alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP GlobalFunctions.php access"; flow:to_server,established; uricontent:"/GlobalFunctions.php"; nocase; metadata:service http; reference:bugtraq,9057; classtype:web-application-activity; sid:2282; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP DatabaseFunctions.php access"; flow:to_server,established; uricontent:"/DatabaseFunctions.php"; nocase; metadata:service http; reference:bugtraq,9057; classtype:web-application-activity; sid:2283; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP rolis guestbook remote file include attempt"; flow:to_server,established; uricontent:"/insert.inc.php"; nocase; content:"path="; metadata:service http; reference:bugtraq,9057; classtype:web-application-attack; sid:2284; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP rolis guestbook access"; flow:to_server,established; uricontent:"/insert.inc.php"; nocase; metadata:service http; reference:bugtraq,9057; classtype:web-application-activity; sid:2285; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP friends.php access"; flow:to_server,established; uricontent:"/friends.php"; nocase; metadata:service http; reference:bugtraq,9088; classtype:web-application-activity; sid:2286; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_comment.php access"; flow:to_server,established; uricontent:"/admin_comment.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2287; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_edit.php access"; flow:to_server,established; uricontent:"/admin_edit.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2288; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_embed.php access"; flow:to_server,established; uricontent:"/admin_embed.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2289; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_help.php access"; flow:to_server,established; uricontent:"/admin_help.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2290; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_license.php access"; flow:to_server,established; uricontent:"/admin_license.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2291; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_logout.php access"; flow:to_server,established; uricontent:"/admin_logout.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2292; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_password.php access"; flow:to_server,established; uricontent:"/admin_password.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2293; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_preview.php access"; flow:to_server,established; uricontent:"/admin_preview.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2294; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_settings.php access"; flow:to_server,established; uricontent:"/admin_settings.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2295; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_stats.php access"; flow:to_server,established; uricontent:"/admin_stats.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2296; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_templates_misc.php access"; flow:to_server,established; uricontent:"/admin_templates_misc.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2297; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_templates.php access"; flow:to_server,established; uricontent:"/admin_templates.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2298; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_tpl_misc_new.php access"; flow:to_server,established; uricontent:"/admin_tpl_misc_new.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2299; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll admin_tpl_new.php access"; flow:to_server,established; uricontent:"/admin_tpl_new.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2300; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll booth.php access"; flow:to_server,established; uricontent:"/booth.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2301; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll poll_ssi.php access"; flow:to_server,established; uricontent:"/poll_ssi.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2302; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Advanced Poll popup.php access"; flow:to_server,established; uricontent:"/popup.php"; nocase; metadata:service http; reference:bugtraq,8890; reference:nessus,11487; classtype:web-application-activity; sid:2303; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP files.inc.php access"; flow:to_server,established; uricontent:"/files.inc.php"; nocase; metadata:service http; reference:bugtraq,8910; classtype:web-application-activity; sid:2304; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP chatbox.php access"; flow:to_server,established; uricontent:"/chatbox.php"; nocase; metadata:service http; reference:bugtraq,8930; classtype:web-application-activity; sid:2305; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP gallery remote file include attempt"; flow:to_server,established; uricontent:"/setup/"; uricontent:"GALLERY_BASEDIR="; pcre:"/GALLERY_BASEDIR=(https?|ftps?|php)/Ui"; metadata:service http; reference:bugtraq,8814; reference:nessus,11876; classtype:web-application-attack; sid:2306; rev:7;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP PayPal Storefront remote file include attempt"; flow:to_server,established; uricontent:"do=ext"; uricontent:"page="; pcre:"/page=(https?|ftps?|php)/Ui"; metadata:service http; reference:bugtraq,8791; reference:nessus,11873; classtype:web-application-attack; sid:2307; rev:9;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP authentication_index.php access"; flow:to_server,established; uricontent:"/authentication_index.php"; nocase; metadata:service http; reference:cve,2004-0032; reference:nessus,11982; classtype:web-application-activity; sid:2328; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP MatrikzGB privilege escalation attempt"; flow:to_server,established; uricontent:"new_rights=admin"; nocase; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:bugtraq,8430; classtype:web-application-activity; sid:2331; rev:6;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP DCP-Portal remote file include editor script attempt"; flow:to_server,established; uricontent:"/library/editor/editor.php"; nocase; uricontent:"root="; metadata:service http; reference:bugtraq,6525; classtype:web-application-attack; sid:2341; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP DCP-Portal remote file include lib script attempt"; flow:to_server,established; uricontent:"/library/lib.php"; nocase; uricontent:"root="; metadata:service http; reference:bugtraq,6525; classtype:web-application-attack; sid:2342; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP PhpGedView search.php access"; flow:to_server,established; uricontent:"/search.php"; nocase; uricontent:"action=soundex"; nocase; uricontent:"firstname="; nocase; metadata:service http; reference:bugtraq,9369; reference:cve,2004-0032; classtype:web-application-activity; sid:2345; rev:5;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP myPHPNuke chatheader.php access"; flow:to_server,established; uricontent:"/chatheader.php"; nocase; metadata:service http; reference:bugtraq,6544; classtype:web-application-activity; sid:2346; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP myPHPNuke partner.php access"; flow:to_server,established; uricontent:"/partner.php"; nocase; metadata:service http; reference:bugtraq,6544; classtype:web-application-activity; sid:2347; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP IdeaBox cord.php file include"; flow:to_server,established; uricontent:"/index.php"; nocase; content:"ideaDir="; nocase; content:"cord.php"; nocase; metadata:service http; reference:bugtraq,7488; classtype:web-application-activity; sid:2353; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP IdeaBox notification.php file include"; flow:to_server,established; uricontent:"/index.php"; nocase; content:"gorumDir="; nocase; content:"notification.php"; nocase; metadata:service http; reference:bugtraq,7488; classtype:web-application-activity; sid:2354; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Invision Board emailer.php file include"; flow:to_server,established; uricontent:"/ad_member.php"; nocase; uricontent:"emailer.php"; nocase; metadata:service http; reference:bugtraq,7204; classtype:web-application-activity; sid:2355; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP WebChat db_mysql.php file include"; flow:to_server,established; uricontent:"/defines.php"; nocase; content:"WEBCHATPATH="; nocase; content:"db_mysql.php"; nocase; metadata:service http; reference:bugtraq,7000; classtype:web-application-attack; sid:2356; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP WebChat english.php file include"; flow:to_server,established; uricontent:"/defines.php"; nocase; content:"WEBCHATPATH="; nocase; content:"english.php"; nocase; metadata:service http; reference:bugtraq,7000; classtype:web-application-attack; sid:2357; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Typo3 translations.php file include"; flow:to_server,established; uricontent:"/translations.php"; nocase; content:"ONLY="; nocase; metadata:service http; reference:bugtraq,6984; classtype:web-application-attack; sid:2358; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Invision Board ipchat.php file include"; flow:to_server,established; uricontent:"/ipchat.php"; nocase; content:"root_path="; nocase; content:"conf_global.php"; nocase; metadata:service http; reference:bugtraq,6976; classtype:web-application-attack; sid:2359; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP myphpPagetool pt_config.inc file include"; flow:to_server,established; uricontent:"/doc/admin"; nocase; content:"ptinclude="; nocase; content:"pt_config.inc"; nocase; metadata:service http; reference:bugtraq,6744; classtype:web-application-attack; sid:2360; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP news.php file include"; flow:to_server,established; uricontent:"/news.php"; nocase; content:"template="; nocase; metadata:service http; reference:bugtraq,6674; classtype:web-application-attack; sid:2361; rev:4;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP YaBB SE packages.php file include"; flow:to_server,established; uricontent:"/packages.php"; nocase; content:"packer.php"; nocase; metadata:service http; reference:bugtraq,6663; classtype:web-application-attack; sid:2362; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Cyboards default_header.php access"; flow:to_server,established; uricontent:"/default_header.php"; nocase; metadata:service http; reference:bugtraq,6597; classtype:web-application-activity; sid:2363; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP Cyboards options_form.php access"; flow:to_server,established; uricontent:"/options_form.php"; nocase; metadata:service http; reference:bugtraq,6597; classtype:web-application-activity; sid:2364; rev:3;)alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-PHP newsPHP Language file include attempt"; flow:to_server,established; uricontent:"/nphpd.php"; nocase; content:"LangFile"; nocase; metadata:service http; reference:bugtraq,8488; classtype:web-application-activity; sid:2365; rev:3;)