# # $Id: emerging-web_sql_injection.rules $ # Emerging Threats web sql injection rules. # # SID's are 2000000+ to avoid conflicts # # More information available at www.emergingthreats.net # # Please submit any custom rules or ideas to emerging@emergingthreats.net or the emerging-sigs mailing list # # These sigs are separate from the main web sigs. Most of these are for specific apps and may be # redundant coverage of overall sigs. Use these if you deem necessary in your own environment # #************************************************************* # # Copyright (c) 2003-2009, Emerging Threats # All rights reserved. # # Redistribution and use in source and binary forms, with or without modification, are permitted provided that the # following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this list of conditions and the following # disclaimer. # * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the # following disclaimer in the documentation and/or other materials provided with the distribution. # * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007504; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007504; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007505; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007505; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007506; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007506; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007507; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007507; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007508; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007508; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007509; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007510; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007510; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007511; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007511; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007512; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007512; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007513; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007513; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007514; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007514; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007515; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007515; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007516; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007516; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007517; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007517; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007518; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007518; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007519; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007519; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007520; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007520; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007521; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007521; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007522; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007522; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007523; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007523; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007524; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007524; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007525; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007525; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007526; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007526; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007527; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007527; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007528; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007528; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007529; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007529; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007530; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007530; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007531; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007531; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007532; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007532; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007533; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007533; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007534; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007534; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007535; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007535; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007536; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007536; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007537; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007537; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007538; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007538; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007539; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007539; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007540; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007540; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007541; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007541; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007542; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007542; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007543; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007543; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007544; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007544; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007545; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007545; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007546; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007546; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007547; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007547; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007548; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007548; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007549; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007549; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007550; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007550; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007551; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007551; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007552; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007552; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007553; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007553; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007554; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007554; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007555; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007555; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007556; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007556; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007557; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007557; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007558; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007558; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007559; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007559; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007560; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007560; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007561; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007561; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007562; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007562; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; reference:url,doc.emergingthreats.net/2007563; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery; sid:2007563; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating SELECT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004059; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating UNION SELECT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004060; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004060; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating INSERT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004061; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004061; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating DELETE"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004062; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004062; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating ASCII"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004063; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004063; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating UPDATE"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004064; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004064; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id SELECT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004071; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004071; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id UNION SELECT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004072; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004072; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id INSERT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004073; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004073; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id DELETE"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004074; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004074; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id ASCII"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004075; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004075; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id UPDATE"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; reference:url,doc.emergingthreats.net/2004076; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project; sid:2004076; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id SELECT"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; reference:url,doc.emergingthreats.net/2007217; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel; sid:2007217; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id UNION SELECT"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; reference:url,doc.emergingthreats.net/2007218; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel; sid:2007218; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id INSERT"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; reference:url,doc.emergingthreats.net/2007219; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel; sid:2007219; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id DELETE"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; reference:url,doc.emergingthreats.net/2007220; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel; sid:2007220; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ASCII"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; reference:url,doc.emergingthreats.net/2007221; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel; sid:2007221; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id UPDATE"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; reference:url,doc.emergingthreats.net/2007222; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel; sid:2007222; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod SELECT"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; reference:url,doc.emergingthreats.net/2005057; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu; sid:2005057; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod UNION SELECT"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; reference:url,doc.emergingthreats.net/2005058; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu; sid:2005058; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod INSERT"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; reference:url,doc.emergingthreats.net/2005059; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu; sid:2005059; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod DELETE"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; reference:url,doc.emergingthreats.net/2005060; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu; sid:2005060; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod ASCII"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; reference:url,doc.emergingthreats.net/2005061; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu; sid:2005061; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod UPDATE"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; reference:url,doc.emergingthreats.net/2005062; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu; sid:2005062; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACP3 XSS Attempt -- index.php form[mods]"; flow:established,to_server; uricontent:"/search/list/action_search/index.php?"; nocase; uricontent:"form[mods]["; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; reference:url,doc.emergingthreats.net/2003905; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACP3; sid:2003905; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACP3 XSS Attempt -- index.php form"; flow:established,to_server; uricontent:"/search/list/action_search/index.php?"; nocase; uricontent:"form["; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; reference:url,doc.emergingthreats.net/2003906; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACP3; sid:2003906; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACP3 XSS Attempt -- download.php id"; flow:established,to_server; uricontent:"/modules/dl/download.php?"; nocase; uricontent:"id="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; reference:url,doc.emergingthreats.net/2003907; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACP3; sid:2003907; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACP3 XSS Attempt -- index.php form[cat]"; flow:established,to_server; uricontent:"/news/list/index.php?"; nocase; uricontent:"form[cat]="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; reference:url,doc.emergingthreats.net/2003908; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACP3; sid:2003908; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACP3 XSS Attempt -- index.php form[cat]"; flow:established,to_server; uricontent:"/action_create/index.php?"; nocase; uricontent:"form[cat]="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; reference:url,doc.emergingthreats.net/2003909; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACP3; sid:2003909; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACP3 XSS Attempt -- index.php form[name]"; flow:established,to_server; uricontent:"/action_create/index.php?"; nocase; uricontent:"form[name]="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; reference:url,doc.emergingthreats.net/2003910; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACP3; sid:2003910; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACP3 XSS Attempt -- index.php form[message]"; flow:established,to_server; uricontent:"/action_create/index.php?"; nocase; uricontent:"form[message]="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; reference:url,doc.emergingthreats.net/2003911; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACP3; sid:2003911; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ACP3 XSS Attempt -- index.php form[mail]"; flow:established,to_server; uricontent:"/newsletter/create/index.php?"; nocase; uricontent:"form[mail]="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; reference:url,doc.emergingthreats.net/2003912; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACP3; sid:2003912; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AForum Remote Inclusion func.php CommonAbsDir"; flow:established,to_server; uricontent:"/common/func.php?"; nocase; uricontent:"CommonAbsDir="; nocase; classtype:web-application-attack; reference:cve,CVE-2007-2596; reference:url,www.milw0rm.com/exploits/3884; reference:url,doc.emergingthreats.net/2003704; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AForum; sid:2003704; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AForum Remote Inclusion Attempt -- errormsg.php header"; flow:established,to_server; uricontent:"/common/errormsg.php?"; nocase; uricontent:"header="; nocase; classtype:web-application-attack; reference:cve,CVE-2007-2634; reference:url,secunia.com/advisories/25224; reference:url,doc.emergingthreats.net/2003736; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AForum; sid:2003736; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) XSS Attempt -- cp_authorization.php"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2625; reference:url,www.frsirt.com/english/advisories/2007/1637; reference:url,doc.emergingthreats.net/2003886; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2003886; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) XSS Attempt -- cp_config.php"; flow:established,to_server; uricontent:"/shared/config/cp_config.php?"; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2624; reference:url,www.securityfocus.com/bid/23790; reference:url,doc.emergingthreats.net/2003887; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2003887; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name SELECT"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005573; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005573; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UNION SELECT"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005574; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005574; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name INSERT"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005575; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005575; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name DELETE"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005576; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ASCII"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005577; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005577; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UPDATE"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005578; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005578; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did SELECT"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005579; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005579; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UNION SELECT"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005580; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005580; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did INSERT"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005581; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did DELETE"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005582; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005582; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ASCII"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005583; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005583; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UPDATE"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; reference:url,doc.emergingthreats.net/2005584; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP; sid:2005584; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id SELECT"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; reference:url,doc.emergingthreats.net/2004529; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004529; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id UNION SELECT"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"UNION"; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; reference:url,doc.emergingthreats.net/2004530; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004530; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id INSERT"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"INSERT"; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; reference:url,doc.emergingthreats.net/2004531; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004531; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id DELETE"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"DELETE"; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; reference:url,doc.emergingthreats.net/2004532; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004532; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id ASCII"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; reference:url,doc.emergingthreats.net/2004533; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004533; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id UPDATE"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"UPDATE"; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; reference:url,doc.emergingthreats.net/2004534; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004534; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id SELECT"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; reference:url,doc.emergingthreats.net/2004535; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004535; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id UNION SELECT"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"UNION"; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; reference:url,doc.emergingthreats.net/2004536; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004536; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id INSERT"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"INSERT"; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; reference:url,doc.emergingthreats.net/2004537; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004537; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id DELETE"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"DELETE"; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; reference:url,doc.emergingthreats.net/2004538; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004538; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id ASCII"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; reference:url,doc.emergingthreats.net/2004539; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004539; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id UPDATE"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"UPDATE"; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; reference:url,doc.emergingthreats.net/2004540; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004540; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; reference:url,doc.emergingthreats.net/2004541; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004541; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; reference:url,doc.emergingthreats.net/2004542; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004542; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; reference:url,doc.emergingthreats.net/2004543; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004543; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; reference:url,doc.emergingthreats.net/2004544; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004544; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; reference:url,doc.emergingthreats.net/2004545; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004545; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; reference:url,doc.emergingthreats.net/2004546; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004546; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id SELECT"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; reference:url,doc.emergingthreats.net/2004547; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004547; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id UNION SELECT"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; reference:url,doc.emergingthreats.net/2005177; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2005177; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id INSERT"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; reference:url,doc.emergingthreats.net/2004548; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004548; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id DELETE"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; reference:url,doc.emergingthreats.net/2004549; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004549; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id ASCII"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; reference:url,doc.emergingthreats.net/2004550; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004550; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id UPDATE"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; reference:url,doc.emergingthreats.net/2004551; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ; sid:2004551; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP-Nuke XSS Attempt -- news.asp id"; flow:established,to_server; uricontent:"/news.asp?"; nocase; uricontent:"id="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2892; reference:url,www.securityfocus.com/bid/24135; reference:url,doc.emergingthreats.net/2004594; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP-Nuke; sid:2004594; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid SELECT"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006819; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006819; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid UNION SELECT"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006820; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006820; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid INSERT"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006821; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006821; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid DELETE"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006822; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006822; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid ASCII"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006823; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006823; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid UPDATE"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006824; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006824; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak SELECT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006825; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006825; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UNION SELECT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006826; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006826; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak INSERT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006827; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006827; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak DELETE"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006828; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006828; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ASCII"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006829; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006829; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UPDATE"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006830; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006830; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler SELECT"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006831; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006831; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler UNION SELECT"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006832; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006832; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler INSERT"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006833; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006833; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler DELETE"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006834; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006834; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ASCII"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006835; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006835; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler UPDATE"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006836; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006836; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi SELECT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006837; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006837; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi UNION SELECT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006838; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006838; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi INSERT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006839; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006839; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi DELETE"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006840; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006840; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ASCII"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006841; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006841; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi UPDATE"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006842; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006842; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno SELECT"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006843; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006843; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno UNION SELECT"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006844; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006844; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno INSERT"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006845; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006845; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno DELETE"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006846; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006846; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ASCII"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006847; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006847; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno UPDATE"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006848; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006848; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf SELECT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006849; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006849; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf UNION SELECT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006850; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006850; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf INSERT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006851; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006851; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf DELETE"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006852; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006852; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ASCII"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006853; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006853; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf UPDATE"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006854; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006854; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik SELECT"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006855; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006855; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik UNION SELECT"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006856; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006856; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik INSERT"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006857; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006857; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik DELETE"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006858; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006858; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik ASCII"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006859; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006859; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik UPDATE"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; reference:url,doc.emergingthreats.net/2006860; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum; sid:2006860; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username SELECT"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; reference:url,doc.emergingthreats.net/2005105; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE; sid:2005105; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username UNION SELECT"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; reference:url,doc.emergingthreats.net/2005106; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE; sid:2005106; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username INSERT"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; reference:url,doc.emergingthreats.net/2005107; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE; sid:2005107; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username DELETE"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; reference:url,doc.emergingthreats.net/2005108; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE; sid:2005108; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ASCII"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; reference:url,doc.emergingthreats.net/2005109; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE; sid:2005109; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username UPDATE"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; reference:url,doc.emergingthreats.net/2005110; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE; sid:2005110; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id SELECT"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; reference:url,doc.emergingthreats.net/2005164; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005164; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id UNION SELECT"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; reference:url,doc.emergingthreats.net/2005165; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005165; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id INSERT"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; reference:url,doc.emergingthreats.net/2005166; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005166; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id DELETE"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; reference:url,doc.emergingthreats.net/2005167; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005167; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id ASCII"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; reference:url,doc.emergingthreats.net/2005168; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005168; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id UPDATE"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; reference:url,doc.emergingthreats.net/2005169; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005169; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user SELECT"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; reference:url,doc.emergingthreats.net/2005170; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005170; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user UNION SELECT"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; reference:url,doc.emergingthreats.net/2005171; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005171; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user INSERT"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; reference:url,doc.emergingthreats.net/2005172; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005172; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user DELETE"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; reference:url,doc.emergingthreats.net/2005173; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005173; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user ASCII"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; reference:url,doc.emergingthreats.net/2005174; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005174; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user UPDATE"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; reference:url,doc.emergingthreats.net/2005175; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS; sid:2005175; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; reference:url,doc.emergingthreats.net/2005883; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware; sid:2005883; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro UNION SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; reference:url,doc.emergingthreats.net/2005884; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware; sid:2005884; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro INSERT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; reference:url,doc.emergingthreats.net/2005885; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware; sid:2005885; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro DELETE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; reference:url,doc.emergingthreats.net/2005886; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware; sid:2005886; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ASCII"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; reference:url,doc.emergingthreats.net/2005887; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware; sid:2005887; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro UPDATE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; reference:url,doc.emergingthreats.net/2005888; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware; sid:2005888; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID SELECT"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; reference:url,doc.emergingthreats.net/2007000; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics; sid:2007000; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID UNION SELECT"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; reference:url,doc.emergingthreats.net/2007001; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics; sid:2007001; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID INSERT"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; reference:url,doc.emergingthreats.net/2007002; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics; sid:2007002; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID DELETE"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; reference:url,doc.emergingthreats.net/2007003; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics; sid:2007003; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID ASCII"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; reference:url,doc.emergingthreats.net/2007004; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics; sid:2007004; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID UPDATE"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; reference:url,doc.emergingthreats.net/2007005; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics; sid:2007005; rev:3;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC A Better Member-Based ASP Photo Gallery view.asp entry parameter SQL injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/view.asp?"; nocase; uricontent:"entry="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,33693; reference:url,milw0rm.com/exploits/8012; reference:url,doc.emergingthreats.net/2009185; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_A_Better_Gallery; sid:2009185; rev:2;) #by Ferdie Riphagen alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC PHP Aardvark Topsites PHP CONFIG[PATH] Remote File Include Attempt"; flow:established,to_server; uricontent:"CONFIG[PATH]="; nocase; pcre:"/(join|lostpw)\.php\?/Ui"; pcre:"/&CONFIG\x5bpath\x5d=(https?|ftps?|php)\:/Ui"; reference:cve,CVE-2006-2149; reference:url,www.osvdb.org/25158; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2002901; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aardvark; sid:2002901; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid SELECT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; reference:url,doc.emergingthreats.net/2004319; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery; sid:2004319; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UNION SELECT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; reference:url,doc.emergingthreats.net/2004320; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery; sid:2004320; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid INSERT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; reference:url,doc.emergingthreats.net/2004321; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery; sid:2004321; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid DELETE"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; reference:url,doc.emergingthreats.net/2004322; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery; sid:2004322; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ASCII"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; reference:url,doc.emergingthreats.net/2004323; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery; sid:2004323; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UPDATE"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; reference:url,doc.emergingthreats.net/2004324; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery; sid:2004324; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid SELECT"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007392; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007392; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid UNION SELECT"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007393; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007393; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid INSERT"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007394; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007394; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid DELETE"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007395; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007395; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ASCII"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007396; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007396; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid UPDATE"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007397; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007397; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search SELECT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007398; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007398; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search UNION SELECT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007399; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007399; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search INSERT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007400; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007400; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search DELETE"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007401; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007401; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ASCII"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007402; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007402; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search UPDATE"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; reference:url,doc.emergingthreats.net/2007403; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart; sid:2007403; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID SELECT"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007476; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007476; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID UNION SELECT"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007477; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007477; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID INSERT"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007478; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007478; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID DELETE"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007479; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007479; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ASCII"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007480; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007480; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID UPDATE"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007481; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007481; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007482; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007482; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page UNION SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007483; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007483; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page INSERT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007564; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page DELETE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007484; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007484; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page ASCII"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007485; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007485; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page UPDATE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007486; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007486; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID SELECT"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007487; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007487; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID UNION SELECT"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007488; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007488; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID INSERT"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007489; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007489; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID DELETE"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007490; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007490; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ASCII"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007491; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007491; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID UPDATE"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007492; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007492; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID SELECT"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007493; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007493; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID UNION SELECT"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007494; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007494; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID INSERT"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007495; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007495; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID DELETE"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007496; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007496; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ASCII"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007497; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007497; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID UPDATE"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007498; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007498; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query SELECT"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007499; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007499; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query UNION SELECT"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007500; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007500; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query INSERT"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007501; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007501; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query DELETE"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007502; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007502; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ASCII"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007503; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007503; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query UPDATE"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; reference:url,doc.emergingthreats.net/2007565; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews; sid:2007565; rev:3;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Acute Control Panel container.php theme_directory parameter local file inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/container.php?"; nocase; uricontent:"theme_directory="; nocase; content:"../"; classtype:web-application-attack; reference:url,secunia.com/advisories/34485/; reference:bugtraq,34265; reference:url,milw0rm.com/exploits/8291; reference:url,doc.emergingthreats.net/2009377; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acute; sid:2009377; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Acute Control Panel container.php theme_directory parameter remote file inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/container.php?"; nocase; uricontent:"theme_directory="; nocase; pcre:"/theme_directory=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/34485/; reference:bugtraq,34265; reference:url,milw0rm.com/exploits/8291; reference:url,doc.emergingthreats.net/2009378; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acute; sid:2009378; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Acute Control Panel header.php theme_directory parameter remote file inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/header.php?"; nocase; uricontent:"theme_directory="; nocase; pcre:"/theme_directory=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/34485/; reference:bugtraq,34265; reference:url,milw0rm.com/exploits/8291; reference:url,doc.emergingthreats.net/2009379; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acute; sid:2009379; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Acute Control Panel header.php theme_directory parameter local file inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/header.php?"; nocase; uricontent:"theme_directory="; nocase; content:"../"; classtype:web-application-attack; reference:url,secunia.com/advisories/34485/; reference:bugtraq,34265; reference:url,milw0rm.com/exploits/8291; reference:url,doc.emergingthreats.net/2009380; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acute; sid:2009380; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AdaptCMS Lite rss_importer_functions.php sitepath Parameter Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/rss_importer_functions.php?"; nocase; uricontent:"sitepath="; nocase; pcre:"/sitepath=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8016; reference:bugtraq,33698; reference:url,doc.emergingthreats.net/2009167; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AdaptCMS; sid:2009167; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Advanced Guestbook XSS Attempt -- picture.php picture"; flow:established,to_server; uricontent:"/picture.php?"; nocase; uricontent:"picture="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0605; reference:url,www.securityfocus.com/bid/23873; reference:url,doc.emergingthreats.net/2003915; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Advanced_Guestbook; sid:2003915; rev:3;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Agares Media ThemeSiteScript frontpage_right.php Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/admin/frontpage_right.php?"; nocase; uricontent:"loadadminpage="; nocase; pcre:"/loadadminpage=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:bugtraq,31959; reference:url,milw0rm.com/exploits/6859; reference:url,vupen.com/english/advisories/2008/2959; reference:url,doc.emergingthreats.net/2009382; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Agares; sid:2009382; rev:2;) #by Stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aj Square RSS Reader url SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/EditUrl.php?"; nocase; uricontent:"url="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/32413/; reference:url,milw0rm.com/exploits/6856; reference:url,doc.emergingthreats.net/2008785; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AjSquared; sid:2008785; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AjaxPortal ajaxp_backend.php page Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/ajaxp_backend.php?"; nocase; uricontent:"page="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8341; reference:bugtraq,34338; reference:url,doc.emergingthreats.net/2009424; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AjaxPortal; sid:2009424; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id SELECT"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004887; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004887; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id UNION SELECT"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004888; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004888; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id INSERT"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004889; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004889; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id DELETE"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004890; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004890; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ASCII"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004891; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004891; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id UPDATE"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004892; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004892; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid SELECT"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004893; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004893; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid UNION SELECT"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004894; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004894; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid INSERT"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004895; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004895; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid DELETE"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004896; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004896; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ASCII"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004897; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004897; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid UPDATE"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; reference:url,doc.emergingthreats.net/2004898; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script; sid:2004898; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; reference:url,doc.emergingthreats.net/2005772; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook; sid:2005772; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang UNION SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; reference:url,doc.emergingthreats.net/2005773; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook; sid:2005773; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang INSERT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; reference:url,doc.emergingthreats.net/2005774; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook; sid:2005774; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang DELETE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; reference:url,doc.emergingthreats.net/2005775; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook; sid:2005775; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang ASCII"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; reference:url,doc.emergingthreats.net/2005776; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook; sid:2005776; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang UPDATE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; reference:url,doc.emergingthreats.net/2005777; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook; sid:2005777; rev:4;) #by Stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC All In One Control Panel poll_id parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/cp_polls_results.php?"; nocase; uricontent:"poll_id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/6854; reference:url,secunia.com/advisories/32431; reference:url,doc.emergingthreats.net/2008787; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AllInOneControlPanel; sid:2008787; rev:2;) #bvy tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; reference:url,doc.emergingthreats.net/2004017; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft; sid:2004017; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack UNION SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; reference:url,doc.emergingthreats.net/2004018; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft; sid:2004018; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack INSERT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; reference:url,doc.emergingthreats.net/2004019; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft; sid:2004019; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack DELETE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; reference:url,doc.emergingthreats.net/2004020; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft; sid:2004020; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack ASCII"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; reference:url,doc.emergingthreats.net/2004021; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft; sid:2004021; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack UPDATE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; reference:url,doc.emergingthreats.net/2004022; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft; sid:2004022; rev:4;) #by chandan of secpod alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SQL_INJECTION AlstraSoft Affiliate Network Pro (pgm) Parameter SQL Injection"; flow:to_server,established; uricontent:"/index.php?"; nocase; uricontent:"Act="; nocase; uricontent:"&pgm"; nocase; pcre:"/\+UNION\+SELECT/Ui"; reference:bugtraq,30259; reference:url,milw0rm.com/exploits/6087; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2008439; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft; sid:2008439; rev:2;) #stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AlstraSoft Video Share Enterprise album.php UID Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/album.php?"; nocase; uricontent:"UID="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2008-3386; reference:url,www.milw0rm.com/exploits/6092; reference:url,secunia.com/advisories/31134/; reference:url,doc.emergingthreats.net/2009228; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft; sid:2009228; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id SELECT"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; reference:url,doc.emergingthreats.net/2004717; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt; sid:2004717; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id UNION SELECT"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; reference:url,doc.emergingthreats.net/2004718; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt; sid:2004718; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id INSERT"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; reference:url,doc.emergingthreats.net/2004719; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt; sid:2004719; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id DELETE"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; reference:url,doc.emergingthreats.net/2004720; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt; sid:2004720; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ASCII"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; reference:url,doc.emergingthreats.net/2004721; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt; sid:2004721; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id UPDATE"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; reference:url,doc.emergingthreats.net/2004723; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt; sid:2004723; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id SELECT"; flow:established,to_server; uricontent:"/email.php?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006560; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006560; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id UNION SELECT"; flow:established,to_server; uricontent:"/email.php?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006561; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006561; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id INSERT"; flow:established,to_server; uricontent:"/email.php?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006562; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006562; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id DELETE"; flow:established,to_server; uricontent:"/email.php?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006564; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006564; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id ASCII"; flow:established,to_server; uricontent:"/email.php?"; nocase; uricontent:"id="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006565; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006565; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id UPDATE"; flow:established,to_server; uricontent:"/email.php?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006566; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006566; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no SELECT"; flow:established,to_server; uricontent:"/voirannonce.php?"; nocase; uricontent:"no="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006567; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UNION SELECT"; flow:established,to_server; uricontent:"/voirannonce.php?"; nocase; uricontent:"no="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006568; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006568; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no INSERT"; flow:established,to_server; uricontent:"/voirannonce.php?"; nocase; uricontent:"no="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006569; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006569; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no DELETE"; flow:established,to_server; uricontent:"/voirannonce.php?"; nocase; uricontent:"no="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006570; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006570; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ASCII"; flow:established,to_server; uricontent:"/voirannonce.php?"; nocase; uricontent:"no="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006571; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006571; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UPDATE"; flow:established,to_server; uricontent:"/voirannonce.php?"; nocase; uricontent:"no="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006572; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006572; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre SELECT"; flow:established,to_server; uricontent:"/admin/admin_membre/fiche_membre.php?"; nocase; uricontent:"idmembre="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006573; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006573; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UNION SELECT"; flow:established,to_server; uricontent:"/admin/admin_membre/fiche_membre.php?"; nocase; uricontent:"idmembre="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006574; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006574; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre INSERT"; flow:established,to_server; uricontent:"/admin/admin_membre/fiche_membre.php?"; nocase; uricontent:"idmembre="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006575; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006575; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre DELETE"; flow:established,to_server; uricontent:"/admin/admin_membre/fiche_membre.php?"; nocase; uricontent:"idmembre="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006576; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006576; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ASCII"; flow:established,to_server; uricontent:"/admin/admin_membre/fiche_membre.php?"; nocase; uricontent:"idmembre="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006577; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006577; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UPDATE"; flow:established,to_server; uricontent:"/admin/admin_membre/fiche_membre.php?"; nocase; uricontent:"idmembre="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006578; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006578; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce SELECT"; flow:established,to_server; uricontent:"/admin/admin_annonce/okvalannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006579; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006579; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UNION SELECT"; flow:established,to_server; uricontent:"/admin/admin_annonce/okvalannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006580; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006580; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce INSERT"; flow:established,to_server; uricontent:"/admin/admin_annonce/okvalannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006581; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006581; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce DELETE"; flow:established,to_server; uricontent:"/admin/admin_annonce/okvalannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006582; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006582; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ASCII"; flow:established,to_server; uricontent:"/admin/admin_annonce/okvalannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006583; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006583; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UPDATE"; flow:established,to_server; uricontent:"/admin/admin_annonce/okvalannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006584; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006584; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce SELECT"; flow:established,to_server; uricontent:"/admin/admin_annonce/changeannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006585; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006585; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UNION SELECT"; flow:established,to_server; uricontent:"/admin/admin_annonce/changeannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006586; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006586; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce INSERT"; flow:established,to_server; uricontent:"/admin/admin_annonce/changeannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006587; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006587; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce DELETE"; flow:established,to_server; uricontent:"/admin/admin_annonce/changeannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006588; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006588; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ASCII"; flow:established,to_server; uricontent:"/admin/admin_annonce/changeannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006589; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006589; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UPDATE"; flow:established,to_server; uricontent:"/admin/admin_annonce/changeannonce.php?"; nocase; uricontent:"idannonce="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; reference:url,doc.emergingthreats.net/2006590; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP; sid:2006590; rev:3;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ASPApps.com Template Creature media_level.asp mcatid parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/media_level.asp?"; nocase; uricontent:"mcatid="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/7339; reference:bugtraq,32641; reference:url,doc.emergingthreats.net/2008936; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AspApps; sid:2008936; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici SELECT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullanici="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006783; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006783; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici UNION SELECT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullanici="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006784; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006784; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici INSERT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullanici="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006785; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006785; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici DELETE"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullanici="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006786; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006786; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ASCII"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullanici="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006787; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006787; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici UPDATE"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullanici="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006788; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006788; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola SELECT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"parola="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006789; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006789; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola UNION SELECT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"parola="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006790; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006790; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola INSERT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"parola="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006791; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006791; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola DELETE"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"parola="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006792; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006792; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ASCII"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"parola="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006793; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006793; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola UPDATE"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"parola="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6337; reference:url,www.securityfocus.com/bid/21398; reference:url,doc.emergingthreats.net/2006794; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee; sid:2006794; rev:3;) #by Stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC AstroSPACES profile.php SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/profile.php?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,31771; reference:url,www.milw0rm.com/exploits/6758; reference:url,doc.emergingthreats.net/2008669; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AstroSPACES; sid:2008669; rev:3;) #By David Maciejak alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Athena Web Registration Remote Command Execution Attempt"; flow: to_server,established; uricontent:"/athenareg.php?pass=%20\;"; nocase; reference:cve,CAN-2004-1782; reference:bugtraq,9349; classtype: web-application-attack; reference:url,doc.emergingthreats.net/2001949; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Athena; sid: 2001949; rev:6;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID SELECT"; flow:established,to_server; uricontent:"/system/index.php?"; nocase; uricontent:"PHPSESSID="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1242; reference:url,www.securityfocus.com/bid/22728; reference:url,doc.emergingthreats.net/2004724; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins; sid:2004724; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID UNION SELECT"; flow:established,to_server; uricontent:"/system/index.php?"; nocase; uricontent:"PHPSESSID="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1242; reference:url,www.securityfocus.com/bid/22728; reference:url,doc.emergingthreats.net/2004725; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins; sid:2004725; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID INSERT"; flow:established,to_server; uricontent:"/system/index.php?"; nocase; uricontent:"PHPSESSID="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1242; reference:url,www.securityfocus.com/bid/22728; reference:url,doc.emergingthreats.net/2004726; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins; sid:2004726; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID DELETE"; flow:established,to_server; uricontent:"/system/index.php?"; nocase; uricontent:"PHPSESSID="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1242; reference:url,www.securityfocus.com/bid/22728; reference:url,doc.emergingthreats.net/2004727; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins; sid:2004727; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ASCII"; flow:established,to_server; uricontent:"/system/index.php?"; nocase; uricontent:"PHPSESSID="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1242; reference:url,www.securityfocus.com/bid/22728; reference:url,doc.emergingthreats.net/2004728; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins; sid:2004728; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID UPDATE"; flow:established,to_server; uricontent:"/system/index.php?"; nocase; uricontent:"PHPSESSID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1242; reference:url,www.securityfocus.com/bid/22728; reference:url,doc.emergingthreats.net/2004729; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins; sid:2004729; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Auto Listings Script moreinfo.php itemno Parameter SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/moreinfo.php?"; nocase; uricontent:"itemno="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,32131; reference:url,milw0rm.com/exploits/7003; reference:url,doc.emergingthreats.net/2009186; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Auto_Listings; sid:2009186; rev:2;) #by Stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Autos catid SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/searchresults.php?catid="; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/6696; reference:url,secunia.com/advisories/32139/; reference:url,doc.emergingthreats.net/2008650; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Autos; sid:2008650; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob SELECT"; flow:established,to_server; uricontent:"/publications_list.asp?"; nocase; uricontent:"vjob="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007452; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007452; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob UNION SELECT"; flow:established,to_server; uricontent:"/publications_list.asp?"; nocase; uricontent:"vjob="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007453; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007453; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob INSERT"; flow:established,to_server; uricontent:"/publications_list.asp?"; nocase; uricontent:"vjob="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007454; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007454; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob DELETE"; flow:established,to_server; uricontent:"/publications_list.asp?"; nocase; uricontent:"vjob="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007455; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007455; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ASCII"; flow:established,to_server; uricontent:"/publications_list.asp?"; nocase; uricontent:"vjob="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007456; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007456; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob UPDATE"; flow:established,to_server; uricontent:"/publications_list.asp?"; nocase; uricontent:"vjob="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007457; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007457; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID SELECT"; flow:established,to_server; uricontent:"/publication_view.asp?"; nocase; uricontent:"InfoID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007458; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007458; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID UNION SELECT"; flow:established,to_server; uricontent:"/publication_view.asp?"; nocase; uricontent:"InfoID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007459; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007459; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID INSERT"; flow:established,to_server; uricontent:"/publication_view.asp?"; nocase; uricontent:"InfoID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007460; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007460; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID DELETE"; flow:established,to_server; uricontent:"/publication_view.asp?"; nocase; uricontent:"InfoID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007461; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007461; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ASCII"; flow:established,to_server; uricontent:"/publication_view.asp?"; nocase; uricontent:"InfoID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007462; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007462; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID UPDATE"; flow:established,to_server; uricontent:"/publication_view.asp?"; nocase; uricontent:"InfoID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6110; reference:url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded; reference:url,doc.emergingthreats.net/2007463; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech; sid:2007463; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"layout="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1445; reference:url,www.milw0rm.com/exploits/3466; reference:url,doc.emergingthreats.net/2004331; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog; sid:2004331; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout UNION SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"layout="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1445; reference:url,www.milw0rm.com/exploits/3466; reference:url,doc.emergingthreats.net/2004332; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog; sid:2004332; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout INSERT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"layout="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1445; reference:url,www.milw0rm.com/exploits/3466; reference:url,doc.emergingthreats.net/2004333; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog; sid:2004333; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout DELETE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"layout="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1445; reference:url,www.milw0rm.com/exploits/3466; reference:url,doc.emergingthreats.net/2004334; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog; sid:2004334; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout ASCII"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"layout="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1445; reference:url,www.milw0rm.com/exploits/3466; reference:url,doc.emergingthreats.net/2004335; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog; sid:2004335; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout UPDATE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"layout="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1445; reference:url,www.milw0rm.com/exploits/3466; reference:url,doc.emergingthreats.net/2004336; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog; sid:2004336; rev:4;) #by Stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bahar Download Script aspkat.asp SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/aspkat.asp?kid="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,31852; reference:url,doc.emergingthreats.net/2008724; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bahar; sid:2008724; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bandwebsite lyrics.php id parameter Sql Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/lyrics.php?"; nocase; uricontent:"section=full"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/7215; reference:bugtraq,32454; reference:url,doc.emergingthreats.net/2008896; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bandwebsite; sid:2008896; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Barcode Generator LSTable.php class_dir parameter Remote File Inclusion"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/LSTable.php?"; nocase; uricontent:"class_dir="; nocase; pcre:"/class_dir=\s*(ftps?|https?|php)\:\//Ui"; classtype:web-application-attack; reference:bugtraq,31419; reference:url,milw0rm.com/exploits/6575; reference:url,doc.emergingthreats.net/2009165; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BarcodeGenerator; sid:2009165; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Basebuilder main.inc.php mj_config Parameter Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/main.inc.php?"; nocase; uricontent:"mj_config[src_path]="; nocase; content:"../"; classtype:web-application-attack; reference:url,secunia.com/advisories/31947/; reference:url,milw0rm.com/exploits/6533; reference:url,doc.emergingthreats.net/2009195; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basebuilder; sid:2009195; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Basebuilder main.inc.php mj_config Parameter Remote File inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/main.inc.php?"; nocase; uricontent:"mj_config[src_path]="; nocase; pcre:"/mj_config\[src_path\]=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/31947/; reference:url,milw0rm.com/exploits/6533; reference:url,doc.emergingthreats.net/2009196; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basebuilder; sid:2009196; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id SELECT"; flow:established,to_server; uricontent:"/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6193; reference:url,www.milw0rm.com/exploits/2848; reference:url,doc.emergingthreats.net/2007211; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum; sid:2007211; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id UNION SELECT"; flow:established,to_server; uricontent:"/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6193; reference:url,www.milw0rm.com/exploits/2848; reference:url,doc.emergingthreats.net/2007212; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum; sid:2007212; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id INSERT"; flow:established,to_server; uricontent:"/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6193; reference:url,www.milw0rm.com/exploits/2848; reference:url,doc.emergingthreats.net/2007213; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum; sid:2007213; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id DELETE"; flow:established,to_server; uricontent:"/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6193; reference:url,www.milw0rm.com/exploits/2848; reference:url,doc.emergingthreats.net/2007214; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum; sid:2007214; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id ASCII"; flow:established,to_server; uricontent:"/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6193; reference:url,www.milw0rm.com/exploits/2848; reference:url,doc.emergingthreats.net/2007215; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum; sid:2007215; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id UPDATE"; flow:established,to_server; uricontent:"/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6193; reference:url,www.milw0rm.com/exploits/2848; reference:url,doc.emergingthreats.net/2007216; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum; sid:2007216; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Beacon Remote Inclusion Attempt -- splash.lang.php languagePath"; flow:established,to_server; uricontent:"/language/1/splash.lang.php?"; nocase; uricontent:"languagePath="; nocase; classtype:web-application-attack; reference:cve,CVE-2007-2663; reference:url,www.milw0rm.com/exploits/3909; reference:url,doc.emergingthreats.net/2003738; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Beacon; sid:2003738; rev:3;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Beerwins PHPLinkAdmin linkadmin.php page Parameter Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/linkadmin.php?"; nocase; uricontent:"page="; nocase; pcre:"/page=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8216; reference:bugtraq,34129; reference:url,doc.emergingthreats.net/2009364; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Beerwins; sid:2009364; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Beerwins PHPLinkAdmin edlink.php linkid Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/edlink.php?"; nocase; uricontent:"linkid"; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8216; reference:bugtraq,34129; reference:url,doc.emergingthreats.net/2009365; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Beerwins; sid:2009365; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Berylium2 Remote Inclusion Attempt -- berylium-classes.php beryliumroot"; flow:established,to_server; uricontent:"/berylium-classes.php?"; nocase; uricontent:"beryliumroot="; nocase; classtype:web-application-attack; reference:cve,CVE-2007-2531; reference:url,www.milw0rm.com/exploits/3869; reference:url,doc.emergingthreats.net/2003677; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Berylium2; sid:2003677; rev:3;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Blogplus block_center_down.php Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/block_center_down.php?"; nocase; uricontent:"row_mysql_blocks_center_down[file]="; nocase; content:"../"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8290; reference:bugtraq,34261; reference:url,secunia.com/advisories/34480/; reference:url,doc.emergingthreats.net/2009417; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BlogPlus; sid:2009417; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Blogplus block_center_top.php Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/block_center_top.php?"; nocase; uricontent:"row_mysql_blocks_center_top[file]="; nocase; content:"../"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8290; reference:bugtraq,34261; reference:url,secunia.com/advisories/34480/; reference:url,doc.emergingthreats.net/2009418; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BlogPlus; sid:2009418; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Blogplus block_left.php Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/block_left.php?"; nocase; uricontent:"row_mysql_blocks_left[file]="; nocase; content:"../"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8290; reference:bugtraq,34261; reference:url,secunia.com/advisories/34480/; reference:url,doc.emergingthreats.net/2009420; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BlogPlus; sid:2009420; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Blogplus block_right.php Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/block_right.php?"; nocase; uricontent:"row_mysql_blocks_right[file]="; nocase; content:"../"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8290; reference:bugtraq,34261; reference:url,secunia.com/advisories/34480/; reference:url,doc.emergingthreats.net/2009421; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BlogPlus; sid:2009421; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Blogplus window_down.php Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/window_down.php?"; nocase; uricontent:"row_mysql_bloginfo[theme]="; nocase; content:"../"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8290; reference:bugtraq,34261; reference:url,secunia.com/advisories/34480/; reference:url,doc.emergingthreats.net/2009422; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BlogPlus; sid:2009422; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Blogplus window_top.php Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/window_top.php?"; nocase; uricontent:"row_mysql_bloginfo[theme]="; nocase; content:"../"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/8290; reference:bugtraq,34261; reference:url,secunia.com/advisories/34480/; reference:url,doc.emergingthreats.net/2009423; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BlogPlus; sid:2009423; rev:2;) #by Jamie Thinglestad alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Blog Spam Insert Attempt"; flow:to_server,established; content:"|0D 0A|x-aaaaaaaaa"; nocase; classtype:web-application-attack; reference:url,spamhuntress.com/2005/05/14/new-block-for-bulgarians/; reference:url,lists.geeklog.net/pipermail/geeklog-spam/2005-June/000020.html; reference:url,www.webmasterworld.com/forum92/3683.htm; reference:url,doc.emergingthreats.net/2002069; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BlogSpam; sid:2002069; rev:6;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php SELECT"; flow:established,to_server; uricontent:"/bt-trackback.php?"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6540; reference:url,www.secunia.com/advisories/23316; reference:url,doc.emergingthreats.net/2006333; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait; sid:2006333; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php UNION SELECT"; flow:established,to_server; uricontent:"/bt-trackback.php?"; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6540; reference:url,www.secunia.com/advisories/23316; reference:url,doc.emergingthreats.net/2006334; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait; sid:2006334; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php INSERT"; flow:established,to_server; uricontent:"/bt-trackback.php?"; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6540; reference:url,www.secunia.com/advisories/23316; reference:url,doc.emergingthreats.net/2006335; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait; sid:2006335; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php DELETE"; flow:established,to_server; uricontent:"/bt-trackback.php?"; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6540; reference:url,www.secunia.com/advisories/23316; reference:url,doc.emergingthreats.net/2006336; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait; sid:2006336; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php ASCII"; flow:established,to_server; uricontent:"/bt-trackback.php?"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6540; reference:url,www.secunia.com/advisories/23316; reference:url,doc.emergingthreats.net/2006337; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait; sid:2006337; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php UPDATE"; flow:established,to_server; uricontent:"/bt-trackback.php?"; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6540; reference:url,www.secunia.com/advisories/23316; reference:url,doc.emergingthreats.net/2006338; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait; sid:2006338; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BoastMachine XSS Attempt -- index.php blog"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"blog="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2932; reference:url,www.securityfocus.com/bid/24156; reference:url,doc.emergingthreats.net/2004583; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BoastMachine; sid:2004583; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd SELECT"; flow:established,to_server; uricontent:"/admin/config.php?"; nocase; uricontent:"sqlcmd="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7025; reference:url,www.secunia.com/advisories/19758; reference:url,doc.emergingthreats.net/2004828; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U; sid:2004828; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd UNION SELECT"; flow:established,to_server; uricontent:"/admin/config.php?"; nocase; uricontent:"sqlcmd="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7025; reference:url,www.secunia.com/advisories/19758; reference:url,doc.emergingthreats.net/2004829; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U; sid:2004829; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd INSERT"; flow:established,to_server; uricontent:"/admin/config.php?"; nocase; uricontent:"sqlcmd="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7025; reference:url,www.secunia.com/advisories/19758; reference:url,doc.emergingthreats.net/2004830; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U; sid:2004830; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd DELETE"; flow:established,to_server; uricontent:"/admin/config.php?"; nocase; uricontent:"sqlcmd="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7025; reference:url,www.secunia.com/advisories/19758; reference:url,doc.emergingthreats.net/2004831; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U; sid:2004831; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd ASCII"; flow:established,to_server; uricontent:"/admin/config.php?"; nocase; uricontent:"sqlcmd="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7025; reference:url,www.secunia.com/advisories/19758; reference:url,doc.emergingthreats.net/2004832; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U; sid:2004832; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd UPDATE"; flow:established,to_server; uricontent:"/admin/config.php?"; nocase; uricontent:"sqlcmd="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7025; reference:url,www.secunia.com/advisories/19758; reference:url,doc.emergingthreats.net/2004833; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U; sid:2004833; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Boonex Dolphin HTMLSax3.php Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/HTMLSax3.php?"; nocase; uricontent:"dir[plugins]="; nocase; pcre:"/dir\[plugins\]=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/6024; reference:bugtraq,30136; reference:url,doc.emergingthreats.net/2009370; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Boonex; sid:2009370; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Boonex Dolphin safehtml.php Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/safehtml.php?"; nocase; uricontent:"dir[plugins]="; nocase; pcre:"/dir\[plugins\]=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/6024; reference:bugtraq,30136; reference:url,doc.emergingthreats.net/2009371; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Boonex; sid:2009371; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Boonex Dolphin content.inc.php Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/inc/content.inc.php?"; nocase; uricontent:"sIncPath="; nocase; pcre:"/sIncPath=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/6024; reference:bugtraq,30136; reference:url,doc.emergingthreats.net/2009372; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Boonex; sid:2009372; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style SELECT"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"style="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004023; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004023; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style UNION SELECT"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"style="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004024; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004024; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style INSERT"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"style="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004025; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004025; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style DELETE"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"style="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004026; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004026; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style ASCII"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"style="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004027; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004027; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style UPDATE"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"style="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004028; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004028; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue SELECT"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"langue="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004029; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004029; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue UNION SELECT"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"langue="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004030; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004030; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue INSERT"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"langue="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004031; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004031; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue DELETE"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"langue="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004032; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004032; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue ASCII"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"langue="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004033; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004033; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue UPDATE"; flow:established,to_server; uricontent:"/account_change.php?"; nocase; uricontent:"langue="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2854; reference:url,www.milw0rm.com/exploits/3970; reference:url,doc.emergingthreats.net/2004034; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker; sid:2004034; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by SELECT"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"by="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004985; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004985; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by UNION SELECT"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"by="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004986; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004986; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by INSERT"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"by="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004987; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004987; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by DELETE"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"by="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004988; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004988; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by ASCII"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"by="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004989; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004989; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by UPDATE"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"by="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004990; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004990; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order SELECT"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"order="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004991; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004991; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order UNION SELECT"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"order="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004992; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004992; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order INSERT"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"order="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004993; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004993; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order DELETE"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"order="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004994; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004994; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order ASCII"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"order="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004995; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004995; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order UPDATE"; flow:established,to_server; uricontent:"/torrents.php?"; nocase; uricontent:"order="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6972; reference:url,www.securityfocus.com/bid/18549; reference:url,doc.emergingthreats.net/2004996; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker; sid:2004996; rev:4;) #by Stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Built2go Real Estate Listings event_id SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/event_detail.php?event_id="; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/6697; reference:url,secunia.com/Advisories/32129/; reference:url,doc.emergingthreats.net/2008653; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Built2go; sid:2008653; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id SELECT"; flow:established,to_server; uricontent:"/bry.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; uricontent:"FROM"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2420; reference:url,www.securityfocus.com/bid/23678; reference:url,doc.emergingthreats.net/2003776; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2003776; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id UNION SELECT"; flow:established,to_server; uricontent:"/bry.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2420; reference:url,www.securityfocus.com/bid/23678; reference:url,doc.emergingthreats.net/2003777; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2003777; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id INSERT"; flow:established,to_server; uricontent:"/bry.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; uricontent:"INTO"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2420; reference:url,www.securityfocus.com/bid/23678; reference:url,doc.emergingthreats.net/2003778; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2003778; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id DELETE"; flow:established,to_server; uricontent:"/bry.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; uricontent:"FROM"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2420; reference:url,www.securityfocus.com/bid/23678; reference:url,doc.emergingthreats.net/2003779; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2003779; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ASCII"; flow:established,to_server; uricontent:"/bry.asp?"; nocase; uricontent:"id="; nocase; uricontent:"ASCII("; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2420; reference:url,www.securityfocus.com/bid/23678; reference:url,doc.emergingthreats.net/2003780; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2003780; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id UPDATE"; flow:established,to_server; uricontent:"/bry.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; uricontent:"SET"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2420; reference:url,www.securityfocus.com/bid/23678; reference:url,doc.emergingthreats.net/2003781; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2003781; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid SELECT"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006249; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006249; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid UNION SELECT"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006250; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006250; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid INSERT"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006251; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006251; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid DELETE"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006252; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006252; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ASCII"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006253; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006253; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid UPDATE"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006254; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006254; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id SELECT"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006255; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006255; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id UNION SELECT"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006256; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006256; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id INSERT"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006257; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006257; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id DELETE"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006258; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006258; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ASCII"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006259; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006259; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id UPDATE"; flow:established,to_server; uricontent:"/HABERLER.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006260; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006260; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id SELECT"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006261; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006261; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id UNION SELECT"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006262; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006262; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id INSERT"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006263; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006263; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id DELETE"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006264; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006264; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ASCII"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006265; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006265; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id UPDATE"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006266; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006266; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid SELECT"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006267; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006267; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid UNION SELECT"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006268; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006268; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid INSERT"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006269; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006269; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid DELETE"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006270; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006270; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ASCII"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006271; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006271; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid UPDATE"; flow:established,to_server; uricontent:"/ASPKAT.ASP?"; nocase; uricontent:"kid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6672; reference:url,www.frsirt.com/english/advisories/2006/5085; reference:url,doc.emergingthreats.net/2006272; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006272; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id SELECT"; flow:established,to_server; uricontent:"/down.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6671; reference:url,www.securityfocus.com/bid/21676; reference:url,doc.emergingthreats.net/2006273; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006273; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id UNION SELECT"; flow:established,to_server; uricontent:"/down.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6671; reference:url,www.securityfocus.com/bid/21676; reference:url,doc.emergingthreats.net/2006274; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006274; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id INSERT"; flow:established,to_server; uricontent:"/down.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6671; reference:url,www.securityfocus.com/bid/21676; reference:url,doc.emergingthreats.net/2006275; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006275; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id DELETE"; flow:established,to_server; uricontent:"/down.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6671; reference:url,www.securityfocus.com/bid/21676; reference:url,doc.emergingthreats.net/2006276; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006276; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ASCII"; flow:established,to_server; uricontent:"/down.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6671; reference:url,www.securityfocus.com/bid/21676; reference:url,doc.emergingthreats.net/2006277; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006277; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id UPDATE"; flow:established,to_server; uricontent:"/down.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6671; reference:url,www.securityfocus.com/bid/21676; reference:url,doc.emergingthreats.net/2006278; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak; sid:2006278; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CAT2 spaw_control.class.php spaw_root Parameter Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/spaw_control.class.php?"; nocase; uricontent:"spaw_root="; nocase; content:"../"; classtype:web-application-attack; reference:url,xforce.iss.net/xforce/xfdb/43536; reference:bugtraq,30042; reference:url,milw0rm.com/exploits/5983; reference:url,doc.emergingthreats.net/2009429; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CAT2; sid:2009429; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CF_Calendar calid parameter SQL Injection"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/calendarevent.cfm?"; nocase; uricontent:"calid="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/33074/; reference:url,milw0rm.com/exploits/7413; reference:url,doc.emergingthreats.net/2008995; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CF_Calendar; sid:2008995; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CGX Remote Inclusion Attempt -- mtdialogo.php pathCGX"; flow:established,to_server; uricontent:"/mtdialogo.php?"; nocase; uricontent:"pathCGX="; nocase; pcre:"/=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2611; reference:url,www.milw0rm.com/exploits/3874; reference:url,doc.emergingthreats.net/2003726; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CGX; sid:2003726; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CGX Remote Inclusion Attempt -- ltdialogo.php pathCGX"; flow:established,to_server; uricontent:"/ltdialogo.php?"; nocase; uricontent:"pathCGX="; nocase; pcre:"/=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2611; reference:url,www.milw0rm.com/exploits/3874; reference:url,doc.emergingthreats.net/2003727; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CGX; sid:2003727; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CGX Remote Inclusion Attempt -- login.php pathCGX"; flow:established,to_server; uricontent:"/login.php?"; nocase; uricontent:"pathCGX="; nocase; pcre:"/=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2611; reference:url,www.milw0rm.com/exploits/3874; reference:url,doc.emergingthreats.net/2003729; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CGX; sid:2003729; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CGX Remote Inclusion Attempt -- logingecon.php pathCGX"; flow:established,to_server; uricontent:"/inc/logingecon.php?"; nocase; uricontent:"pathCGX="; nocase; pcre:"/=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2611; reference:url,www.milw0rm.com/exploits/3874; reference:url,doc.emergingthreats.net/2003728; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CGX; sid:2003728; rev:5;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CJG Explorer Remote Inclusion Attempt -- pcltrace.lib.php g_pcltar_lib_dir"; flow:established,to_server; uricontent:"/pcltrace.lib.php?"; nocase; uricontent:"g_pcltar_lib_dir="; nocase; pcre:"/=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2660; reference:url,www.milw0rm.com/exploits/3915; reference:url,doc.emergingthreats.net/2003737; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CJG_Explorer; sid:2003737; rev:5;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CMS Faethon info.php item Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/info.php?"; nocase; uricontent:"item="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,33775; reference:url,milw0rm.com/exploits/8054; reference:url,doc.emergingthreats.net/2009192; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Faethon; sid:2009192; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid SELECT"; flow:established,to_server; uricontent:"/stylesheet.php?"; nocase; uricontent:"templateid="; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2473; reference:url,www.securityfocus.com/bid/23753; reference:url,doc.emergingthreats.net/2003794; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple; sid:2003794; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid UNION SELECT"; flow:established,to_server; uricontent:"/stylesheet.php?"; nocase; uricontent:"templateid="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2473; reference:url,www.securityfocus.com/bid/23753; reference:url,doc.emergingthreats.net/2003795; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple; sid:2003795; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid INSERT"; flow:established,to_server; uricontent:"/stylesheet.php?"; nocase; uricontent:"templateid="; nocase; uricontent:"INSERT"; nocase; uricontent:"INTO"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2473; reference:url,www.securityfocus.com/bid/23753; reference:url,doc.emergingthreats.net/2003796; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple; sid:2003796; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid DELETE"; flow:established,to_server; uricontent:"/stylesheet.php?"; nocase; uricontent:"templateid="; nocase; uricontent:"DELETE"; nocase; uricontent:"FROM"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2473; reference:url,www.securityfocus.com/bid/23753; reference:url,doc.emergingthreats.net/2003865; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple; sid:2003865; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ASCII"; flow:established,to_server; uricontent:"/stylesheet.php?"; nocase; uricontent:"templateid="; nocase; uricontent:"ASCII("; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2473; reference:url,www.securityfocus.com/bid/23753; reference:url,doc.emergingthreats.net/2003797; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple; sid:2003797; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid UPDATE"; flow:established,to_server; uricontent:"/stylesheet.php?"; nocase; uricontent:"templateid="; nocase; uricontent:"UPDATE"; nocase; uricontent:"SET"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2473; reference:url,www.securityfocus.com/bid/23753; reference:url,doc.emergingthreats.net/2003798; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple; sid:2003798; rev:5;) #By David Maciejak alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CSV-DB CSV_DB.CGI Remote Command Execution Attempt"; flow:to_server,established; uricontent:"/cgi-bin/csv_db.cgi?"; nocase; pcre:"/(file=\|.+\|)/"; reference:bugtraq,14059; classtype:web-application-attack; reference:url,doc.emergingthreats.net/2002066; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CSV-DB; sid:2002066; rev:5;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CactuSoft Parodia XSS Attempt -- cand_login.asp strJobIDs"; flow:established,to_server; uricontent:"/cand_login.asp?"; nocase; uricontent:"strJobIDs="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2818; reference:url,www.securityfocus.com/bid/24078; reference:url,doc.emergingthreats.net/2004559; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CactuSoft; sid:2004559; rev:4;) #by Stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (dish.php)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/dish.php"; nocase; uricontent:"?id="; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/32308/; reference:url,milw0rm.com/exploits/6762; reference:url,doc.emergingthreats.net/2008679; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CafeEngine; sid:2008679; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CafeEngine id Remote SQL Injection (menu.php)"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/menu.php"; nocase; uricontent:"?id="; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/32308/; reference:url,milw0rm.com/exploits/6762; reference:url,doc.emergingthreats.net/2008680; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CafeEngine; sid:2008680; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID SELECT"; flow:established,to_server; uricontent:"/calendar_detail.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6792; reference:url,www.milw0rm.com/exploits/2993; reference:url,doc.emergingthreats.net/2006165; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006165; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID UNION SELECT"; flow:established,to_server; uricontent:"/calendar_detail.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6792; reference:url,www.milw0rm.com/exploits/2993; reference:url,doc.emergingthreats.net/2006166; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006166; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID INSERT"; flow:established,to_server; uricontent:"/calendar_detail.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6792; reference:url,www.milw0rm.com/exploits/2993; reference:url,doc.emergingthreats.net/2006167; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006167; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID DELETE"; flow:established,to_server; uricontent:"/calendar_detail.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6792; reference:url,www.milw0rm.com/exploits/2993; reference:url,doc.emergingthreats.net/2006168; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006168; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ASCII"; flow:established,to_server; uricontent:"/calendar_detail.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6792; reference:url,www.milw0rm.com/exploits/2993; reference:url,doc.emergingthreats.net/2006169; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006169; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID UPDATE"; flow:established,to_server; uricontent:"/calendar_detail.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6792; reference:url,www.milw0rm.com/exploits/2993; reference:url,doc.emergingthreats.net/2006170; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006170; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID SELECT"; flow:established,to_server; uricontent:"/admin/admin_mail_adressee.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6787; reference:url,www.milw0rm.com/exploits/2998; reference:url,doc.emergingthreats.net/2006183; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006183; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID UNION SELECT"; flow:established,to_server; uricontent:"/admin/admin_mail_adressee.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6787; reference:url,www.milw0rm.com/exploits/2998; reference:url,doc.emergingthreats.net/2006184; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006184; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID INSERT"; flow:established,to_server; uricontent:"/admin/admin_mail_adressee.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6787; reference:url,www.milw0rm.com/exploits/2998; reference:url,doc.emergingthreats.net/2006185; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006185; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID DELETE"; flow:established,to_server; uricontent:"/admin/admin_mail_adressee.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6787; reference:url,www.milw0rm.com/exploits/2998; reference:url,doc.emergingthreats.net/2006186; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006186; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ASCII"; flow:established,to_server; uricontent:"/admin/admin_mail_adressee.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6787; reference:url,www.milw0rm.com/exploits/2998; reference:url,doc.emergingthreats.net/2006187; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006187; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID UPDATE"; flow:established,to_server; uricontent:"/admin/admin_mail_adressee.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6787; reference:url,www.milw0rm.com/exploits/2998; reference:url,doc.emergingthreats.net/2006188; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX; sid:2006188; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store XSS Attempt -- prodList.asp brand"; flow:established,to_server; uricontent:"/scripts/prodList.asp?"; nocase; uricontent:"brand="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2804; reference:url,www.secunia.com/advisories/25370; reference:url,doc.emergingthreats.net/2004569; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2004569; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store XSS Attempt -- prodList.asp Msg"; flow:established,to_server; uricontent:"/scripts/prodList.asp?"; nocase; uricontent:"Msg="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2804; reference:url,www.secunia.com/advisories/25370; reference:url,doc.emergingthreats.net/2004570; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2004570; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy SELECT"; flow:established,to_server; uricontent:"/openPolicy.asp?"; nocase; uricontent:"policy="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007464; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007464; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy UNION SELECT"; flow:established,to_server; uricontent:"/openPolicy.asp?"; nocase; uricontent:"policy="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007465; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007465; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy INSERT"; flow:established,to_server; uricontent:"/openPolicy.asp?"; nocase; uricontent:"policy="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007466; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007466; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy DELETE"; flow:established,to_server; uricontent:"/openPolicy.asp?"; nocase; uricontent:"policy="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007467; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007467; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ASCII"; flow:established,to_server; uricontent:"/openPolicy.asp?"; nocase; uricontent:"policy="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007468; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007468; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy UPDATE"; flow:established,to_server; uricontent:"/openPolicy.asp?"; nocase; uricontent:"policy="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007469; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007469; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand SELECT"; flow:established,to_server; uricontent:"/prodList.asp?"; nocase; uricontent:"brand="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007470; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007470; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand UNION SELECT"; flow:established,to_server; uricontent:"/prodList.asp?"; nocase; uricontent:"brand="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007471; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007471; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand INSERT"; flow:established,to_server; uricontent:"/prodList.asp?"; nocase; uricontent:"brand="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007472; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007472; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand DELETE"; flow:established,to_server; uricontent:"/prodList.asp?"; nocase; uricontent:"brand="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007473; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007473; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand ASCII"; flow:established,to_server; uricontent:"/prodList.asp?"; nocase; uricontent:"brand="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007474; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007474; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand UPDATE"; flow:established,to_server; uricontent:"/prodList.asp?"; nocase; uricontent:"brand="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6109; reference:url,www.securityfocus.com/bid/21090/info; reference:url,doc.emergingthreats.net/2007475; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress; sid:2007475; rev:3;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Check New findoffice.php search parameter Remote SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/findoffice.php?"; nocase; uricontent:"search="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,www.milw0rm.com/exploits/7328; reference:bugtraq,32590; reference:url,doc.emergingthreats.net/2008933; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CheckNew; sid:2008933; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClaSS export.php ftype parameter Information Disclosure"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/scripts/export.php?"; nocase; content:"ftype="; nocase; pcre:"/(\.\.\/){1,}/U"; classtype:web-application-attack; reference:url,secunia.com/advisories/33222; reference:bugtraq,32929; reference:url,doc.emergingthreats.net/2009009; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ClaSS; sid:2009009; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date SELECT"; flow:established,to_server; uricontent:"/displayCalendar.asp?"; nocase; uricontent:"date="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; reference:url,doc.emergingthreats.net/2007223; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007223; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UNION SELECT"; flow:established,to_server; uricontent:"/displayCalendar.asp?"; nocase; uricontent:"date="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; reference:url,doc.emergingthreats.net/2007224; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007224; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date INSERT"; flow:established,to_server; uricontent:"/displayCalendar.asp?"; nocase; uricontent:"date="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; reference:url,doc.emergingthreats.net/2007225; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007225; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date DELETE"; flow:established,to_server; uricontent:"/displayCalendar.asp?"; nocase; uricontent:"date="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; reference:url,doc.emergingthreats.net/2007226; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007226; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ASCII"; flow:established,to_server; uricontent:"/displayCalendar.asp?"; nocase; uricontent:"date="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; reference:url,doc.emergingthreats.net/2007227; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007227; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UPDATE"; flow:established,to_server; uricontent:"/displayCalendar.asp?"; nocase; uricontent:"date="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6189; reference:url,www.securityfocus.com/bid/21310; reference:url,doc.emergingthreats.net/2007228; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007228; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage SELECT"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007229; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007229; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage UNION SELECT"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007230; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007230; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage INSERT"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007231; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007231; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage DELETE"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007232; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007232; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ASCII"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007233; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007233; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage UPDATE"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007234; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007234; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id SELECT"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"gallery_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007235; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007235; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id UNION SELECT"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"gallery_id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007236; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007236; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id INSERT"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"gallery_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007237; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id DELETE"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"gallery_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007238; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007238; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ASCII"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"gallery_id="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007239; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007239; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id UPDATE"; flow:established,to_server; uricontent:"/view_gallery.asp?"; nocase; uricontent:"gallery_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007240; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007240; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id SELECT"; flow:established,to_server; uricontent:"/download_image.asp?"; nocase; uricontent:"image_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007241; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007241; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id UNION SELECT"; flow:established,to_server; uricontent:"/download_image.asp?"; nocase; uricontent:"image_id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007242; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007242; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id INSERT"; flow:established,to_server; uricontent:"/download_image.asp?"; nocase; uricontent:"image_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007243; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007243; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id DELETE"; flow:established,to_server; uricontent:"/download_image.asp?"; nocase; uricontent:"image_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007244; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007244; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ASCII"; flow:established,to_server; uricontent:"/download_image.asp?"; nocase; uricontent:"image_id="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007245; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007245; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id UPDATE"; flow:established,to_server; uricontent:"/download_image.asp?"; nocase; uricontent:"image_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007246; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007246; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage SELECT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007247; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007247; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage UNION SELECT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007248; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007248; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage INSERT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007249; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007249; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage DELETE"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007250; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007250; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ASCII"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007251; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007251; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage UPDATE"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007252; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007252; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby SELECT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007253; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007253; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby UNION SELECT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007254; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007254; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby INSERT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007255; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007255; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby DELETE"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007256; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007256; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ASCII"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007257; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007257; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby UPDATE"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007258; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007258; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage SELECT"; flow:established,to_server; uricontent:"/view_recent.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007259; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007259; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage UNION SELECT"; flow:established,to_server; uricontent:"/view_recent.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007260; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007260; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage INSERT"; flow:established,to_server; uricontent:"/view_recent.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007261; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007261; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage DELETE"; flow:established,to_server; uricontent:"/view_recent.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007262; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007262; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ASCII"; flow:established,to_server; uricontent:"/view_recent.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007263; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007263; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage UPDATE"; flow:established,to_server; uricontent:"/view_recent.asp?"; nocase; uricontent:"currentpage="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; reference:url,doc.emergingthreats.net/2007264; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007264; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"AlphaSort="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007265; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007265; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort UNION SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"AlphaSort="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007266; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007266; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort INSERT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"AlphaSort="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007267; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007267; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort DELETE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"AlphaSort="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007268; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007268; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ASCII"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"AlphaSort="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007269; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007269; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort UPDATE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"AlphaSort="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007270; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007270; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"In="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007271; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007271; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In UNION SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"In="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007272; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007272; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In INSERT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"In="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007273; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007273; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In DELETE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"In="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007274; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007274; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In ASCII"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"In="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007275; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007275; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In UPDATE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"In="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007276; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007276; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007277; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007277; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby UNION SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007278; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007278; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby INSERT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007279; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007279; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby DELETE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007280; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007280; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ASCII"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007281; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007281; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby UPDATE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"orderby="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6181; reference:url,www.securityfocus.com/bid/21302; reference:url,doc.emergingthreats.net/2007282; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech; sid:2007282; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClientExec (CE) XSS Attempt -- index.php ticketID"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"ticketID="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2805; reference:url,www.securityfocus.com/bid/24061; reference:url,doc.emergingthreats.net/2004566; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ClientExec; sid:2004566; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClientExec (CE) XSS Attempt -- index.php view"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"view="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2805; reference:url,www.securityfocus.com/bid/24061; reference:url,doc.emergingthreats.net/2004567; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ClientExec; sid:2004567; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClientExec (CE) XSS Attempt -- index.php fuse"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"fuse="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2805; reference:url,www.securityfocus.com/bid/24061; reference:url,doc.emergingthreats.net/2004568; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ClientExec; sid:2004568; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClipShare Pro channel_detail.php chid Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/channel_detail.php?"; nocase; uricontent:"chid="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,32311; reference:url,milw0rm.com/exploits/7128; reference:url,doc.emergingthreats.net/2008866; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ClipSharePro; sid:2008866; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ClonusWiki XSS Attempt -- index.php query"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"query="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2913; reference:url,www.securityfocus.com/archive/1/archive/1/469230/100/0/threaded; reference:url,doc.emergingthreats.net/2004591; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ClonusWiki; sid:2004591; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID SELECT"; flow:established,to_server; uricontent:"/inc_listnews.asp?"; nocase; uricontent:"CAT_ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1021; reference:url,www.milw0rm.com/exploits/3317; reference:url,doc.emergingthreats.net/2004875; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance; sid:2004875; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID UNION SELECT"; flow:established,to_server; uricontent:"/inc_listnews.asp?"; nocase; uricontent:"CAT_ID="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1021; reference:url,www.milw0rm.com/exploits/3317; reference:url,doc.emergingthreats.net/2004876; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance; sid:2004876; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID INSERT"; flow:established,to_server; uricontent:"/inc_listnews.asp?"; nocase; uricontent:"CAT_ID="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1021; reference:url,www.milw0rm.com/exploits/3317; reference:url,doc.emergingthreats.net/2004877; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance; sid:2004877; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID DELETE"; flow:established,to_server; uricontent:"/inc_listnews.asp?"; nocase; uricontent:"CAT_ID="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1021; reference:url,www.milw0rm.com/exploits/3317; reference:url,doc.emergingthreats.net/2004878; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance; sid:2004878; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ASCII"; flow:established,to_server; uricontent:"/inc_listnews.asp?"; nocase; uricontent:"CAT_ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1021; reference:url,www.milw0rm.com/exploits/3317; reference:url,doc.emergingthreats.net/2004879; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance; sid:2004879; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID UPDATE"; flow:established,to_server; uricontent:"/inc_listnews.asp?"; nocase; uricontent:"CAT_ID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1021; reference:url,www.milw0rm.com/exploits/3317; reference:url,doc.emergingthreats.net/2004880; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance; sid:2004880; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct SELECT"; flow:established,to_server; uricontent:"/comersus_optReviewReadExec.asp?"; nocase; uricontent:"idProduct="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3323; reference:url,www.securityfocus.com/bid/24562; reference:url,doc.emergingthreats.net/2006504; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus; sid:2006504; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UNION SELECT"; flow:established,to_server; uricontent:"/comersus_optReviewReadExec.asp?"; nocase; uricontent:"idProduct="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3323; reference:url,www.securityfocus.com/bid/24562; reference:url,doc.emergingthreats.net/2006505; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus; sid:2006505; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct INSERT"; flow:established,to_server; uricontent:"/comersus_optReviewReadExec.asp?"; nocase; uricontent:"idProduct="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3323; reference:url,www.securityfocus.com/bid/24562; reference:url,doc.emergingthreats.net/2006506; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus; sid:2006506; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct DELETE"; flow:established,to_server; uricontent:"/comersus_optReviewReadExec.asp?"; nocase; uricontent:"idProduct="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3323; reference:url,www.securityfocus.com/bid/24562; reference:url,doc.emergingthreats.net/2006507; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus; sid:2006507; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ASCII"; flow:established,to_server; uricontent:"/comersus_optReviewReadExec.asp?"; nocase; uricontent:"idProduct="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3323; reference:url,www.securityfocus.com/bid/24562; reference:url,doc.emergingthreats.net/2006508; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus; sid:2006508; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UPDATE"; flow:established,to_server; uricontent:"/comersus_optReviewReadExec.asp?"; nocase; uricontent:"idProduct="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3323; reference:url,www.securityfocus.com/bid/24562; reference:url,doc.emergingthreats.net/2006509; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus; sid:2006509; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"epi="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; reference:url,doc.emergingthreats.net/2004635; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal; sid:2004635; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi UNION SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"epi="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; reference:url,doc.emergingthreats.net/2004636; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal; sid:2004636; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi INSERT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"epi="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; reference:url,doc.emergingthreats.net/2004637; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal; sid:2004637; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi DELETE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"epi="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; reference:url,doc.emergingthreats.net/2004638; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal; sid:2004638; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi ASCII"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"epi="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; reference:url,doc.emergingthreats.net/2004639; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal; sid:2004639; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi UPDATE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"epi="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3088; reference:url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded; reference:url,doc.emergingthreats.net/2004640; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal; sid:2004640; rev:4;) #By David Maciejak alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Community Link Pro Login.CGI Remote Command Execution Attempt"; flow:to_server,established; uricontent:"/login.cgi?"; nocase; pcre:"/(file=\|.+\|)/"; reference:bugtraq,14097; classtype: web-application-attack; reference:url,doc.emergingthreats.net/2002067; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Community_Link; sid:2002067; rev:5;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Concord Consortium CoAST header.php sections_file parameter remote file inclusion"; flow:established,to_server; content:"GET "; depth:4; uricontent:"/header.php?"; nocase; uricontent:"sections_file="; nocase; pcre:"/sections_file=\s*(ftps?|https?|php)\:\//Ui"; classtype:web-application-attack; reference:bugtraq,31461; reference:url,milw0rm.com/exploits/6598; reference:url,doc.emergingthreats.net/2009166; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Concord_Consortium; sid:2009166; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage SELECT"; flow:established,to_server; uricontent:"/admin.php?"; nocase; uricontent:"uploadimage="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1255; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004705; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004705; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage UNION SELECT"; flow:established,to_server; uricontent:"/admin.php?"; nocase; uricontent:"uploadimage="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1255; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004706; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004706; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage INSERT"; flow:established,to_server; uricontent:"/admin.php?"; nocase; uricontent:"uploadimage="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1255; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004707; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004707; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage DELETE"; flow:established,to_server; uricontent:"/admin.php?"; nocase; uricontent:"uploadimage="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1255; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004708; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004708; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage ASCII"; flow:established,to_server; uricontent:"/admin.php?"; nocase; uricontent:"uploadimage="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1255; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004709; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004709; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage UPDATE"; flow:established,to_server; uricontent:"/admin.php?"; nocase; uricontent:"uploadimage="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1255; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004710; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004710; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"p_skin="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1254; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004711; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004711; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin UNION SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"p_skin="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1254; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004712; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004712; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin INSERT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"p_skin="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1254; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004713; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004713; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin DELETE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"p_skin="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1254; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004714; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004714; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin ASCII"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"p_skin="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1254; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004715; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004715; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin UPDATE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"p_skin="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1254; reference:url,www.milw0rm.com/exploits/3352; reference:url,doc.emergingthreats.net/2004716; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal; sid:2004716; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pageid="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6157; reference:url,www.milw0rm.com/exploits/2822; reference:url,doc.emergingthreats.net/2007336; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow; sid:2007336; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid UNION SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pageid="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6157; reference:url,www.milw0rm.com/exploits/2822; reference:url,doc.emergingthreats.net/2007337; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow; sid:2007337; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid INSERT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pageid="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6157; reference:url,www.milw0rm.com/exploits/2822; reference:url,doc.emergingthreats.net/2007338; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow; sid:2007338; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid DELETE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pageid="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6157; reference:url,www.milw0rm.com/exploits/2822; reference:url,doc.emergingthreats.net/2007339; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow; sid:2007339; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid ASCII"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pageid="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6157; reference:url,www.milw0rm.com/exploits/2822; reference:url,doc.emergingthreats.net/2007340; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow; sid:2007340; rev:3;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid UPDATE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pageid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6157; reference:url,www.milw0rm.com/exploits/2822; reference:url,doc.emergingthreats.net/2007341; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow; sid:2007341; rev:3;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id SELECT"; flow:established,to_server; uricontent:"/haber.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6642; reference:url,www.securityfocus.com/bid/21626; reference:url,doc.emergingthreats.net/2006303; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber; sid:2006303; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id UNION SELECT"; flow:established,to_server; uricontent:"/haber.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6642; reference:url,www.securityfocus.com/bid/21626; reference:url,doc.emergingthreats.net/2006304; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber; sid:2006304; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id INSERT"; flow:established,to_server; uricontent:"/haber.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6642; reference:url,www.securityfocus.com/bid/21626; reference:url,doc.emergingthreats.net/2006305; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber; sid:2006305; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id DELETE"; flow:established,to_server; uricontent:"/haber.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6642; reference:url,www.securityfocus.com/bid/21626; reference:url,doc.emergingthreats.net/2006306; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber; sid:2006306; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ASCII"; flow:established,to_server; uricontent:"/haber.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6642; reference:url,www.securityfocus.com/bid/21626; reference:url,doc.emergingthreats.net/2006307; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber; sid:2006307; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id UPDATE"; flow:established,to_server; uricontent:"/haber.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6642; reference:url,www.securityfocus.com/bid/21626; reference:url,doc.emergingthreats.net/2006308; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber; sid:2006308; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav SELECT"; flow:established,to_server; uricontent:"/thumbnails.php?"; nocase; uricontent:"cpg131_fav="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1107; reference:url,www.milw0rm.com/exploits/3371; reference:url,doc.emergingthreats.net/2004809; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2004809; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav UNION SELECT"; flow:established,to_server; uricontent:"/thumbnails.php?"; nocase; uricontent:"cpg131_fav="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1107; reference:url,www.milw0rm.com/exploits/3371; reference:url,doc.emergingthreats.net/2004810; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2004810; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav INSERT"; flow:established,to_server; uricontent:"/thumbnails.php?"; nocase; uricontent:"cpg131_fav="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1107; reference:url,www.milw0rm.com/exploits/3371; reference:url,doc.emergingthreats.net/2004811; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2004811; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav DELETE"; flow:established,to_server; uricontent:"/thumbnails.php?"; nocase; uricontent:"cpg131_fav="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1107; reference:url,www.milw0rm.com/exploits/3371; reference:url,doc.emergingthreats.net/2004812; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2004812; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ASCII"; flow:established,to_server; uricontent:"/thumbnails.php?"; nocase; uricontent:"cpg131_fav="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1107; reference:url,www.milw0rm.com/exploits/3371; reference:url,doc.emergingthreats.net/2004813; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2004813; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav UPDATE"; flow:established,to_server; uricontent:"/thumbnails.php?"; nocase; uricontent:"cpg131_fav="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1107; reference:url,www.milw0rm.com/exploits/3371; reference:url,doc.emergingthreats.net/2004815; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2004815; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat SELECT"; flow:established,to_server; uricontent:"/albmgr.php?"; nocase; uricontent:"cat="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005841; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005841; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat UNION SELECT"; flow:established,to_server; uricontent:"/albmgr.php?"; nocase; uricontent:"cat="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005842; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005842; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat INSERT"; flow:established,to_server; uricontent:"/albmgr.php?"; nocase; uricontent:"cat="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005843; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005843; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat DELETE"; flow:established,to_server; uricontent:"/albmgr.php?"; nocase; uricontent:"cat="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005844; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005844; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ASCII"; flow:established,to_server; uricontent:"/albmgr.php?"; nocase; uricontent:"cat="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005845; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005845; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat UPDATE"; flow:established,to_server; uricontent:"/albmgr.php?"; nocase; uricontent:"cat="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005846; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005846; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid SELECT"; flow:established,to_server; uricontent:"/usermgr.php?"; nocase; uricontent:"gid="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005847; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005847; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid UNION SELECT"; flow:established,to_server; uricontent:"/usermgr.php?"; nocase; uricontent:"gid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005848; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005848; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid INSERT"; flow:established,to_server; uricontent:"/usermgr.php?"; nocase; uricontent:"gid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005849; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005849; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid DELETE"; flow:established,to_server; uricontent:"/usermgr.php?"; nocase; uricontent:"gid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005850; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005850; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ASCII"; flow:established,to_server; uricontent:"/usermgr.php?"; nocase; uricontent:"gid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005851; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005851; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid UPDATE"; flow:established,to_server; uricontent:"/usermgr.php?"; nocase; uricontent:"gid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005852; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005852; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start SELECT"; flow:established,to_server; uricontent:"/db_ecard.php?"; nocase; uricontent:"start="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005853; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005853; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start UNION SELECT"; flow:established,to_server; uricontent:"/db_ecard.php?"; nocase; uricontent:"start="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005854; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005854; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start INSERT"; flow:established,to_server; uricontent:"/db_ecard.php?"; nocase; uricontent:"start="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005855; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005855; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start DELETE"; flow:established,to_server; uricontent:"/db_ecard.php?"; nocase; uricontent:"start="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005856; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005856; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ASCII"; flow:established,to_server; uricontent:"/db_ecard.php?"; nocase; uricontent:"start="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005857; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005857; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start UPDATE"; flow:established,to_server; uricontent:"/db_ecard.php?"; nocase; uricontent:"start="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; reference:url,doc.emergingthreats.net/2005858; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery; sid:2005858; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id SELECT"; flow:established,to_server; uricontent:"/error.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; uricontent:"FROM"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2342; reference:url,www.milw0rm.com/exploits/3767; reference:url,doc.emergingthreats.net/2003752; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts; sid:2003752; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id UNION SELECT"; flow:established,to_server; uricontent:"/error.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2342; reference:url,www.milw0rm.com/exploits/3767; reference:url,doc.emergingthreats.net/2003753; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts; sid:2003753; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id INSERT"; flow:established,to_server; uricontent:"/error.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; uricontent:"INTO"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2342; reference:url,www.milw0rm.com/exploits/3767; reference:url,doc.emergingthreats.net/2003754; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts; sid:2003754; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id DELETE"; flow:established,to_server; uricontent:"/error.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; uricontent:"FROM"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2342; reference:url,www.milw0rm.com/exploits/3767; reference:url,doc.emergingthreats.net/2003755; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts; sid:2003755; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ASCII"; flow:established,to_server; uricontent:"/error.asp?"; nocase; uricontent:"id="; nocase; uricontent:"ASCII("; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2342; reference:url,www.milw0rm.com/exploits/3767; reference:url,doc.emergingthreats.net/2003756; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts; sid:2003756; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id UPDATE"; flow:established,to_server; uricontent:"/error.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; uricontent:"SET"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2342; reference:url,www.milw0rm.com/exploits/3767; reference:url,doc.emergingthreats.net/2003757; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts; sid:2003757; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid SELECT"; flow:established,to_server; uricontent:"/cats.asp?"; nocase; uricontent:"catid="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0112; reference:url,www.securityfocus.com/bid/21929; reference:url,doc.emergingthreats.net/2005859; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction; sid:2005859; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid UNION SELECT"; flow:established,to_server; uricontent:"/cats.asp?"; nocase; uricontent:"catid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0112; reference:url,www.securityfocus.com/bid/21929; reference:url,doc.emergingthreats.net/2005860; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction; sid:2005860; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid INSERT"; flow:established,to_server; uricontent:"/cats.asp?"; nocase; uricontent:"catid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0112; reference:url,www.securityfocus.com/bid/21929; reference:url,doc.emergingthreats.net/2005861; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction; sid:2005861; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid DELETE"; flow:established,to_server; uricontent:"/cats.asp?"; nocase; uricontent:"catid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0112; reference:url,www.securityfocus.com/bid/21929; reference:url,doc.emergingthreats.net/2005862; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction; sid:2005862; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid ASCII"; flow:established,to_server; uricontent:"/cats.asp?"; nocase; uricontent:"catid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0112; reference:url,www.securityfocus.com/bid/21929; reference:url,doc.emergingthreats.net/2005863; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction; sid:2005863; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid UPDATE"; flow:established,to_server; uricontent:"/cats.asp?"; nocase; uricontent:"catid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0112; reference:url,www.securityfocus.com/bid/21929; reference:url,doc.emergingthreats.net/2005864; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction; sid:2005864; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php SELECT"; flow:established,to_server; uricontent:"/cart.inc.php?"; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; reference:url,doc.emergingthreats.net/2004035; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart; sid:2004035; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT"; flow:established,to_server; uricontent:"/cart.inc.php?"; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; reference:url,doc.emergingthreats.net/2004036; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart; sid:2004036; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php INSERT"; flow:established,to_server; uricontent:"/cart.inc.php?"; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; reference:url,doc.emergingthreats.net/2004037; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart; sid:2004037; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php DELETE"; flow:established,to_server; uricontent:"/cart.inc.php?"; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; reference:url,doc.emergingthreats.net/2004038; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart; sid:2004038; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php ASCII"; flow:established,to_server; uricontent:"/cart.inc.php?"; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; reference:url,doc.emergingthreats.net/2004039; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart; sid:2004039; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php UPDATE"; flow:established,to_server; uricontent:"/cart.inc.php?"; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; reference:url,doc.emergingthreats.net/2004040; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart; sid:2004040; rev:4;) # By David Maciejak, 2005-11-03 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CutePHP CuteNews directory traversal vulnerability - show_news"; flow:to_server,established; uricontent:"/show_news.php"; nocase; uricontent:"template="; nocase; pcre:"/template=[./]+/Ui"; reference:bugtraq,15295; classtype: misc-activity; reference:url,doc.emergingthreats.net/2002668; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CuteNews; sid: 2002668; rev:6;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC CutePHP CuteNews directory traversal vulnerability - show_archives"; flow:to_server,established; uricontent:"/show_archives.php"; nocase; uricontent:"template="; nocase; pcre:"/template=[./]+/Ui"; reference:bugtraq,15295; classtype: misc-activity; reference:url,doc.emergingthreats.net/2003152; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CuteNews; sid: 2003152; rev:3;) # Submitted by David Maciejak on 2005-11-15 alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Cyphor show.php SQL injection attempt"; flow:to_server,established; uricontent:"/show.php?"; nocase; pcre:"/id=-?\d+\s+UNION\s+/Ui"; reference:bugtraq,15418; classtype: web-application-attack; reference:url,doc.emergingthreats.net/2002678; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Cyphor; sid: 2002678; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_SPECIFIC DB Software Laboratory VImpX.ocx ActiveX Control Multiple Insecure Methods"; flow:to_client,established; content:"CLSID"; nocase; content:"7600707B-9F47-416D-8AB5-6FD96EA37968"; nocase; distance:0; pcre:"/(LogFile|ClearLogFile|SaveToFile)/i"; classtype:web-application-attack; reference:bugtraq,31907; reference:url,milw0rm.com/exploits/6828; reference:url,doc.emergingthreats.net/2008789; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DB_Software; sid:2008789; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid SELECT"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"catid="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0693; reference:url,www.securityfocus.com/bid/24201; reference:url,doc.emergingthreats.net/2004083; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004083; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid UNION SELECT"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"catid="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0693; reference:url,www.securityfocus.com/bid/24201; reference:url,doc.emergingthreats.net/2004084; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004084; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid INSERT"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"catid="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0693; reference:url,www.securityfocus.com/bid/24201; reference:url,doc.emergingthreats.net/2004085; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004085; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid DELETE"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"catid="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0693; reference:url,www.securityfocus.com/bid/24201; reference:url,doc.emergingthreats.net/2004086; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004086; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid ASCII"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"catid="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0693; reference:url,www.securityfocus.com/bid/24201; reference:url,doc.emergingthreats.net/2004087; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004087; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid UPDATE"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"catid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0693; reference:url,www.securityfocus.com/bid/24201; reference:url,doc.emergingthreats.net/2004088; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004088; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid SELECT"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"newsid="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2994; reference:url,www.securityfocus.com/bid/24212; reference:url,doc.emergingthreats.net/2004456; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004456; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid UNION SELECT"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"newsid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2994; reference:url,www.securityfocus.com/bid/24212; reference:url,doc.emergingthreats.net/2004457; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004457; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid INSERT"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"newsid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2994; reference:url,www.securityfocus.com/bid/24212; reference:url,doc.emergingthreats.net/2004458; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004458; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid DELETE"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"newsid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2994; reference:url,www.securityfocus.com/bid/24212; reference:url,doc.emergingthreats.net/2004459; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004459; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid ASCII"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"newsid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2994; reference:url,www.securityfocus.com/bid/24212; reference:url,doc.emergingthreats.net/2004460; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004460; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid UPDATE"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"newsid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2994; reference:url,www.securityfocus.com/bid/24212; reference:url,doc.emergingthreats.net/2004461; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004461; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews XSS Attempt -- footer.php copyright"; flow:established,to_server; uricontent:"/footer.php?"; nocase; uricontent:"copyright="; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-0694; reference:url,www.securityfocus.com/bid/24200; reference:url,doc.emergingthreats.net/2004584; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004584; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DGNews XSS Attempt -- news.php catid"; flow:established,to_server; uricontent:"/news.php?"; nocase; uricontent:"catid="; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-0693; reference:url,www.securityfocus.com/bid/24201; reference:url,doc.emergingthreats.net/2004585; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews; sid:2004585; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid SELECT"; flow:established,to_server; uricontent:"/index.asp?"; nocase; uricontent:"mid="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7118; reference:url,www.securityfocus.com/bid/21064; reference:url,doc.emergingthreats.net/2004683; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2004683; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid UNION SELECT"; flow:established,to_server; uricontent:"/index.asp?"; nocase; uricontent:"mid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7118; reference:url,www.securityfocus.com/bid/21064; reference:url,doc.emergingthreats.net/2004684; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2004684; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid INSERT"; flow:established,to_server; uricontent:"/index.asp?"; nocase; uricontent:"mid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7118; reference:url,www.securityfocus.com/bid/21064; reference:url,doc.emergingthreats.net/2004685; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2004685; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid DELETE"; flow:established,to_server; uricontent:"/index.asp?"; nocase; uricontent:"mid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7118; reference:url,www.securityfocus.com/bid/21064; reference:url,doc.emergingthreats.net/2004686; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2004686; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ASCII"; flow:established,to_server; uricontent:"/index.asp?"; nocase; uricontent:"mid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7118; reference:url,www.securityfocus.com/bid/21064; reference:url,doc.emergingthreats.net/2004687; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2004687; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid UPDATE"; flow:established,to_server; uricontent:"/index.asp?"; nocase; uricontent:"mid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-7118; reference:url,www.securityfocus.com/bid/21064; reference:url,doc.emergingthreats.net/2004688; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2004688; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp SELECT"; flow:established,to_server; uricontent:"/set_preferences.asp?"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006081; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006081; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp UNION SELECT"; flow:established,to_server; uricontent:"/set_preferences.asp?"; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006082; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006082; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp INSERT"; flow:established,to_server; uricontent:"/set_preferences.asp?"; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006083; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006083; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp DELETE"; flow:established,to_server; uricontent:"/set_preferences.asp?"; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006084; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006084; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp ASCII"; flow:established,to_server; uricontent:"/set_preferences.asp?"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006085; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006085; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp UPDATE"; flow:established,to_server; uricontent:"/set_preferences.asp?"; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006086; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006086; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp SELECT"; flow:established,to_server; uricontent:"/send_password_preferences.asp?"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006087; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006087; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp UNION SELECT"; flow:established,to_server; uricontent:"/send_password_preferences.asp?"; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006088; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006088; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp INSERT"; flow:established,to_server; uricontent:"/send_password_preferences.asp?"; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006089; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006089; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp DELETE"; flow:established,to_server; uricontent:"/send_password_preferences.asp?"; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006090; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006090; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp ASCII"; flow:established,to_server; uricontent:"/send_password_preferences.asp?"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006091; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006091; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp UPDATE"; flow:established,to_server; uricontent:"/send_password_preferences.asp?"; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006092; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006092; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp SELECT"; flow:established,to_server; uricontent:"/SecureLoginManager/list.asp?"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006093; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006093; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp UNION SELECT"; flow:established,to_server; uricontent:"/SecureLoginManager/list.asp?"; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006094; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006094; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp INSERT"; flow:established,to_server; uricontent:"/SecureLoginManager/list.asp?"; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006095; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006095; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp DELETE"; flow:established,to_server; uricontent:"/SecureLoginManager/list.asp?"; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006096; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006096; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp ASCII"; flow:established,to_server; uricontent:"/SecureLoginManager/list.asp?"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006097; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006097; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp UPDATE"; flow:established,to_server; uricontent:"/SecureLoginManager/list.asp?"; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006098; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006098; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent SELECT"; flow:established,to_server; uricontent:"/login.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006099; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006099; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent UNION SELECT"; flow:established,to_server; uricontent:"/login.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006100; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006100; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent INSERT"; flow:established,to_server; uricontent:"/login.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006101; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006101; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent DELETE"; flow:established,to_server; uricontent:"/login.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006102; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006102; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ASCII"; flow:established,to_server; uricontent:"/login.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006103; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006103; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent UPDATE"; flow:established,to_server; uricontent:"/login.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006104; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006104; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent SELECT"; flow:established,to_server; uricontent:"/content.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006105; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006105; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent UNION SELECT"; flow:established,to_server; uricontent:"/content.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006106; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006106; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent INSERT"; flow:established,to_server; uricontent:"/content.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006107; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006107; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent DELETE"; flow:established,to_server; uricontent:"/content.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006108; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006108; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ASCII"; flow:established,to_server; uricontent:"/content.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006109; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006109; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent UPDATE"; flow:established,to_server; uricontent:"/content.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006110; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006110; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent SELECT"; flow:established,to_server; uricontent:"/members.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006111; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006111; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent UNION SELECT"; flow:established,to_server; uricontent:"/members.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006112; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006112; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent INSERT"; flow:established,to_server; uricontent:"/members.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006113; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006113; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent DELETE"; flow:established,to_server; uricontent:"/members.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006114; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006114; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ASCII"; flow:established,to_server; uricontent:"/members.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006115; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006115; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent UPDATE"; flow:established,to_server; uricontent:"/members.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006116; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent SELECT"; flow:established,to_server; uricontent:"/applications/SecureLoginManager/inc_secureloginmanager.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006117; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006117; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent UNION SELECT"; flow:established,to_server; uricontent:"/applications/SecureLoginManager/inc_secureloginmanager.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006118; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006118; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent INSERT"; flow:established,to_server; uricontent:"/applications/SecureLoginManager/inc_secureloginmanager.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006119; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006119; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent DELETE"; flow:established,to_server; uricontent:"/applications/SecureLoginManager/inc_secureloginmanager.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006120; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006120; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ASCII"; flow:established,to_server; uricontent:"/applications/SecureLoginManager/inc_secureloginmanager.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006121; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006121; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent UPDATE"; flow:established,to_server; uricontent:"/applications/SecureLoginManager/inc_secureloginmanager.asp?"; nocase; uricontent:"sent="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6816; reference:url,www.securityfocus.com/bid/21788; reference:url,doc.emergingthreats.net/2006122; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady; sid:2006122; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum SELECT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"ordernum="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6911; reference:url,www.milw0rm.com/exploits/3089; reference:url,doc.emergingthreats.net/2005895; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS; sid:2005895; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum UNION SELECT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"ordernum="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6911; reference:url,www.milw0rm.com/exploits/3089; reference:url,doc.emergingthreats.net/2005896; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS; sid:2005896; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum INSERT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"ordernum="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6911; reference:url,www.milw0rm.com/exploits/3089; reference:url,doc.emergingthreats.net/2005897; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS; sid:2005897; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum DELETE"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"ordernum="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6911; reference:url,www.milw0rm.com/exploits/3089; reference:url,doc.emergingthreats.net/2005898; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS; sid:2005898; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ASCII"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"ordernum="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6911; reference:url,www.milw0rm.com/exploits/3089; reference:url,doc.emergingthreats.net/2005899; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS; sid:2005899; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum UPDATE"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"ordernum="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6911; reference:url,www.milw0rm.com/exploits/3089; reference:url,doc.emergingthreats.net/2005900; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS; sid:2005900; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DVDdb XSS Attempt -- loan.php movieid"; flow:established,to_server; uricontent:"/loan.php?"; nocase; uricontent:"movieid="; nocase; uricontent:"script"; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2499; reference:url,www.securityfocus.com/bid/23764; reference:url,doc.emergingthreats.net/2003920; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DVDdb; sid:2003920; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DVDdb XSS Attempt -- listmovies.php s"; flow:established,to_server; uricontent:"/listmovies.php?"; nocase; uricontent:"s="; nocase; uricontent:"script"; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2499; reference:url,www.securityfocus.com/bid/23764; reference:url,doc.emergingthreats.net/2003921; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DVDdb; sid:2003921; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DeZine DZcms products.php pcat parameter SQL injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/products.php?"; nocase; uricontent:"pcat="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,33194; reference:url,milw0rm.com/exploits/7722; reference:url,doc.emergingthreats.net/2009319; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DeZine; sid:2009319; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DeltaScripts PHP Classifieds siteid parameter Remote SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/detail.php?"; nocase; uricontent:"siteid="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,frsirt.com/english/advisories/2008/3079; reference:bugtraq,32191; reference:url,doc.emergingthreats.net/2008838; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DeltaScripts; sid:2008838; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DeluxeBB misc.php qorder Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/misc.php?"; nocase; uricontent:"sub=memberlist"; nocase; uricontent:"qorder="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,34174; reference:url,milw0rm.com/exploits/8240; reference:url,doc.emergingthreats.net/2009368; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DeluseBB; sid:2009368; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Demium CMS tracking.php follow_kat Parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/tracking.php?"; nocase; uricontent:"follow_kat="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,33933; reference:url,milw0rm.com/exploits/8124; reference:url,doc.emergingthreats.net/2009323; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Demium; sid:2009323; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Demium CMS urheber.php name Parameter Local File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/urheber.php?"; nocase; uricontent:"name="; nocase; content:"../"; classtype:web-application-attack; reference:bugtraq,33933; reference:url,milw0rm.com/exploits/8124; reference:url,doc.emergingthreats.net/2009324; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Demium; sid:2009324; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id SELECT"; flow:established,to_server; uricontent:"/page.asp?"; nocase; uricontent:"art_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1077; reference:url,www.securityfocus.com/bid/22636; reference:url,doc.emergingthreats.net/2004834; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online; sid:2004834; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id UNION SELECT"; flow:established,to_server; uricontent:"/page.asp?"; nocase; uricontent:"art_id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1077; reference:url,www.securityfocus.com/bid/22636; reference:url,doc.emergingthreats.net/2004835; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online; sid:2004835; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id INSERT"; flow:established,to_server; uricontent:"/page.asp?"; nocase; uricontent:"art_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1077; reference:url,www.securityfocus.com/bid/22636; reference:url,doc.emergingthreats.net/2004836; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online; sid:2004836; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id DELETE"; flow:established,to_server; uricontent:"/page.asp?"; nocase; uricontent:"art_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1077; reference:url,www.securityfocus.com/bid/22636; reference:url,doc.emergingthreats.net/2004837; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online; sid:2004837; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ASCII"; flow:established,to_server; uricontent:"/page.asp?"; nocase; uricontent:"art_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1077; reference:url,www.securityfocus.com/bid/22636; reference:url,doc.emergingthreats.net/2004838; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online; sid:2004838; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id UPDATE"; flow:established,to_server; uricontent:"/page.asp?"; nocase; uricontent:"art_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1077; reference:url,www.securityfocus.com/bid/22636; reference:url,doc.emergingthreats.net/2004839; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online; sid:2004839; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DesktopOnNet don3_requiem.php app_path Parameter Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/don3_requiem.php?"; nocase; uricontent:"app_path="; nocase; pcre:"/app_path=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,2008-2649; reference:url,xforce.iss.net/xforce/xfdb/42790; reference:url,milw0rm.com/exploits/5715; reference:url,doc.emergingthreats.net/2009317; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DesktopOnNet; sid:2009317; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DesktopOnNet frontpage.php app_path Parameter Remote File Inclusion"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/frontpage.php?"; nocase; uricontent:"app_path="; nocase; pcre:"/app_path=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,2008-2649; reference:url,xforce.iss.net/xforce/xfdb/42790; reference:url,milw0rm.com/exploits/5715; reference:url,doc.emergingthreats.net/2009318; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DesktopOnNet; sid:2009318; rev:2;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DevelopItEasy Photo Gallery cat_id paramter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/gallery_category.php?"; nocase; uricontent:"cat_id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/32593/; reference:url,milw0rm.com/exploits/7016; reference:url,doc.emergingthreats.net/2008830; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DevelopitEasy; sid:2008830; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DevelopItEasy Photo Gallery photo_id paramter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/gallery_photo.php?"; nocase; uricontent:"photo_id="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/32593/; reference:url,milw0rm.com/exploits/7016; reference:url,doc.emergingthreats.net/2008831; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DevelopitEasy; sid:2008831; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DevelopItEasy News And Article aid parameter SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/article_details.php?"; nocase; uricontent:"aid="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,milw0rm.com/exploits/7014; reference:url,secunia.com/Advisories/32595/; reference:url,doc.emergingthreats.net/2008834; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DevelopitEasy; sid:2008834; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id SELECT"; flow:established,to_server; uricontent:"/visu_user.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0306; reference:url,www.milw0rm.com/exploits/3122; reference:url,doc.emergingthreats.net/2005591; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz; sid:2005591; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id UNION SELECT"; flow:established,to_server; uricontent:"/visu_user.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0306; reference:url,www.milw0rm.com/exploits/3122; reference:url,doc.emergingthreats.net/2005592; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz; sid:2005592; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id INSERT"; flow:established,to_server; uricontent:"/visu_user.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0306; reference:url,www.milw0rm.com/exploits/3122; reference:url,doc.emergingthreats.net/2005593; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz; sid:2005593; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id DELETE"; flow:established,to_server; uricontent:"/visu_user.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0306; reference:url,www.milw0rm.com/exploits/3122; reference:url,doc.emergingthreats.net/2005594; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz; sid:2005594; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ASCII"; flow:established,to_server; uricontent:"/visu_user.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0306; reference:url,www.milw0rm.com/exploits/3122; reference:url,doc.emergingthreats.net/2005595; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz; sid:2005595; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id UPDATE"; flow:established,to_server; uricontent:"/visu_user.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0306; reference:url,www.milw0rm.com/exploits/3122; reference:url,doc.emergingthreats.net/2005596; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz; sid:2005596; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digirez XSS Attempt -- info_book.asp Room_name"; flow:established,to_server; uricontent:"/room/info_book.asp?"; nocase; uricontent:"Room_name="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2880; reference:url,www.securityfocus.com/archive/1/archive/1/469589/100/0/threaded; reference:url,doc.emergingthreats.net/2004595; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez; sid:2004595; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digirez XSS Attempt -- week.asp curYear"; flow:established,to_server; uricontent:"/room/week.asp?"; nocase; uricontent:"curYear="; nocase; uricontent:"script"; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2880; reference:url,www.securityfocus.com/archive/1/archive/1/469589/100/0/threaded; reference:url,doc.emergingthreats.net/2004596; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez; sid:2004596; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id SELECT"; flow:established,to_server; uricontent:"/info_book.asp?"; nocase; uricontent:"book_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0128; reference:url,www.milw0rm.com/exploits/3081; reference:url,doc.emergingthreats.net/2005835; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez; sid:2005835; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id UNION SELECT"; flow:established,to_server; uricontent:"/info_book.asp?"; nocase; uricontent:"book_id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0128; reference:url,www.milw0rm.com/exploits/3081; reference:url,doc.emergingthreats.net/2005836; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez; sid:2005836; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id INSERT"; flow:established,to_server; uricontent:"/info_book.asp?"; nocase; uricontent:"book_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0128; reference:url,www.milw0rm.com/exploits/3081; reference:url,doc.emergingthreats.net/2005837; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez; sid:2005837; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id DELETE"; flow:established,to_server; uricontent:"/info_book.asp?"; nocase; uricontent:"book_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0128; reference:url,www.milw0rm.com/exploits/3081; reference:url,doc.emergingthreats.net/2005838; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez; sid:2005838; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id ASCII"; flow:established,to_server; uricontent:"/info_book.asp?"; nocase; uricontent:"book_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0128; reference:url,www.milw0rm.com/exploits/3081; reference:url,doc.emergingthreats.net/2005839; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez; sid:2005839; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id UPDATE"; flow:established,to_server; uricontent:"/info_book.asp?"; nocase; uricontent:"book_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0128; reference:url,www.milw0rm.com/exploits/3081; reference:url,doc.emergingthreats.net/2005840; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez; sid:2005840; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_SCPECIFIC DjVu DjVu_ActiveX_MSOffice.dll ActiveX Component Heap Buffer Overflow"; flow:to_client,established; content:"CLSID"; nocase; content:"4A46B8CD-F7BD-11D4-B1D8-000102290E7C"; nocase; distance:0; content:"0x400000"; distance:0; content:"ImageURL"; nocase; classtype:web-application-attack; reference:bugtraq,31987; reference:url,milw0rm.com/exploits/6878; reference:url,doc.emergingthreats.net/2008790; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DjVu; sid:2008790; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen SELECT"; flow:established,to_server; uricontent:"/tracking/courseLog.php?"; nocase; uricontent:"scormcontopen="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2889; reference:url,www.milw0rm.com/exploits/3980; reference:url,doc.emergingthreats.net/2004047; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004047; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen UNION SELECT"; flow:established,to_server; uricontent:"/tracking/courseLog.php?"; nocase; uricontent:"scormcontopen="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2889; reference:url,www.milw0rm.com/exploits/3980; reference:url,doc.emergingthreats.net/2004048; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004048; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen INSERT"; flow:established,to_server; uricontent:"/tracking/courseLog.php?"; nocase; uricontent:"scormcontopen="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2889; reference:url,www.milw0rm.com/exploits/3980; reference:url,doc.emergingthreats.net/2004049; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004049; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen DELETE"; flow:established,to_server; uricontent:"/tracking/courseLog.php?"; nocase; uricontent:"scormcontopen="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2889; reference:url,www.milw0rm.com/exploits/3980; reference:url,doc.emergingthreats.net/2004050; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004050; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ASCII"; flow:established,to_server; uricontent:"/tracking/courseLog.php?"; nocase; uricontent:"scormcontopen="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2889; reference:url,www.milw0rm.com/exploits/3980; reference:url,doc.emergingthreats.net/2004051; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004051; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen UPDATE"; flow:established,to_server; uricontent:"/tracking/courseLog.php?"; nocase; uricontent:"scormcontopen="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2889; reference:url,www.milw0rm.com/exploits/3980; reference:url,doc.emergingthreats.net/2004052; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004052; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course SELECT"; flow:established,to_server; uricontent:"/main/auth/my_progress.php?"; nocase; uricontent:"course="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2902; reference:url,www.milw0rm.com/exploits/3974; reference:url,doc.emergingthreats.net/2004065; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004065; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course UNION SELECT"; flow:established,to_server; uricontent:"/main/auth/my_progress.php?"; nocase; uricontent:"course="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2902; reference:url,www.milw0rm.com/exploits/3974; reference:url,doc.emergingthreats.net/2004066; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004066; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course INSERT"; flow:established,to_server; uricontent:"/main/auth/my_progress.php?"; nocase; uricontent:"course="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2902; reference:url,www.milw0rm.com/exploits/3974; reference:url,doc.emergingthreats.net/2004067; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004067; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course DELETE"; flow:established,to_server; uricontent:"/main/auth/my_progress.php?"; nocase; uricontent:"course="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2902; reference:url,www.milw0rm.com/exploits/3974; reference:url,doc.emergingthreats.net/2004068; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004068; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course ASCII"; flow:established,to_server; uricontent:"/main/auth/my_progress.php?"; nocase; uricontent:"course="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2902; reference:url,www.milw0rm.com/exploits/3974; reference:url,doc.emergingthreats.net/2004069; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004069; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course UPDATE"; flow:established,to_server; uricontent:"/main/auth/my_progress.php?"; nocase; uricontent:"course="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2902; reference:url,www.milw0rm.com/exploits/3974; reference:url,doc.emergingthreats.net/2004070; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004070; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dokeos XSS Attempt -- editor.php img"; flow:established,to_server; uricontent:"/main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php?"; nocase; uricontent:"img="; nocase; pcre:"/.*?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2901; reference:url,www.milw0rm.com/exploits/3974; reference:url,doc.emergingthreats.net/2004593; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos; sid:2004593; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID SELECT"; flow:established,to_server; uricontent:"/bus_details.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6804; reference:url,www.milw0rm.com/exploits/2992; reference:url,doc.emergingthreats.net/2006141; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir; sid:2006141; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID UNION SELECT"; flow:established,to_server; uricontent:"/bus_details.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6804; reference:url,www.milw0rm.com/exploits/2992; reference:url,doc.emergingthreats.net/2006142; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir; sid:2006142; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID INSERT"; flow:established,to_server; uricontent:"/bus_details.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6804; reference:url,www.milw0rm.com/exploits/2992; reference:url,doc.emergingthreats.net/2006143; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir; sid:2006143; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID DELETE"; flow:established,to_server; uricontent:"/bus_details.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6804; reference:url,www.milw0rm.com/exploits/2992; reference:url,doc.emergingthreats.net/2006144; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir; sid:2006144; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ASCII"; flow:established,to_server; uricontent:"/bus_details.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6804; reference:url,www.milw0rm.com/exploits/2992; reference:url,doc.emergingthreats.net/2006145; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir; sid:2006145; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID UPDATE"; flow:established,to_server; uricontent:"/bus_details.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6804; reference:url,www.milw0rm.com/exploits/2992; reference:url,doc.emergingthreats.net/2006146; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir; sid:2006146; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id SELECT"; flow:established,to_server; uricontent:"/goster.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1422; reference:url,www.securityfocus.com/bid/22910; reference:url,doc.emergingthreats.net/2004385; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu; sid:2004385; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id UNION SELECT"; flow:established,to_server; uricontent:"/goster.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1422; reference:url,www.securityfocus.com/bid/22910; reference:url,doc.emergingthreats.net/2004386; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu; sid:2004386; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id INSERT"; flow:established,to_server; uricontent:"/goster.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1422; reference:url,www.securityfocus.com/bid/22910; reference:url,doc.emergingthreats.net/2004387; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu; sid:2004387; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id DELETE"; flow:established,to_server; uricontent:"/goster.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1422; reference:url,www.securityfocus.com/bid/22910; reference:url,doc.emergingthreats.net/2004388; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu; sid:2004388; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ASCII"; flow:established,to_server; uricontent:"/goster.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1422; reference:url,www.securityfocus.com/bid/22910; reference:url,doc.emergingthreats.net/2004389; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu; sid:2004389; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id UPDATE"; flow:established,to_server; uricontent:"/goster.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1422; reference:url,www.securityfocus.com/bid/22910; reference:url,doc.emergingthreats.net/2004390; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu; sid:2004390; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iFile="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006687; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006687; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile UNION SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iFile="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006688; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006688; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile INSERT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iFile="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006689; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006689; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile DELETE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iFile="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006690; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006690; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile ASCII"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iFile="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006691; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006691; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile UPDATE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iFile="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006692; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006692; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"action="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006694; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006694; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action UNION SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"action="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006695; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006695; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action INSERT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"action="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006696; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006696; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action DELETE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"action="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006697; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006697; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action ASCII"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"action="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006698; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006698; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action UPDATE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"action="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6367; reference:url,www.securityfocus.com/bid/21405; reference:url,doc.emergingthreats.net/2006699; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006699; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6365; reference:url,www.securityfocus.com/bid/14034; reference:url,doc.emergingthreats.net/2006700; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006700; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType UNION SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6365; reference:url,www.securityfocus.com/bid/14034; reference:url,doc.emergingthreats.net/2006701; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006701; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType INSERT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6365; reference:url,www.securityfocus.com/bid/14034; reference:url,doc.emergingthreats.net/2006702; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006702; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType DELETE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6365; reference:url,www.securityfocus.com/bid/14034; reference:url,doc.emergingthreats.net/2006703; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006703; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType ASCII"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6365; reference:url,www.securityfocus.com/bid/14034; reference:url,doc.emergingthreats.net/2006704; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006704; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType UPDATE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6365; reference:url,www.securityfocus.com/bid/14034; reference:url,doc.emergingthreats.net/2006705; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006705; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"iCity="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6355; reference:url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded; reference:url,doc.emergingthreats.net/2006706; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006706; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UNION SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"iCity="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6355; reference:url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded; reference:url,doc.emergingthreats.net/2006707; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006707; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity INSERT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"iCity="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6355; reference:url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded; reference:url,doc.emergingthreats.net/2006708; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006708; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity DELETE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"iCity="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6355; reference:url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded; reference:url,doc.emergingthreats.net/2006709; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006709; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ASCII"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"iCity="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6355; reference:url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded; reference:url,doc.emergingthreats.net/2006710; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006710; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UPDATE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"iCity="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6355; reference:url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded; reference:url,doc.emergingthreats.net/2006711; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006711; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iNews="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006712; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006712; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iNews="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006713; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006713; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iNews="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006714; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006714; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iNews="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006715; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006715; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iNews="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006716; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006716; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iNews="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006717; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006717; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006718; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006718; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType UNION SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006719; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006719; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType INSERT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006720; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006720; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType DELETE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006721; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006721; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType ASCII"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006722; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006722; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType UPDATE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iType="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006723; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006723; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"Action="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006724; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006724; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action UNION SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"Action="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006725; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006725; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action INSERT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"Action="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006726; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006726; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action DELETE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"Action="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006727; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006727; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action ASCII"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"Action="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006728; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006728; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action UPDATE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"Action="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6354; reference:url,www.securityfocus.com/bid/15681; reference:url,doc.emergingthreats.net/2006729; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware; sid:2006729; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DynamicPAD Remote Inclusion Attempt -- dp_logs.php HomeDir"; flow:established,to_server; uricontent:"/dp_logs.php?"; nocase; uricontent:"HomeDir="; nocase; pcre:"/=\s*(https?|ftps|php)\:\//Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2527; reference:url,milw0rm.com/exploits/3868; reference:url,doc.emergingthreats.net/2003679; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dynamicpad; sid:2003679; rev:5;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC DynamicPAD Remote Inclusion Attempt -- index.php HomeDir"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"HomeDir="; nocase; pcre:"/=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2527; reference:url,milw0rm.com/exploits/3868; reference:url,doc.emergingthreats.net/2003680; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dynamicpad; sid:2003680; rev:5;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a SELECT"; flow:established,to_server; uricontent:"/home.php?"; nocase; uricontent:"a="; nocase; uricontent:"SELECT"; nocase; uricontent:"FROM"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2416; reference:url,www.securityfocus.com/bid/23727; reference:url,doc.emergingthreats.net/2003770; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu; sid:2003770; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a UNION SELECT"; flow:established,to_server; uricontent:"/home.php?"; nocase; uricontent:"a="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2416; reference:url,www.securityfocus.com/bid/23727; reference:url,doc.emergingthreats.net/2003771; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu; sid:2003771; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a INSERT"; flow:established,to_server; uricontent:"/home.php?"; nocase; uricontent:"a="; nocase; uricontent:"INSERT"; nocase; uricontent:"INTO"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2416; reference:url,www.securityfocus.com/bid/23727; reference:url,doc.emergingthreats.net/2003772; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu; sid:2003772; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a DELETE"; flow:established,to_server; uricontent:"/home.php?"; nocase; uricontent:"a="; nocase; uricontent:"DELETE"; nocase; uricontent:"FROM"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2416; reference:url,www.securityfocus.com/bid/23727; reference:url,doc.emergingthreats.net/2003773; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu; sid:2003773; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a ASCII"; flow:established,to_server; uricontent:"/home.php?"; nocase; uricontent:"a="; nocase; uricontent:"ASCII("; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2416; reference:url,www.securityfocus.com/bid/23727; reference:url,doc.emergingthreats.net/2003774; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu; sid:2003774; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a UPDATE"; flow:established,to_server; uricontent:"/home.php?"; nocase; uricontent:"a="; nocase; uricontent:"UPDATE"; nocase; uricontent:"SET"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2416; reference:url,www.securityfocus.com/bid/23727; reference:url,doc.emergingthreats.net/2003775; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu; sid:2003775; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC E-Gads Remote Inclusion Attempt -- common.php locale"; flow:established,to_server; uricontent:"/common.php?"; nocase; uricontent:"locale="; nocase; pcre:"/=\s*(https?|ftps?|php)\:\//Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2521; reference:url,www.milw0rm.com/exploits/3846; reference:url,doc.emergingthreats.net/2003682; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Gads; sid:2003682; rev:5;) #by Stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC E-Shop Shopping Cart Script search_results.php SQL Injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/search_results.php?cid="; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:bugtraq,30692; reference:url,doc.emergingthreats.net/2008684; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Shop; sid:2008684; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EQdkp XSS Attempt -- listmembers.php show"; flow:established,to_server; uricontent:"/listmembers.php?"; nocase; uricontent:"show="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2716; reference:url,www.securityfocus.com/bid/23951; reference:url,doc.emergingthreats.net/2003876; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp; sid:2003876; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EQdkp XSS Attempt -- stats.php show"; flow:established,to_server; uricontent:"/stats.php?"; nocase; uricontent:"show="; nocase; pcre:"/?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2716; reference:url,www.securityfocus.com/bid/23951; reference:url,doc.emergingthreats.net/2003877; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp; sid:2003877; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank SELECT"; flow:established,to_server; uricontent:"/listmembers.php?"; nocase; uricontent:"rank="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; reference:url,doc.emergingthreats.net/2004624; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp; sid:2004624; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank UNION SELECT"; flow:established,to_server; uricontent:"/listmembers.php?"; nocase; uricontent:"rank="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; reference:url,doc.emergingthreats.net/2004625; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp; sid:2004625; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank INSERT"; flow:established,to_server; uricontent:"/listmembers.php?"; nocase; uricontent:"rank="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; reference:url,doc.emergingthreats.net/2004626; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp; sid:2004626; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank DELETE"; flow:established,to_server; uricontent:"/listmembers.php?"; nocase; uricontent:"rank="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; reference:url,doc.emergingthreats.net/2004627; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp; sid:2004627; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank ASCII"; flow:established,to_server; uricontent:"/listmembers.php?"; nocase; uricontent:"rank="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; reference:url,doc.emergingthreats.net/2004628; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp; sid:2004628; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank UPDATE"; flow:established,to_server; uricontent:"/listmembers.php?"; nocase; uricontent:"rank="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-3077; reference:url,www.milw0rm.com/exploits/4030; reference:url,doc.emergingthreats.net/2004629; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp; sid:2004629; rev:4;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword SELECT"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"keyword="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0403; reference:url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded; reference:url,doc.emergingthreats.net/2005268; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005268; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword UNION SELECT"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"keyword="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0403; reference:url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded; reference:url,doc.emergingthreats.net/2005269; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005269; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword INSERT"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"keyword="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0403; reference:url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded; reference:url,doc.emergingthreats.net/2005270; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005270; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword DELETE"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"keyword="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0403; reference:url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded; reference:url,doc.emergingthreats.net/2005271; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005271; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ASCII"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"keyword="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0403; reference:url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded; reference:url,doc.emergingthreats.net/2005272; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005272; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword UPDATE"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"keyword="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0403; reference:url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded; reference:url,doc.emergingthreats.net/2005273; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005273; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row SELECT"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"init_row="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0401; reference:url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded; reference:url,doc.emergingthreats.net/2005274; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005274; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row UNION SELECT"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"init_row="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0401; reference:url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded; reference:url,doc.emergingthreats.net/2005275; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005275; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row INSERT"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"init_row="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0401; reference:url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded; reference:url,doc.emergingthreats.net/2005276; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005276; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row DELETE"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"init_row="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0401; reference:url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded; reference:url,doc.emergingthreats.net/2005277; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005277; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ASCII"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"init_row="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0401; reference:url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded; reference:url,doc.emergingthreats.net/2005278; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005278; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row UPDATE"; flow:established,to_server; uricontent:"/admin/memberlist.php?"; nocase; uricontent:"init_row="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0401; reference:url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded; reference:url,doc.emergingthreats.net/2005279; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay; sid:2005279; rev:4;) #by stillsecure alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easyedit CMS page.php intpageID parameter sql injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/page.php?"; nocase; uricontent:"intPageID="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/32822/; reference:url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt; reference:url,doc.emergingthreats.net/2008883; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyEditCMS; sid:2008883; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easyedit CMS subcategory.php intSubCategoryID parameter sql injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"subcategory.php?"; nocase; uricontent:"intSubCategoryID="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/32822/; reference:url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt; reference:url,doc.emergingthreats.net/2008884; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyEditCMS; sid:2008884; rev:2;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC Easyedit CMS news.php intPageID parameter sql injection"; flow:to_server,established; content:"GET "; depth:4; uricontent:"news.php?"; nocase; uricontent:"intPageID="; nocase; uricontent:"UNION"; nocase; uricontent:"SELECT"; nocase; pcre:"/UNION.+SELECT/Ui"; classtype:web-application-attack; reference:url,secunia.com/advisories/32822/; reference:url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt; reference:url,doc.emergingthreats.net/2008885; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyEditCMS; sid:2008885; rev:2;) #by tinytwitty alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i SELECT"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"i="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005039; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005039; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i UNION SELECT"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"i="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005040; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005040; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i INSERT"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"i="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005041; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005041; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i DELETE"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"i="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005042; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005042; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i ASCII"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"i="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005043; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005043; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i UPDATE"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"i="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005045; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005045; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id SELECT"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005044; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005044; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id UNION SELECT"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005046; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005046; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id INSERT"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005047; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005047; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id DELETE"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005048; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005048; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id ASCII"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005049; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005049; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id UPDATE"; flow:established,to_server; uricontent:"/add_comment.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005050; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005050; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i SELECT"; flow:established,to_server; uricontent:"/list_comments.php?"; nocase; uricontent:"i="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005051; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005051; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i UNION SELECT"; flow:established,to_server; uricontent:"/list_comments.php?"; nocase; uricontent:"i="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005052; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005052; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i INSERT"; flow:established,to_server; uricontent:"/list_comments.php?"; nocase; uricontent:"i="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005053; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005053; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i DELETE"; flow:established,to_server; uricontent:"/list_comments.php?"; nocase; uricontent:"i="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005054; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005054; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i ASCII"; flow:established,to_server; uricontent:"/list_comments.php?"; nocase; uricontent:"i="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005055; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog; sid:2005055; rev:4;) alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i UPDATE"; flow:established,to_server; uricontent:"/list_comments.php?"; nocase; uricontent:"i="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; reference:url,doc.emergingthreats.net/2005056; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB