; flow:to_server,established; uricontent:"/messages.php"; nocase; uricontent:"pag="; nocase; pcre:"/pag(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18643; classtype:web-application-attack; sid:100000558; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Infinite Core Technologies ICT index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"post="; nocase; pcre:"/post(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18644; classtype:web-application-attack; sid:100000559; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP eNpaper1 root_header.php remote file include"; flow:to_server,established; uricontent:"/root_header.php"; nocase; uricontent:"ppath="; nocase; pcre:"/ppath=(https?|ftp)/Ui"; reference:bugtraq,18649; classtype:web-application-attack; sid:100000560; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP dotProject ui.class.php xss attempt"; flow:to_server,established; uricontent:"/ui.class.php"; nocase; uricontent:"login="; nocase; pcre:"/login(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18650; classtype:web-application-attack; sid:100000561; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"sort="; nocase; pcre:"/sort(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18651; classtype:web-application-attack; sid:100000562; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"page="; nocase; pcre:"/page(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18651; classtype:web-application-attack; sid:100000563; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"search="; nocase; pcre:"/search(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18651; classtype:web-application-attack; sid:100000564; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP GL-SH Deaf Forum show.php xss attempt"; flow:to_server,established; uricontent:"/show.php"; nocase; uricontent:"action="; nocase; pcre:"/action(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18651; classtype:web-application-attack; sid:100000565; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP XennoBB messages.php xss attempt"; flow:to_server,established; uricontent:"/messages.php"; nocase; uricontent:"tid="; nocase; pcre:"/tid(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18652; classtype:web-application-attack; sid:100000566; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Qdig index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"pre_gallery="; nocase; pcre:"/pre_gallery(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18653; classtype:web-application-attack; sid:100000567; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Qdig index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"post_gallery="; nocase; pcre:"/post_gallery(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18653; classtype:web-application-attack; sid:100000568; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_change_email.php remote file include"; flow:to_server,established; uricontent:"admin/app_change_email.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000569; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_change_pwd.php remote file include"; flow:to_server,established; uricontent:"admin/app_change_pwd.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000570; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_mod_rewrite.php remote file include"; flow:to_server,established; uricontent:"admin/app_mod_rewrite.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000571; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_page_caching.php remote file include"; flow:to_server,established; uricontent:"admin/app_page_caching.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000572; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu app_setup.php remote file include"; flow:to_server,established; uricontent:"admin/app_setup.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000573; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_add.php remote file include"; flow:to_server,established; uricontent:"admin/cat_add.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000574; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_delete.php remote file include"; flow:to_server,established; uricontent:"admin/cat_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000575; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_edit.php remote file include"; flow:to_server,established; uricontent:"admin/cat_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000576; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_path_update.php remote file include"; flow:to_server,established; uricontent:"admin/cat_path_update.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000577; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_search.php remote file include"; flow:to_server,established; uricontent:"admin/cat_search.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000578; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_struc.php remote file include"; flow:to_server,established; uricontent:"admin/cat_struc.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000579; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_view.php remote file include"; flow:to_server,established; uricontent:"admin/cat_view.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000580; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_view_hidden.php remote file include"; flow:to_server,established; uricontent:"admin/cat_view_hidden.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000581; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_view_hierarchy.php remote file include"; flow:to_server,established; uricontent:"admin/cat_view_hierarchy.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000582; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu cat_view_registered_only.php remote file include"; flow:to_server,established; uricontent:"admin/cat_view_registered_only.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000583; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu checkurl_web.php remote file include"; flow:to_server,established; uricontent:"admin/checkurl_web.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000584; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_alter.php remote file include"; flow:to_server,established; uricontent:"admin/db_alter.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000585; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_alter_change.php remote file include"; flow:to_server,established; uricontent:"admin/db_alter_change.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000586; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_backup.php remote file include"; flow:to_server,established; uricontent:"admin/db_backup.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000587; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_export.php remote file include"; flow:to_server,established; uricontent:"admin/db_export.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000588; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu db_import.php remote file include"; flow:to_server,established; uricontent:"admin/db_import.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000589; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu editor_add.php remote file include"; flow:to_server,established; uricontent:"admin/editor_add.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000590; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu editor_delete.php remote file include"; flow:to_server,established; uricontent:"admin/editor_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000591; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu editor_validate.php remote file include"; flow:to_server,established; uricontent:"admin/editor_validate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000592; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu head.php remote file include"; flow:to_server,established; uricontent:"admin/head.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000593; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu index.php remote file include"; flow:to_server,established; uricontent:"admin/index.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000594; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_config.php remote file include"; flow:to_server,established; uricontent:"admin/inv_config.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000595; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_config_payment.php remote file include"; flow:to_server,established; uricontent:"admin/inv_config_payment.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000596; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_create.php remote file include"; flow:to_server,established; uricontent:"admin/inv_create.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000597; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_delete.php remote file include"; flow:to_server,established; uricontent:"admin/inv_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000598; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_edit.php remote file include"; flow:to_server,established; uricontent:"admin/inv_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000599; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_markpaid.php remote file include"; flow:to_server,established; uricontent:"admin/inv_markpaid.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000600; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_markunpaid.php remote file include"; flow:to_server,established; uricontent:"admin/inv_markunpaid.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000601; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_overdue.php remote file include"; flow:to_server,established; uricontent:"admin/inv_overdue.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000602; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_paid.php remote file include"; flow:to_server,established; uricontent:"admin/inv_paid.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000603; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_send.php remote file include"; flow:to_server,established; uricontent:"admin/inv_send.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000604; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu inv_unpaid.php remote file include"; flow:to_server,established; uricontent:"admin/inv_unpaid.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000605; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu lang_modify.php remote file include"; flow:to_server,established; uricontent:"admin/lang_modify.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000606; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_add.php remote file include"; flow:to_server,established; uricontent:"admin/link_add.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000607; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_bad.php remote file include"; flow:to_server,established; uricontent:"admin/link_bad.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000608; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_bad_delete.php remote file include"; flow:to_server,established; uricontent:"admin/link_bad_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000609; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_checkurl.php remote file include"; flow:to_server,established; uricontent:"admin/link_checkurl.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000610; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_delete.php remote file include"; flow:to_server,established; uricontent:"admin/link_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000611; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_duplicate.php remote file include"; flow:to_server,established; uricontent:"admin/link_duplicate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000612; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_edit.php remote file include"; flow:to_server,established; uricontent:"admin/link_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000613; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_premium_listing.php remote file include"; flow:to_server,established; uricontent:"admin/link_premium_listing.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000614; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_premium_sponsored.php remote file include"; flow:to_server,established; uricontent:"admin/link_premium_sponsored.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000615; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_search.php remote file include"; flow:to_server,established; uricontent:"admin/link_search.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000616; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_sponsored_listing.php remote file include"; flow:to_server,established; uricontent:"admin/link_sponsored_listing.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000617; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_validate.php remote file include"; flow:to_server,established; uricontent:"admin/link_validate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000618; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_validate_edit.php remote file include"; flow:to_server,established; uricontent:"admin/link_validate_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000619; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu link_view.php remote file include"; flow:to_server,established; uricontent:"admin/link_view.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000620; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu log_search.php remote file include"; flow:to_server,established; uricontent:"admin/log_search.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000621; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu mail_modify.php remote file include"; flow:to_server,established; uricontent:"admin/mail_modify.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000622; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu menu.php remote file include"; flow:to_server,established; uricontent:"admin/menu.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000623; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_create.php remote file include"; flow:to_server,established; uricontent:"admin/message_create.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000624; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_delete.php remote file include"; flow:to_server,established; uricontent:"admin/message_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000625; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_edit.php remote file include"; flow:to_server,established; uricontent:"admin/message_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000626; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_send.php remote file include"; flow:to_server,established; uricontent:"admin/message_send.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000627; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_subscriber.php remote file include"; flow:to_server,established; uricontent:"admin/message_subscriber.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000628; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu message_view.php remote file include"; flow:to_server,established; uricontent:"admin/message_view.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000629; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu review_validate.php remote file include"; flow:to_server,established; uricontent:"admin/review_validate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000630; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu review_validate_edit.php remote file include"; flow:to_server,established; uricontent:"admin/review_validate_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000631; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu summary.php remote file include"; flow:to_server,established; uricontent:"admin/summary.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000632; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_active.php remote file include"; flow:to_server,established; uricontent:"admin/template_active.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000633; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_add_custom.php remote file include"; flow:to_server,established; uricontent:"admin/template_add_custom.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000634; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_delete.php remote file include"; flow:to_server,established; uricontent:"admin/template_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000635; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_delete_file.php remote file include"; flow:to_server,established; uricontent:"admin/template_delete_file.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000636; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_duplicate.php remote file include"; flow:to_server,established; uricontent:"admin/template_duplicate.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000637; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_export.php remote file include"; flow:to_server,established; uricontent:"admin/template_export.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000638; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_import.php remote file include"; flow:to_server,established; uricontent:"admin/template_import.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000639; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_manager.php remote file include"; flow:to_server,established; uricontent:"admin/template_manager.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000640; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_modify.php remote file include"; flow:to_server,established; uricontent:"admin/template_modify.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000641; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_modify_file.php remote file include"; flow:to_server,established; uricontent:"admin/template_modify_file.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000642; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu template_rename.php remote file include"; flow:to_server,established; uricontent:"admin/template_rename.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000643; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu user_add.php remote file include"; flow:to_server,established; uricontent:"admin/user_add.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000644; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu user_delete.php remote file include"; flow:to_server,established; uricontent:"admin/user_delete.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000645; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu user_edit.php remote file include"; flow:to_server,established; uricontent:"admin/user_edit.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000646; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu user_search.php remote file include"; flow:to_server,established; uricontent:"admin/user_search.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000647; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Indexu whos.php remote file include"; flow:to_server,established; uricontent:"admin/whos.php"; nocase; uricontent:"admin_template_path="; nocase; pcre:"/admin_template_path=(https?|ftp)/Ui"; reference:bugtraq,18477; classtype:web-application-attack; sid:100000648; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"comment="; nocase; pcre:"/comment(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000649; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000650; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"homepage="; nocase; pcre:"/homepage(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000651; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000652; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000653; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000654; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"comment="; nocase; pcre:"/comment(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000655; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000656; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"homepage="; nocase; pcre:"/homepage(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000657; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"number="; nocase; pcre:"/number(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000658; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000659; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook guestbook.php xss attempt"; flow:to_server,established; uricontent:"admin/guestbook.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000660; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000661; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"homepage="; nocase; pcre:"/homepage(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000662; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"icq="; nocase; pcre:"/icq(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000663; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000664; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP Guestbook edit.php xss attempt"; flow:to_server,established; uricontent:"admin/edit.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18582; classtype:web-application-attack; sid:100000665; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia files.php remote file include"; flow:to_server,established; uricontent:"/files.php"; nocase; uricontent:"footer_prog="; nocase; pcre:"/footer_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000666; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia files.php remote file include"; flow:to_server,established; uricontent:"/files.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000667; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia pheader.php remote file include"; flow:to_server,established; uricontent:"/pheader.php"; nocase; uricontent:"theme_root="; nocase; pcre:"/theme_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000668; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia headlines.php remote file include"; flow:to_server,established; uricontent:"/headlines.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000669; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia web_statsConfig.php remote file include"; flow:to_server,established; uricontent:"/web_statsConfig.php"; nocase; uricontent:"mod_dir="; nocase; pcre:"/mod_dir=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000670; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia preload.php remote file include"; flow:to_server,established; uricontent:"/preload.php"; nocase; uricontent:"func_prog="; nocase; pcre:"/func_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000671; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia users.php remote file include"; flow:to_server,established; uricontent:"/users.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000672; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia web_statsConfig.php remote file include"; flow:to_server,established; uricontent:"/web_statsConfig.php"; nocase; uricontent:"php_ext="; nocase; pcre:"/php_ext=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000673; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia footer.php remote file include"; flow:to_server,established; uricontent:"/footer.php"; nocase; uricontent:"theme_root="; nocase; pcre:"/theme_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000674; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia pfooter.php remote file include"; flow:to_server,established; uricontent:"/pfooter.php"; nocase; uricontent:"theme_root="; nocase; pcre:"/theme_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000675; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia missing.php remote file include"; flow:to_server,established; uricontent:"/missing.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000676; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia topics.php remote file include"; flow:to_server,established; uricontent:"/topics.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000677; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia header.php remote file include"; flow:to_server,established; uricontent:"/header.php"; nocase; uricontent:"mod_root="; nocase; pcre:"/mod_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000678; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"func_prog="; nocase; pcre:"/func_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000679; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia search.php remote file include"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000680; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia header.php remote file include"; flow:to_server,established; uricontent:"/header.php"; nocase; uricontent:"theme_root="; nocase; pcre:"/theme_root=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000681; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Harpia email.php remote file include"; flow:to_server,established; uricontent:"/email.php"; nocase; uricontent:"header_prog="; nocase; pcre:"/header_prog=(https?|ftp)/Ui"; reference:bugtraq,18614; classtype:web-application-attack; sid:100000682; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP cPanel select.html xss attempt"; flow:to_server,established; uricontent:"/select.html"; nocase; uricontent:"file="; nocase; pcre:"/file(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18655; classtype:web-application-attack; sid:100000683; rev:1;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde index.php show XSS attempt"; flow:established,to_server; uricontent:"/services/help/index.php"; nocase; uricontent:"show="; nocase; uricontent:"URL=javascript"; nocase; reference:bugtraq,18845; classtype:web-application-attack; sid:100000703; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS comment.php remote file include"; flow:to_server,established; uricontent:"/comment.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000704; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS test.php remote file include"; flow:to_server,established; uricontent:"admin/test.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000705; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS index.php remote file include"; flow:to_server,established; uricontent:"admin/index.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000706; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS inc_adminfoot.php remote file include"; flow:to_server,established; uricontent:"admin/include/inc_adminfoot.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000707; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SmartSiteCMS comedit.php remote file include"; flow:to_server,established; uricontent:"admin/comedit.php"; nocase; uricontent:"root="; nocase; pcre:"/root=(https?|ftp)/Ui"; reference:bugtraq,18697; classtype:web-application-attack; sid:100000708; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SquirrelMail search.php xss attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"mailbox="; nocase; pcre:"/mailbox(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18700; classtype:web-application-attack; sid:100000709; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Xoops MyAds Module annonces-p-f.php SQL injection attempt"; flow:to_server,established; uricontent:"/annonces-p-f.php"; nocase; uricontent:"lid="; nocase; pcre:"/lid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18718; classtype:web-application-attack; sid:100000710; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid raids.php remote file include"; flow:to_server,established; uricontent:"/raids.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000711; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid register.php remote file include"; flow:to_server,established; uricontent:"/register.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000712; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid roster.php remote file include"; flow:to_server,established; uricontent:"/roster.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000713; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid view.php remote file include"; flow:to_server,established; uricontent:"/view.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000714; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid logs.php remote file include"; flow:to_server,established; uricontent:"/logs.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000715; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid users.php remote file include"; flow:to_server,established; uricontent:"/users.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000716; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid configuration.php remote file include"; flow:to_server,established; uricontent:"/configuration.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000717; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid guilds.php remote file include"; flow:to_server,established; uricontent:"/guilds.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000718; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000719; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid locations.php remote file include"; flow:to_server,established; uricontent:"/locations.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000720; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid login.php remote file include"; flow:to_server,established; uricontent:"/login.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000721; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid lua_output.php remote file include"; flow:to_server,established; uricontent:"/lua_output.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000722; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid permissions.php remote file include"; flow:to_server,established; uricontent:"/permissions.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000723; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid profile.php remote file include"; flow:to_server,established; uricontent:"/profile.php"; nocase; uricontent:"phpraid_dir="; nocase; pcre:"/phpraid_dir=(https?|ftp)/Ui"; reference:bugtraq,18719; classtype:web-application-attack; sid:100000724; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPRaid view.php SQL injection attempt"; flow:to_server,established; uricontent:"/view.php"; nocase; uricontent:"raid_id="; nocase; pcre:"/raid_id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18720; classtype:web-application-attack; sid:100000725; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Vincent-Leclercq News diver.php SQL injection attempt"; flow:to_server,established; uricontent:"/diver.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18729; classtype:web-application-attack; sid:100000726; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Softbiz Banner Exchange insertmember.php xss attempt"; flow:to_server,established; uricontent:"/insertmember.php"; nocase; uricontent:"city="; nocase; pcre:"/city(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18735; classtype:web-application-attack; sid:100000727; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog functions.inc remote file include"; flow:to_server,established; uricontent:"plugins/links/functions.inc"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000728; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog functions.inc remote file include"; flow:to_server,established; uricontent:"plugins/polls/functions.inc"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000729; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog BlackList.Examine.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/BlackList.Examine.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000730; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog DeleteComment.Action.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/DeleteComment.Action.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000731; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog EditIPofURL.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/EditIPofURL.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000732; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog MTBlackList.Examine.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/MTBlackList.Examine.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000733; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog MassDelete.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/MassDelete.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000734; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog MailAdmin.Action.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/MailAdmin.Action.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000735; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog MassDelTrackback.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/MassDelTrackback.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000736; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog EditHeader.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/EditHeader.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000737; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog EditIP.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/EditIP.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000738; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog IPofUrl.Examine.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/IPofUrl.Examine.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000739; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog Import.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/Import.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000740; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog LogView.Admin.class.php remote file include"; flow:to_server,established; uricontent:"plugins/spamx/LogView.Admin.class.php"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000741; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Geeklog functions.inc remote file include"; flow:to_server,established; uricontent:"plugins/staticpages/functions.inc"; nocase; uricontent:"$_CONF[path]="; nocase; pcre:"/\$_CONF\[path\]=(https?|ftp)/Ui"; reference:bugtraq,18740; classtype:web-application-attack; sid:100000742; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Plume CMS dbinstall.php remote file include"; flow:to_server,established; uricontent:"/dbinstall.php"; nocase; uricontent:"_PX_config[manager_path]="; nocase; pcre:"/_PX_config\[manager_path\]=(https?|ftp)/Ui"; reference:bugtraq,18750; classtype:web-application-attack; sid:100000743; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyNewsGroups tree.php SQL injection attempt"; flow:to_server,established; uricontent:"/tree.php"; nocase; uricontent:"grp_id="; nocase; pcre:"/grp_id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18757; classtype:web-application-attack; sid:100000744; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Diesel Joke Site category.php SQL injection attempt"; flow:to_server,established; uricontent:"/category.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18760; classtype:web-application-attack; sid:100000745; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Randshop header.inc.php remote file include"; flow:to_server,established; uricontent:"/header.inc.php"; nocase; uricontent:"dateiPfad="; nocase; pcre:"/dateiPfad=(https?|ftp)/Ui"; reference:bugtraq,18763; classtype:web-application-attack; sid:100000746; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Plume CMS index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"_PX_config[manager_path]="; nocase; pcre:"/_PX_config\[manager_path\]=(https?|ftp)/Ui"; reference:bugtraq,18780; classtype:web-application-attack; sid:100000747; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Plume CMS rss.php remote file include"; flow:to_server,established; uricontent:"/rss.php"; nocase; uricontent:"_PX_config[manager_path]="; nocase; pcre:"/_PX_config\[manager_path\]=(https?|ftp)/Ui"; reference:bugtraq,18780; classtype:web-application-attack; sid:100000748; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Plume CMS search.php remote file include"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"_PX_config[manager_path]="; nocase; pcre:"/_PX_config\[manager_path\]=(https?|ftp)/Ui"; reference:bugtraq,18780; classtype:web-application-attack; sid:100000749; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000750; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard about.php remote file include"; flow:to_server,established; uricontent:"/about.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000751; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard contact.php remote file include"; flow:to_server,established; uricontent:"/contact.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000752; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard delete.php remote file include"; flow:to_server,established; uricontent:"/delete.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000753; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard faq.php remote file include"; flow:to_server,established; uricontent:"/faq.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000754; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard features.php remote file include"; flow:to_server,established; uricontent:"/features.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000755; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Free QBoard history.php remote file include"; flow:to_server,established; uricontent:"/history.php"; nocase; uricontent:"qb_path="; nocase; pcre:"/qb_path=(https?|ftp)/Ui"; reference:bugtraq,18788; classtype:web-application-attack; sid:100000756; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt"; flow:to_server,established; uricontent:"/qtofm.php"; nocase; uricontent:"delete="; nocase; pcre:"/delete(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18791; classtype:web-application-attack; sid:100000757; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt"; flow:to_server,established; uricontent:"/qtofm.php"; nocase; uricontent:"pathext="; nocase; pcre:"/pathext(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18791; classtype:web-application-attack; sid:100000758; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt"; flow:to_server,established; uricontent:"/qtofm.php"; nocase; uricontent:"edit="; nocase; pcre:"/edit(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18791; classtype:web-application-attack; sid:100000759; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP The Banner Engine top.php xss attempt"; flow:to_server,established; uricontent:"/top.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18793; classtype:web-application-attack; sid:100000760; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPWebGallery comments.php xss attempt"; flow:to_server,established; uricontent:"/comments.php"; nocase; uricontent:"keyword="; nocase; pcre:"/keyword(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18798; classtype:web-application-attack; sid:100000761; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Randshop index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"incl="; nocase; pcre:"/incl=(https?|ftp)/Ui"; reference:bugtraq,18809; classtype:web-application-attack; sid:100000762; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Kamikaze-QSCM config.inc access"; flow:to_server,established; uricontent:"/config.inc"; nocase; uricontent:"="; nocase;  reference:bugtraq,18816; classtype:web-application-activity; sid:100000763; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyPHP CMS global_header.php remote file include"; flow:to_server,established; uricontent:"/global_header.php"; nocase; uricontent:"domain="; nocase; pcre:"/domain=(https?|ftp)/Ui"; reference:bugtraq,18834; classtype:web-application-attack; sid:100000764; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP LifeType index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"date="; nocase; pcre:"/date(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18835; classtype:web-application-attack; sid:100000765; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS thumb.php remote file include"; flow:to_server,established; uricontent:"/thumb.php"; nocase; uricontent:"gallery="; nocase; pcre:"/gallery=(https?|ftp)/Ui"; reference:bugtraq,18837; classtype:web-application-attack; sid:100000766; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"item="; nocase; pcre:"/item(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000767; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"blog="; nocase; pcre:"/blog(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000768; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"member="; nocase; pcre:"/member(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000769; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"typeface="; nocase; pcre:"/typeface(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000770; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"results="; nocase; pcre:"/results(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000771; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"DokiWiki="; nocase; pcre:"/DokiWiki(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000772; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"archives="; nocase; pcre:"/archives(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000773; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"category="; nocase; pcre:"/category(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000774; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"PHPSESSID="; nocase; pcre:"/PHPSESSID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000775; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"query="; nocase; pcre:"/query(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000776; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Blog CMS action.php SQL injection attempt"; flow:to_server,established; uricontent:"/action.php"; nocase; uricontent:"action="; nocase; pcre:"/action(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18839; classtype:web-application-attack; sid:100000777; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMailList maillist.php xss attempt"; flow:to_server,established; uricontent:"/maillist.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18840; classtype:web-application-attack; sid:100000778; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde index.php xss attempt"; flow:to_server,established; uricontent:"services/help/index.php"; nocase; uricontent:"show="; nocase; pcre:"/show(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18845; classtype:web-application-attack; sid:100000779; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde problem.php xss attempt"; flow:to_server,established; uricontent:"services/problem.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18845; classtype:web-application-attack; sid:100000780; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde go.php xss attempt"; flow:to_server,established; uricontent:"services/go.php"; nocase; uricontent:"untrusted="; nocase; pcre:"/untrusted(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18845; classtype:web-application-attack; sid:100000781; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Horde go.php xss attempt"; flow:to_server,established; uricontent:"services/go.php"; nocase; uricontent:"url="; nocase; pcre:"/url(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18845; classtype:web-application-attack; sid:100000782; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor create_course.php xss attempt"; flow:to_server,established; uricontent:"/create_course.php"; nocase; uricontent:"show_courses="; nocase; pcre:"/show_courses(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000783; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor create_course.php xss attempt"; flow:to_server,established; uricontent:"/create_course.php"; nocase; uricontent:"current_cat="; nocase; pcre:"/current_cat(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000784; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor password_reminder.php xss attempt"; flow:to_server,established; uricontent:"/password_reminder.php"; nocase; uricontent:"forgot="; nocase; pcre:"/forgot(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000785; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor browse.php xss attempt"; flow:to_server,established; uricontent:"/browse.php"; nocase; uricontent:"cat="; nocase; pcre:"/cat(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000786; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ATutor fix_content.php xss attempt"; flow:to_server,established; uricontent:"/fix_content.php"; nocase; uricontent:"submit="; nocase; pcre:"/submit(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18857; classtype:web-application-attack; sid:100000787; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FreeWebshop search.php xss attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"page="; nocase; pcre:"/page(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18878; classtype:web-application-attack; sid:100000788; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FreeWebshop details.php SQL injection attempt"; flow:to_server,established; uricontent:"/details.php"; nocase; uricontent:"prod="; nocase; pcre:"/prod(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18878; classtype:web-application-attack; sid:100000789; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot edit_new.php remote file include"; flow:to_server,established; uricontent:"/edit_new.php"; nocase; uricontent:"Paths[extensions_path]="; nocase; pcre:"/Paths\[extensions_path\]=(https?|ftp)/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000790; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot pv_core.php access"; flow:to_server,established; uricontent:"/pv_core.php"; nocase; uricontent:"="; nocase;  reference:bugtraq,18881; classtype:web-application-activity; sid:100000791; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"fg="; nocase; pcre:"/fg(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000792; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"line1="; nocase; pcre:"/line1(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000793; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"line2="; nocase; pcre:"/line2(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000794; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"bg="; nocase; pcre:"/bg(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000795; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"c1="; nocase; pcre:"/c1(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000796; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"c2="; nocase; pcre:"/c2(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000797; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"c3="; nocase; pcre:"/c3(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000798; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot blogroll.php xss attempt"; flow:to_server,established; uricontent:"/blogroll.php"; nocase; uricontent:"c4="; nocase; pcre:"/c4(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000799; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot editor_menu.php xss attempt"; flow:to_server,established; uricontent:"/editor_menu.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000800; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Pivot editor_menu.php xss attempt"; flow:to_server,established; uricontent:"/editor_menu.php"; nocase; uricontent:"js_name="; nocase; pcre:"/js_name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18881; classtype:web-application-attack; sid:100000801; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000802; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds recent.php remote file include"; flow:to_server,established; uricontent:"/recent.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000803; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds account.php remote file include"; flow:to_server,established; uricontent:"/account.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000804; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds classified.php remote file include"; flow:to_server,established; uricontent:"/classified.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000805; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP BosClassifieds search.php remote file include"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"insPath="; nocase; pcre:"/insPath=(https?|ftp)/Ui"; reference:bugtraq,18883; classtype:web-application-attack; sid:100000806; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CommonSense search.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"q="; nocase; pcre:"/q(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18893; classtype:web-application-attack; sid:100000807; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP AjaxPortal ajaxp.php SQL injection attempt"; flow:to_server,established; uricontent:"/ajaxp.php"; nocase; uricontent:"username="; nocase; pcre:"/username(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18897; classtype:web-application-attack; sid:100000808; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP RW Download stats.php remote file include"; flow:to_server,established; uricontent:"/stats.php"; nocase; uricontent:"root_path="; nocase; pcre:"/root_path=(https?|ftp)/Ui"; reference:bugtraq,18901; classtype:web-application-attack; sid:100000809; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPBB download.php remote file include"; flow:to_server,established; uricontent:"/download.php"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,18914; classtype:web-application-attack; sid:100000810; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPBB attach_rules.php remote file include"; flow:to_server,established; uricontent:"/attach_rules.php"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,18914; classtype:web-application-attack; sid:100000811; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SimpleBoard SBP index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"sbp="; nocase; pcre:"/sbp=(https?|ftp)/Ui"; reference:bugtraq,18917; classtype:web-application-attack; sid:100000812; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SimpleBoard SBP file_upload.php remote file include"; flow:to_server,established; uricontent:"/file_upload.php"; nocase; uricontent:"sbp="; nocase; pcre:"/sbp=(https?|ftp)/Ui"; reference:bugtraq,18917; classtype:web-application-attack; sid:100000813; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SimpleBoard SBP image_upload.php remote file include"; flow:to_server,established; uricontent:"/image_upload.php"; nocase; uricontent:"sbp="; nocase; pcre:"/sbp=(https?|ftp)/Ui"; reference:bugtraq,18917; classtype:web-application-attack; sid:100000814; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SimpleBoard SBP performs.php remote file include"; flow:to_server,established; uricontent:"/performs.php"; nocase; uricontent:"sbp="; nocase; pcre:"/sbp=(https?|ftp)/Ui"; reference:bugtraq,18917; classtype:web-application-attack; sid:100000815; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PC_CookBook pccookbook.php remote file include"; flow:to_server,established; uricontent:"/pccookbook.php"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18919; classtype:web-application-attack; sid:100000816; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SMF Forum smf.php remote file include"; flow:to_server,established; uricontent:"/smf.php"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18924; classtype:web-application-attack; sid:100000817; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Graffiti Forums topics.php SQL injection attempt"; flow:to_server,established; uricontent:"/topics.php"; nocase; uricontent:"f="; nocase; pcre:"/f(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18928; classtype:web-application-attack; sid:100000818; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP SaPHPLesson add.php SQL injection attempt"; flow:to_server,established; uricontent:"/add.php"; nocase; uricontent:"forumid="; nocase; pcre:"/forumid(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18934; classtype:web-application-attack; sid:100000820; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZooM sub-join.php SQL injection attempt"; flow:to_server,established; uricontent:"/sub-join.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18937; classtype:web-application-attack; sid:100000821; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZooM reply.php SQL injection attempt"; flow:to_server,established; uricontent:"/reply.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18937; classtype:web-application-attack; sid:100000822; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZooM ignore-pm.php SQL injection attempt"; flow:to_server,established; uricontent:"/ignore-pm.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18937; classtype:web-application-attack; sid:100000823; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP VBZooM sendmail.php SQL injection attempt"; flow:to_server,established; uricontent:"/sendmail.php"; nocase; uricontent:"UserID="; nocase; pcre:"/UserID(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18937; classtype:web-application-attack; sid:100000824; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Phorum posting.php xss attempt"; flow:to_server,established; uricontent:"/posting.php"; nocase; uricontent:"mode="; nocase; pcre:"/mode(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18941; classtype:web-application-attack; sid:100000825; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Phorum search.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"mode="; nocase; pcre:"/mode(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18941; classtype:web-application-attack; sid:100000826; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail address.view.php xss attempt"; flow:to_server,established; uricontent:"/address.view.php"; nocase; uricontent:"email="; nocase; pcre:"/email(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000827; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail address.view.php xss attempt"; flow:to_server,established; uricontent:"/address.view.php"; nocase; uricontent:"cond="; nocase; pcre:"/cond(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000828; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail address.view.php xss attempt"; flow:to_server,established; uricontent:"/address.view.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000829; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"dayprune="; nocase; pcre:"/dayprune(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000830; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail compose.email.php xss attempt"; flow:to_server,established; uricontent:"/compose.email.php"; nocase; uricontent:"data[to]="; nocase; pcre:"/data\[to\](=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000831; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail read.markas.php xss attempt"; flow:to_server,established; uricontent:"/read.markas.php"; nocase; uricontent:"markas="; nocase; pcre:"/markas(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000832; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP HiveMail search.results.php SQL injection attempt"; flow:to_server,established; uricontent:"/search.results.php"; nocase; uricontent:"fields[]="; nocase; pcre:"/fields\[\](=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18949; classtype:web-application-attack; sid:100000833; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Lazarus codes-english.php xss attempt"; flow:to_server,established; uricontent:"/codes-english.php"; nocase; uricontent:"show="; nocase; pcre:"/show(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18956; classtype:web-application-attack; sid:100000834; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Lazarus picture.php xss attempt"; flow:to_server,established; uricontent:"/picture.php"; nocase; uricontent:"img="; nocase; pcre:"/img(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18956; classtype:web-application-attack; sid:100000835; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MiniBB com_minibb.php remote file include"; flow:to_server,established; uricontent:"/com_minibb.php"; nocase; uricontent:"absolute_path="; nocase; pcre:"/absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18998; classtype:web-application-attack; sid:100000836; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MiniBB index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"absolute_path="; nocase; pcre:"/absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18998; classtype:web-application-attack; sid:100000837; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PhotoCycle photocycle.php xss attempt"; flow:to_server,established; uricontent:"/photocycle.php"; nocase; uricontent:"phppage="; nocase; pcre:"/phppage(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18964; classtype:web-application-attack; sid:100000838; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Event Calendar calendar.php remote file include"; flow:to_server,established; uricontent:"/calendar.php"; nocase; uricontent:"path_to_calendar="; nocase; pcre:"/path_to_calendar=(https?|ftp)/Ui"; reference:bugtraq,18965; classtype:web-application-attack; sid:100000839; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FlatNuke index.php remote file include"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"mod="; nocase; pcre:"/mod=(https?|ftp)/Ui"; reference:bugtraq,18966; classtype:web-application-attack; sid:100000840; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PerForms performs.php remote file include"; flow:to_server,established; uricontent:"/performs.php"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18968; classtype:web-application-attack; sid:100000841; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPBB 3 memberlist.php SQL injection attempt"; flow:to_server,established; uricontent:"/memberlist.php"; nocase; uricontent:"ip="; nocase; pcre:"/ip(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18969; classtype:web-application-attack; sid:100000842; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Koobi Pro index.php xss attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"showtopic="; nocase; pcre:"/showtopic(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,18970; classtype:web-application-attack; sid:100000843; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Koobi Pro index.php SQL injection attempt"; flow:to_server,established; uricontent:"/index.php"; nocase; uricontent:"showtopic="; nocase; pcre:"/showtopic(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18970; classtype:web-application-attack; sid:100000844; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Invision Power Board ipsclass.php SQL injection attempt"; flow:to_server,established; uricontent:"/ipsclass.php"; nocase; uricontent:"HTTP_CLIENT_IP="; nocase; pcre:"/HTTP_CLIENT_IP(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,18984; classtype:web-application-attack; sid:100000845; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Subberz Lite user-func.php remote file include"; flow:to_server,established; uricontent:"/user-func.php"; nocase; uricontent:"myadmindir="; nocase; pcre:"/myadmindir=(https?|ftp)/i"; reference:bugtraq,18990; classtype:web-application-attack; sid:100000846; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Sitemap sitemap.xml.php remote file include"; flow:to_server,established; uricontent:"components/com_sitemap/sitemap.xml.php"; nocase; uricontent:"mosConfig_absolute_path="; nocase; pcre:"/mosConfig_absolute_path=(https?|ftp)/Ui"; reference:bugtraq,18991; classtype:web-application-attack; sid:100000847; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp include.php remote file include"; flow:to_server,established; uricontent:"accounts/inc/include.php"; nocase; uricontent:"language="; nocase; pcre:"/language=(https?|ftp)/i"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000849; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp include.php remote file include"; flow:to_server,established; uricontent:"accounts/inc/include.php"; nocase; uricontent:"lang_settings="; nocase; pcre:"/lang_settings=(https?|ftp)/Ui"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000850; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp include.php remote file include"; flow:to_server,established; uricontent:"admin/inc/include.php"; nocase; uricontent:"language="; nocase; pcre:"/language=(https?|ftp)/Ui"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000851; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp include.php remote file include"; flow:to_server,established; uricontent:"admin/inc/include.php"; nocase; uricontent:"lang_settings="; nocase; pcre:"/lang_settings=(https?|ftp)/Ui"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000852; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP IceWarp settings.html remote file include"; flow:to_server,established; uricontent:"mail/settings.html"; nocase; uricontent:"language="; nocase; pcre:"/language=(https?|ftp)/Ui"; reference:bugtraq,19007; classtype:web-application-attack; sid:100000853; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP ListMessenger listmessenger.php remote file include"; flow:to_server,established; uricontent:"/listmessenger.php"; nocase; uricontent:"lm_path="; nocase; pcre:"/lm_path=(https?|ftp)/Ui"; reference:bugtraq,19014; classtype:web-application-attack; sid:100000854; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"name="; nocase; pcre:"/name(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000855; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"mail="; nocase; pcre:"/mail(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000856; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"ip="; nocase; pcre:"/ip(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000857; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"text="; nocase; pcre:"/text(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000858; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL injection attempt"; flow:to_server,established; uricontent:"/class.php"; nocase; uricontent:"hidemail="; nocase; pcre:"/hidemail(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19019; classtype:web-application-attack; sid:100000859; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Francisco Charrua Photo-Gallery room.php SQL injection attempt"; flow:to_server,established; uricontent:"/room.php"; nocase; uricontent:"id="; nocase; pcre:"/id(=|\x3f)?\w*\x27/Ui"; reference:bugtraq,19020; classtype:web-application-attack; sid:100000860; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include"; flow:to_server,established; uricontent:"Include/editor/rich_files/class.rich.php"; nocase; uricontent:"class_path="; nocase; pcre:"/class_path=(https?|ftp)/Ui"; reference:bugtraq,19023; classtype:web-application-attack; sid:100000861; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include"; flow:to_server,established; uricontent:"Include/editor/class.rich.php"; nocase; uricontent:"class_path="; nocase; pcre:"/class_path=(https?|ftp)/Ui"; reference:bugtraq,19023; classtype:web-application-attack; sid:100000862; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHPMyRing view_com.php SQL injection attempt"; flow:to_server,established; uricontent:"/view_com.php"; nocase; uricontent:"idsite="; nocase; pcre:"/idsite(=|\x3f)?\w*\x27/Ui"; reference:url,secunia.com/advisories/21451/; classtype:web-application-attack; sid:100000863; rev:1;)

# Rules from <urleet@gmail.com>
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s01"; flow:to_server,established; uricontent:"/s01.php|3f|shopid|3d|"; nocase; pcre:"/s01.php\x3fshopid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000865; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s02"; flow:to_server,established; uricontent:"/s02.php|3f|shopid|3d|"; nocase; pcre:"/s02.php\x3fshopid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000866; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s03"; flow:to_server,established; uricontent:"/s03.php|3f|shopid|3d|"; nocase; pcre:"/s03.php\x3fshopid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000867; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s04"; flow:to_server,established; uricontent:"/s04.php|3f|shopid|3d|"; nocase; pcre:"/s04.php\x3fshopid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000868; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file Inclusion Exploit sid variant"; flow:to_server,established; uricontent:"/sid|3d|"; nocase; content:"|26|shopid|3d|"; nocase; within:20; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000869; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP powergap remote file inclusion exploit sid variant 2"; flow:to_server,established; uricontent:"/sid|3d|"; nocase; pcre:"/sid\x3d(https?|ftp)/Ui"; reference:url,www.powergap-shop.de; reference:url,msgs.securepoint.com/cgi-bin/get/bugtraq0608/301.html; classtype:web-application-attack; sid:100000870; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CubeCart XSS attack"; flow:to_server,established; uricontent:"/admin/filemanager/preview.php?file="; nocase; pcre:"/((1)?&(x|y)=)?/Ri"; reference:url,retrogod.altervista.org/cubecart_3011_adv.html; classtype:web-application-attack; sid:100000871; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP CubeCart XSS attack"; flow:to_server,established; uricontent:"/admin/login.php?email="; nocase; reference:url,retrogod.altervista.org/cubecart_3011_adv.html; classtype:web-application-attack; sid:100000872; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP discloser 0.0.4 Remote File Inclusion"; flow:to_server,established; uricontent:"/plugins/plugins.php?type="; nocase; pcre:"/type\x3d(https?|ftp)/Ui"; classtype:web-application-attack; sid:100000873; rev:2;)

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP Live Helper globals.php remote file include"; flow:to_server,established; uricontent:"/globals.php"; nocase; uricontent:"abs_path="; nocase; pcre:"/abs_path=(https?|ftp)/Ui"; reference:bugtraq,19349; classtype:web-application-attack; sid:100000882; rev:2;)

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Inlink remote file inclusion exploit"; flow:to_server,established; uricontent:"/includes/adodb/back/adodb-postgres7.inc.php"; nocase; reference:url,milw0rm.com/exploits/2295; classtype:web-application-attack; sid:100000883; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-MISC SimpleBlog Remote SQL Injection attempt"; flow:to_server,established; uricontent:"/default.asp"; nocase; content:"view=plink"; nocase; reference:url,milw0rm.com/exploits/2296; classtype:web-application-attack; sid:100000884; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP pHNews access attempt"; flow:to_server,established; uricontent:"/modules/commens.php"; nocase; content:"templates_dir"; nocase; content:"cmd="; nocase; reference:url,milw0rm.com/exploits/2298; classtype:web-application-attack; sid:100000885; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Proxima access attempt"; flow:to_server,established; uricontent:"/modules/Forums/bb_smilies.php"; nocase; content:"name="; nocase; content:"cmd="; nocase; reference:url,milw0rm.com/exploits/2299; classtype:web-application-attack; sid:100000886; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP pmwiki exploit attempt"; flow:to_server,established; content:"POST"; nocase; depth:4; content:"pmwiki.php"; nocase; distance:0; content:"n=PmWiki.BasicEditing"; nocase; distance:0; content:"action=edit"; nocase; distance:0; reference:url,milw0rm.com/exploits/2291; classtype:web-application-attack; sid:100000887; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP tikiwiki exploit attempt"; flow:to_server,established; content:"POST"; nocase; depth:4; content:"jhot.php"; nocase; distance:0; reference:url,milw0rm.com/exploits/2288; classtype:web-application-attack; sid:100000888; rev:2;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP yappa-ng exploit attempt"; flow:to_server,established; uricontent:"/admin_modules/admin_module_deldir.inc.php"; nocase; content:"config"; nocase; reference:url,milw0rm.com/exploits/2292; classtype:web-application-attack; sid:100000889; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP UBB.threads remote file include"; flow:to_server,established; uricontent:"addpost_newpoll.php?"; nocase; uricontent:"thispath="; nocase; pcre:"/addpost_newpoll\x2Ephp\x3F[^\r\n]*thispath=(https?|ftp)/Ui"; classtype:web-application-attack; sid:100000906; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpMyWebmin change_preferences2 script remote file include"; flow:to_server,established; uricontent:"change_preferences.php?"; nocase; uricontent:"target="; nocase; pcre:"/target=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/bid/20281/info; classtype:web-application-attack; sid:100000907; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpMyWebmin create_file script remote file include"; flow:to_server,established; uricontent:"create_file.php?"; nocase; uricontent:"target="; nocase; pcre:"/target=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/bid/20281/info; classtype:web-application-attack; sid:100000908; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpMyWebmin upload_local script remote file include"; flow:to_server,established; uricontent:"upload_local.php?"; nocase; uricontent:"target="; nocase; pcre:"/target=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/bid/20281/info; classtype:web-application-attack; sid:100000909; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP phpMyWebmin upload_multi script remote file include"; flow:to_server,established; uricontent:"upload_multi.php?"; nocase; uricontent:"target="; nocase; pcre:"/target=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/bid/20281/info; classtype:web-application-attack; sid:100000910; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dayfox Blog adminlog.php module remote file include"; flow:to_server,established; uricontent:"/edit/adminlog.php?"; nocase; uricontent:"slogin="; nocase; pcre:"/slogin=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/archive/1/447500/30/0/threaded; classtype:web-application-attack; sid:100000911; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dayfox Blog postblog.php module remote file include"; flow:to_server,established; uricontent:"/edit/postblog.php?"; nocase; uricontent:"slogin="; nocase; pcre:"/slogin=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/archive/1/447500/30/0/threaded; classtype:web-application-attack; sid:100000912; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dayfox Blog index.php module remote file include"; flow:to_server,established; uricontent:"/edit/index.php?"; nocase; uricontent:"slogin="; nocase; pcre:"/slogin=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/archive/1/447500/30/0/threaded; classtype:web-application-attack; sid:100000913; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Dayfox Blog index2.php module remote file include"; flow:to_server,established; uricontent:"/edit/index2.php?"; nocase; uricontent:"slogin="; nocase; pcre:"/slogin=(https?|ftp)/Ui"; reference:url,www.securityfocus.com/archive/1/447500/30/0/threaded; classtype:web-application-attack; sid:100000914; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Somery Include.php remote file include"; flow:established,to_server; uricontent:"/include.php"; nocase; content:"skindir="; nocase; pcre:"/skindir=(https?|ftp)/Ui"; reference:bugtraq,19912; classtype:web-application-attack; sid:100000915; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MyBulletinBoard Functions_Post.php xss attempt"; flow:established,to_server; uricontent:"/functions_post.php?"; nocase; content:"script="; nocase; pcre:"/script(=|\x3f)\x3c[^\n]+\x3e/Ui"; reference:bugtraq,19770; classtype:web-application-attack; sid:100000916; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP-Dimension functions_kb.php remote file include attempt";flow:established,to_server; uricontent:"/includes/functions_kb.php?"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,20367; classtype:web-application-attack; sid:100000917; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PHP-Dimension themen_portal_mitte.php remote include attempt"; flow:established,to_server; uricontent:"/includes/themen_portal_mitte.php?"; nocase; uricontent:"phpbb_root_path="; nocase; pcre:"/phpbb_root_path=(https?|ftp)/Ui"; reference:bugtraq,20367; classtype:web-application-attack; sid:100000918; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Segue CMS themesettings.inc.php remote file include attempt"; flow:established,to_server; uricontent:"themesettings.inc.php"; uricontent:"themesdir="; pcre:"/themesdir=(https?|ftp|\x2F)/Ui"; reference:bugtraq,20640; reference:cve,2006-5497; reference:url,osvdb.org/29904; reference:nessus,22922; reference:url,www.milw0rm.com/exploits/2600; classtype:web-application-attack; sid:100000919; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP MiniBB bb_func_txt.php pathToFiles variable remote file include"; flow:to_server,established; uricontent:"/bb_func_txt.php"; nocase; uricontent:"pathToFiles="; nocase; pcre:"/pathToFiles=(https?|ftp|\x2F)/Ui"; reference:bugtraq,20757; reference:url,osvdb.org/29971; reference:nessus,22926; classtype:web-application-attack; sid:100000920; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP PunBB register.php language variable remote file include"; flow:to_server,established; content:"register.php"; nocase; content:"language="; nocase; pcre:"/language=(\x2F|\x2E)/Ui"; reference:bugtraq,20786; reference:cve,2006-5735; reference:url,osvdb.org/30132; reference:nessus,22932; classtype:web-application-attack; sid:100000921; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Etomite CMS index.php id variable SQL injection"; flow:to_server,established; uricontent:"/etomite/index.php"; nocase; uricontent:"id="; nocase; pcre:"/id=[A-Za-z0-9]{1,}\'/Ui"; reference:bugtraq,21135; reference:url,osvdb.org/30442; reference:url,secunia.com/advisories/22885; classtype:web-application-attack; sid:100000922; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY-WEB-PHP ADP Forum Attempted Password Recon"; uricontent:"/users/admin.txt"; nocase; reference:url,www.milw0rm.com/exploits/3053; classtype:web-application-attack; sid:100000925; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY-WEB-PHP EasyNews PRO News Attempted Password Recon"; uricontent:"/newsboard/data/users.txt"; nocase; reference:url,www.milw0rm.com/exploits/3039; classtype:web-application-attack; sid:100000926; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Xoops module Articles SQL Injection Exploit"; flow:to_server,established; uricontent:"/modules/articles/index.php"; nocase; uricontent:"cat_id="; nocase; reference:url,www.securityfocus.com/archive/1/463916; classtype:web-application-attack; sid:100000929; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Drake CMS 404.php Local File Include Vulnerability"; flow:established,to_server; uricontent:"404.php?"; nocase; uricontent:"d_private="; nocase; reference:bugtraq,23215; classtype:web-application-attack; sid:100000930; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Softerra Time-Assistant remote include attempt";flow:established,to_server; uricontent:"/lib/timesheet.class.php?"; nocase; uricontent:"lib_dir="; nocase; pcre:"/lib_dir=(https?|ftp)/Ui"; classtype:web-application-attack; reference:bugtraq,23203; sid:100000931; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Softerra Time-Assistant remote include attempt";flow:established,to_server; uricontent:"/lib/timesheet.class.php?"; nocase; uricontent:"inc_dir="; nocase; pcre:"/inc_dir=(https?|ftp)/Ui"; classtype:web-application-attack; reference:bugtraq,23203; sid:100000932; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Aardvark button/settings_sql.php File Include Vulnerability"; flow:established,to_server; uricontent:"/button/settings_sql.php"; nocase; content:"path="; nocase; pcre:"/path=(https?|ftp)/Ui"; priority:3; reference:url,securityfocus.com/archive/1/464351; classtype:web-application-attack; sid:100000933; rev:1;)
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"COMMUNITY WEB-PHP Aardvark button/new_day.php File Include Vulnerability"; flow:established,to_server; uricontent:"/button/new_day.php"; nocase; content:"path="; nocase; pcre:"/path=(https?|ftp)/Ui"; priority:3; reference:url,securityfocus.com/archive/1/464351; classtype:web-application-attack; sid:100000934; rev:1;)