#
# $Id: bleeding-web_sql_injection.rules $
# Bleeding Edge Threats web sql injection rules. 
#
# SID's are 2000000+ to avoid conflicts
#
# Only basic testing has been done. At this point all we guarantee is that they won't crash a recent snort release. 
#
# More information available at www.bleedingthreats.net
#
# Please submit any custom rules or ideas to bleeding@bleedingthreats.net or the bleeding-sigs mailing list
#
# These sigs are separate from the main web sigs. Most of these are for specific apps and may be 
#   redundant coverage of overall sigs. Use these if you deem necessary in your own environment
#
#*************************************************************
#
#  Copyright (c) 2003-2007, Bleeding Edge Threats
#  All rights reserved.
#  
#  Redistribution and use in source and binary forms, with or without modification, are permitted provided that the 
#  following conditions are met:
#  
#  * Redistributions of source code must retain the above copyright notice, this list of conditions and the following 
#    disclaimer.
#  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 
#    following disclaimer in the documentation and/or other materials provided with the distribution.
#  * Neither the name of the nor the names of its contributors may be used to endorse or promote products derived 
#    from this software without specific prior written permission.
#  
#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, 
#  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 
#  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
#  SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 
#  USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
#
#
#by tinytwitty   
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007504; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007505; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007506; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007507; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007508; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007509; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007510; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007511; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007512; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007513; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007514; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"categoryID_list="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007515; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007516; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007517; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007518; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007519; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007520; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"sale_type="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007521; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007522; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007523; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007524; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007525; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007526; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"stock_number="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007527; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007528; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007529; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007530; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007531; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007532; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"manufacturer="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007533; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007534; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007535; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007536; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007537; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007538; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"model="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007539; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007540; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007541; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007542; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007543; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007544; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vehicleID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007545; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007546; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007547; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007548; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007549; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007550; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"year="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007551; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007552; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007553; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007554; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007555; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007556; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"vin="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007557; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007558; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price UNION SELECT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007559; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price INSERT"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007560; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price DELETE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007561; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ASCII"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007562; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price UPDATE"; flow:established,to_server; uricontent:"/vehiclelistings.asp?"; nocase; uricontent:"listing_price="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6092; reference:url,www.securityfocus.com/bid/21154; sid:2007563; rev:1;)


#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php rating SELECT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004059; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php rating UNION SELECT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004060; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php rating INSERT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004061; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php rating DELETE"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004062; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php rating ASCII"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004063; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php rating UPDATE"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"rating="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2898; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004064; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php post_id SELECT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004071; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php post_id UNION SELECT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004072; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php post_id INSERT"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004073; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php post_id DELETE"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004074; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php post_id ASCII"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004075; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 2z Project SQL Injection Attempt -- rating.php post_id UPDATE"; flow:established,to_server; uricontent:"/includes/rating.php?"; nocase; uricontent:"post_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2905; reference:url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded; sid:2004076; rev:2;)


#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id SELECT"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; sid:2007217; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id UNION SELECT"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; sid:2007218; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id INSERT"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; sid:2007219; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id DELETE"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; sid:2007220; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ASCII"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; sid:2007221; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id UPDATE"; flow:established,to_server; uricontent:"/admin/edit.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6191; reference:url,www.milw0rm.com/exploits/2853; sid:2007222; rev:1;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACGVannu SQL Injection Attempt -- modif.html id_mod SELECT"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; sid:2005057; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACGVannu SQL Injection Attempt -- modif.html id_mod UNION SELECT"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; sid:2005058; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACGVannu SQL Injection Attempt -- modif.html id_mod INSERT"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; sid:2005059; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACGVannu SQL Injection Attempt -- modif.html id_mod DELETE"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; sid:2005060; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACGVannu SQL Injection Attempt -- modif.html id_mod ASCII"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; sid:2005061; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACGVannu SQL Injection Attempt -- modif.html id_mod UPDATE"; flow:established,to_server; uricontent:"/templates/modif.html?"; nocase; uricontent:"id_mod="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0698; reference:url,www.frsirt.com/english/advisories/2007/0388; sid:2005062; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mods]"; flow:established,to_server; uricontent:"/search/list/action_search/index.php?"; nocase; uricontent:"form[mods]["; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; sid:2003905; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form"; flow:established,to_server; uricontent:"/search/list/action_search/index.php?"; nocase; uricontent:"form["; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; sid:2003906; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACP3 XSS Attempt -- download.php id"; flow:established,to_server; uricontent:"/modules/dl/download.php?"; nocase; uricontent:"id="; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; sid:2003907; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat]"; flow:established,to_server; uricontent:"/news/list/index.php?"; nocase; uricontent:"form[cat]="; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; sid:2003908; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat]"; flow:established,to_server; uricontent:"/action_create/index.php?"; nocase; uricontent:"form[cat]="; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; sid:2003909; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[name]"; flow:established,to_server; uricontent:"/action_create/index.php?"; nocase; uricontent:"form[name]="; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; sid:2003910; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[message]"; flow:established,to_server; uricontent:"/action_create/index.php?"; nocase; uricontent:"form[message]="; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; sid:2003911; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mail]"; flow:established,to_server; uricontent:"/newsletter/create/index.php?"; nocase; uricontent:"form[mail]="; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2579; reference:url,www.securityfocus.com/bid/23834; sid:2003912; rev:1;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AForum Remote Inclusion func.php CommonAbsDir"; flow:established,to_server; uricontent:"/common/func.php?"; nocase; uricontent:"CommonAbsDir="; nocase; classtype:web-application-attack; reference:cve,CVE-2007-2596; reference:url,www.milw0rm.com/exploits/3884; sid:2003704; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AForum Remote Inclusion Attempt -- errormsg.php header"; flow:established,to_server; uricontent:"/common/errormsg.php?"; nocase; uricontent:"header="; nocase; classtype:web-application-attack; reference:cve,CVE-2007-2634; reference:url,secunia.com/advisories/25224; sid:2003736; rev:1;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_authorization.php"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2625; reference:url,www.frsirt.com/english/advisories/2007/1637; sid:2003886; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_config.php"; flow:established,to_server; uricontent:"/shared/config/cp_config.php?"; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2624; reference:url,www.securityfocus.com/bid/23790; sid:2003887; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name SELECT"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005573; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UNION SELECT"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005574; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name INSERT"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005575; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name DELETE"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005576; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ASCII"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005577; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UPDATE"; flow:established,to_server; uricontent:"/shared/code/cp_authorization.php?"; nocase; uricontent:"xuser_name="; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005578; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did SELECT"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005579; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UNION SELECT"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005580; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did INSERT"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005581; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did DELETE"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005582; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ASCII"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005583; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UPDATE"; flow:established,to_server; uricontent:"/public/code/cp_downloads.php?"; nocase; uricontent:"did="; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0316; reference:url,www.securityfocus.com/bid/22032; sid:2005584; rev:1;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Auction SQL Injection Attempt -- subcat.php cate_id SELECT"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; sid:2004529; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Auction SQL Injection Attempt -- subcat.php cate_id UNION SELECT"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"UNION"; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; sid:2004530; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Auction SQL Injection Attempt -- subcat.php cate_id INSERT"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"INSERT"; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; sid:2004531; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Auction SQL Injection Attempt -- subcat.php cate_id DELETE"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"DELETE"; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; sid:2004532; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Auction SQL Injection Attempt -- subcat.php cate_id ASCII"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; sid:2004533; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Auction SQL Injection Attempt -- subcat.php cate_id UPDATE"; flow:established,to_server; uricontent:"/subcat.php?"; nocase; uricontent:"cate_id="; nocase; uricontent:"UPDATE"; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1298; reference:url,www.milw0rm.com/exploits/3408; sid:2004534; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJDating SQL Injection Attempt -- view_profile.php user_id SELECT"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; sid:2004535; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJDating SQL Injection Attempt -- view_profile.php user_id UNION SELECT"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"UNION"; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; sid:2004536; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJDating SQL Injection Attempt -- view_profile.php user_id INSERT"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"INSERT"; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; sid:2004537; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJDating SQL Injection Attempt -- view_profile.php user_id DELETE"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"DELETE"; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; sid:2004538; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJDating SQL Injection Attempt -- view_profile.php user_id ASCII"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; sid:2004539; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJDating SQL Injection Attempt -- view_profile.php user_id UPDATE"; flow:established,to_server; uricontent:"/view_profile.php?"; nocase; uricontent:"user_id="; nocase; uricontent:"UPDATE"; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1297; reference:url,www.milw0rm.com/exploits/3409; sid:2004540; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"SELECT"; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; sid:2004541; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; sid:2004542; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; sid:2004543; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; sid:2004544; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; sid:2004545; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE"; flow:established,to_server; uricontent:"/postingdetails.php?"; nocase; uricontent:"postingid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1296; reference:url,www.milw0rm.com/exploits/3410; sid:2004546; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Forum SQL Injection Attempt -- topic_title.php td_id SELECT"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; sid:2004547; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Forum SQL Injection Attempt -- topic_title.php td_id UNION SELECT"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; sid:2005177; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Forum SQL Injection Attempt -- topic_title.php td_id INSERT"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; sid:2004548; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Forum SQL Injection Attempt -- topic_title.php td_id DELETE"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; sid:2004549; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Forum SQL Injection Attempt -- topic_title.php td_id ASCII"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; sid:2004550; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AJ Forum SQL Injection Attempt -- topic_title.php td_id UPDATE"; flow:established,to_server; uricontent:"/topic_title.php?"; nocase; uricontent:"td_id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1295; reference:url,www.milw0rm.com/exploits/3411; sid:2004551; rev:2;)


#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP-Nuke XSS Attempt -- news.asp id"; flow:established,to_server; uricontent:"/news.asp?"; nocase; uricontent:"id="; nocase; uricontent:"script"; nocase; pcre:"/.*<?(java|vb)?script>?.*<.+\/script>?/iU"; classtype:web-application-attack; reference:cve,CVE-2007-2892; reference:url,www.securityfocus.com/bid/24135; sid:2004594; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum2.asp soruid SELECT"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006819; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum2.asp soruid UNION SELECT"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006820; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum2.asp soruid INSERT"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006821; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum2.asp soruid DELETE"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006822; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum2.asp soruid ASCII"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006823; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum2.asp soruid UPDATE"; flow:established,to_server; uricontent:"/forum2.asp?"; nocase; uricontent:"soruid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006824; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak SELECT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006825; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UNION SELECT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006826; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak INSERT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006827; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak DELETE"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006828; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ASCII"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006829; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UPDATE"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"ak="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006830; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler SELECT"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006831; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler UNION SELECT"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006832; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler INSERT"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006833; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler DELETE"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006834; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ASCII"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006835; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler UPDATE"; flow:established,to_server; uricontent:"/aramayap.asp?"; nocase; uricontent:"kelimeler="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006836; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi SELECT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006837; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi UNION SELECT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006838; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi INSERT"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006839; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi DELETE"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006840; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ASCII"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006841; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi UPDATE"; flow:established,to_server; uricontent:"/giris.asp?"; nocase; uricontent:"kullaniciadi="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006842; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno SELECT"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006843; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno UNION SELECT"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006844; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno INSERT"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006845; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno DELETE"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006846; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ASCII"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006847; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno UPDATE"; flow:established,to_server; uricontent:"/mesajkutum.asp?"; nocase; uricontent:"mesajno="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006848; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf SELECT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006849; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf UNION SELECT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006850; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf INSERT"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006851; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf DELETE"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006852; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ASCII"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006853; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf UPDATE"; flow:established,to_server; uricontent:"/kullanicilistesi.asp?"; nocase; uricontent:"harf="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006854; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum.asp baslik SELECT"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006855; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum.asp baslik UNION SELECT"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006856; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum.asp baslik INSERT"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006857; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum.asp baslik DELETE"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006858; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum.asp baslik ASCII"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006859; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASPMForum SQL Injection Attempt -- forum.asp baslik UPDATE"; flow:established,to_server; uricontent:"/forum.asp?"; nocase; uricontent:"baslik="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6270; reference:url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded; sid:2006860; rev:1;)


#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- artreplydelete.asp username SELECT"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; sid:2005105; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- artreplydelete.asp username UNION SELECT"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; sid:2005106; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- artreplydelete.asp username INSERT"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; sid:2005107; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- artreplydelete.asp username DELETE"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; sid:2005108; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ASCII"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; sid:2005109; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- artreplydelete.asp username UPDATE"; flow:established,to_server; uricontent:"/artreplydelete.asp?"; nocase; uricontent:"username="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0632; reference:url,www.frsirt.com/english/advisories/2007/0341; sid:2005110; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP NEWS SQL Injection Attempt -- news_detail.asp id SELECT"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; sid:2005164; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP NEWS SQL Injection Attempt -- news_detail.asp id UNION SELECT"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; sid:2005165; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP NEWS SQL Injection Attempt -- news_detail.asp id INSERT"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; sid:2005166; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP NEWS SQL Injection Attempt -- news_detail.asp id DELETE"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; sid:2005167; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP NEWS SQL Injection Attempt -- news_detail.asp id ASCII"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; sid:2005168; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP NEWS SQL Injection Attempt -- news_detail.asp id UPDATE"; flow:established,to_server; uricontent:"/news_detail.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0566; reference:url,www.milw0rm.com/exploits/3187; sid:2005169; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- user.asp user SELECT"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; sid:2005170; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- user.asp user UNION SELECT"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; sid:2005171; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- user.asp user INSERT"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; sid:2005172; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- user.asp user DELETE"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; sid:2005173; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- user.asp user ASCII"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; sid:2005174; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP EDGE SQL Injection Attempt -- user.asp user UPDATE"; flow:established,to_server; uricontent:"/user.asp?"; nocase; uricontent:"user="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0560; reference:url,www.milw0rm.com/exploits/3186; sid:2005175; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; sid:2005883; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro UNION SELECT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; sid:2005884; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro INSERT"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; sid:2005885; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro DELETE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; sid:2005886; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ASCII"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; sid:2005887; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro UPDATE"; flow:established,to_server; uricontent:"/detail.asp?"; nocase; uricontent:"iPro="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0053; reference:url,www.milw0rm.com/exploits/3062; sid:2005888; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP ListPics SQL Injection Attempt -- listpics.asp ID SELECT"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; sid:2007000; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP ListPics SQL Injection Attempt -- listpics.asp ID UNION SELECT"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; sid:2007001; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP ListPics SQL Injection Attempt -- listpics.asp ID INSERT"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; sid:2007002; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP ListPics SQL Injection Attempt -- listpics.asp ID DELETE"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; sid:2007003; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP ListPics SQL Injection Attempt -- listpics.asp ID ASCII"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; sid:2007004; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ASP ListPics SQL Injection Attempt -- listpics.asp ID UPDATE"; flow:established,to_server; uricontent:"/listpics.asp?"; nocase; uricontent:"ID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6210; reference:url,www.securityfocus.com/bid/21279; sid:2007005; rev:1;)

#by Ferdie Riphagen
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB PHP Aardvark Topsites PHP CONFIG[PATH] Remote File Include Attempt"; flow:established,to_server; uricontent:"CONFIG[PATH]="; nocase; pcre:"/(join|lostpw)\.php\?/Ui"; pcre:"/&CONFIG\x5bpath\x5d=(https?|ftps?|php)\:/Ui"; reference:cve,CVE-2006-2149; reference:url,www.osvdb.org/25158; classtype:web-application-attack; sid:2002901; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid SELECT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; sid:2004319; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UNION SELECT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; sid:2004320; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid INSERT"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; sid:2004321; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid DELETE"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; sid:2004322; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ASCII"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; sid:2004323; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UPDATE"; flow:established,to_server; uricontent:"/gallery.asp?"; nocase; uricontent:"categoryid="; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1469; reference:url,www.securityfocus.com/bid/22988; sid:2004324; rev:1;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid SELECT"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007392; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid UNION SELECT"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007393; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid INSERT"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007394; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid DELETE"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007395; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ASCII"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007396; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid UPDATE"; flow:established,to_server; uricontent:"/product.asp?"; nocase; uricontent:"productid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007397; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search SELECT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007398; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search UNION SELECT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007399; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search INSERT"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007400; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search DELETE"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007401; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ASCII"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007402; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search UPDATE"; flow:established,to_server; uricontent:"/search.asp?"; nocase; uricontent:"search="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6111; reference:url,www.securityfocus.com/bid/21166; sid:2007403; rev:1;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID SELECT"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007476; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID UNION SELECT"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007477; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID INSERT"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007478; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID DELETE"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007479; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ASCII"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007480; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID UPDATE"; flow:established,to_server; uricontent:"/activenews_view.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007481; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- default.asp page SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007482; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- default.asp page UNION SELECT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007483; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- default.asp page INSERT"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007564; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- default.asp page DELETE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007484; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- default.asp page ASCII"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007485; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- default.asp page UPDATE"; flow:established,to_server; uricontent:"/default.asp?"; nocase; uricontent:"page="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6095; reference:url,www.securityfocus.com/bid/21167; sid:2007486; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID SELECT"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007487; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID UNION SELECT"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007488; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID INSERT"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007489; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID DELETE"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007490; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ASCII"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007491; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID UPDATE"; flow:established,to_server; uricontent:"/activeNews_categories.asp?"; nocase; uricontent:"catID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007492; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID SELECT"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007493; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID UNION SELECT"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007494; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID INSERT"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007495; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID DELETE"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007496; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ASCII"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007497; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID UPDATE"; flow:established,to_server; uricontent:"/activeNews_comments.asp?"; nocase; uricontent:"articleID="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007498; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query SELECT"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007499; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query UNION SELECT"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007500; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query INSERT"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007501; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query DELETE"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007502; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ASCII"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007503; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query UPDATE"; flow:established,to_server; uricontent:"/activenews_search.asp?"; nocase; uricontent:"query="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6094; reference:url,www.securityfocus.com/bid/21167; sid:2007565; rev:1;)


#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Advanced Guestbook XSS Attempt -- picture.php picture"; flow:established,to_server; uricontent:"/picture.php?"; nocase; uricontent:"picture="; nocase; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0605; reference:url,www.securityfocus.com/bid/23873; sid:2003915; rev:1;)


#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id SELECT"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004887; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id UNION SELECT"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004888; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id INSERT"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004889; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id DELETE"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004890; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ASCII"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004891; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id UPDATE"; flow:established,to_server; uricontent:"/HaberDetay.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004892; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid SELECT"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004893; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid UNION SELECT"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004894; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid INSERT"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004895; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid DELETE"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004896; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ASCII"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004897; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid UPDATE"; flow:established,to_server; uricontent:"/rss.asp?"; nocase; uricontent:"kid="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1016; reference:url,www.frsirt.com/english/advisories/2007/0620; sid:2004898; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB @lex Guestbook SQL Injection Attempt -- index.php lang SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; sid:2005772; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB @lex Guestbook SQL Injection Attempt -- index.php lang UNION SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; sid:2005773; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB @lex Guestbook SQL Injection Attempt -- index.php lang INSERT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; sid:2005774; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB @lex Guestbook SQL Injection Attempt -- index.php lang DELETE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; sid:2005775; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB @lex Guestbook SQL Injection Attempt -- index.php lang ASCII"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; sid:2005776; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB @lex Guestbook SQL Injection Attempt -- index.php lang UPDATE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"lang="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-0202; reference:url,www.milw0rm.com/exploits/3103; sid:2005777; rev:2;)

#bvy tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AlstraSoft E-Friends SQL Injection Attempt -- index.php pack SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; sid:2004017; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AlstraSoft E-Friends SQL Injection Attempt -- index.php pack UNION SELECT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; sid:2004018; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AlstraSoft E-Friends SQL Injection Attempt -- index.php pack INSERT"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; sid:2004019; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AlstraSoft E-Friends SQL Injection Attempt -- index.php pack DELETE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; sid:2004020; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AlstraSoft E-Friends SQL Injection Attempt -- index.php pack ASCII"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; sid:2004021; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AlstraSoft E-Friends SQL Injection Attempt -- index.php pack UPDATE"; flow:established,to_server; uricontent:"/index.php?"; nocase; uricontent:"pack="; nocase; uricontent:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-2824; reference:url,www.milw0rm.com/exploits/3956; sid:2004022; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id SELECT"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; sid:2004717; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id UNION SELECT"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/UNION\s+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; sid:2004718; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id INSERT"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"INSERT"; nocase; pcre:"/INSERT.+INTO/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; sid:2004719; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id DELETE"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"DELETE"; nocase; pcre:"/DELETE.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; sid:2004720; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ASCII"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; sid:2004721; rev:2;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id UPDATE"; flow:established,to_server; uricontent:"/section/default.asp?"; nocase; uricontent:"id="; nocase; uricontent:"UPDATE"; nocase; pcre:"/UPDATE.+SET/Ui"; classtype:web-application-attack; reference:cve,CVE-2007-1250; reference:url,www.milw0rm.com/exploits/3390; sid:2004723; rev:2;)

#by tinytwitty
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id SELECT"; flow:established,to_server; uricontent:"/email.php?"; nocase; uricontent:"id="; nocase; uricontent:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/Ui"; classtype:web-application-attack; reference:cve,CVE-2006-6478; reference:url,www.securityfocus.com/bid/21514/exploit; sid:2006560; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id UNION SELECT"; flow:established,to_server; uricontent:"/email.php?"; nocase; uricontent:"id="; nocase; uricontent:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/Ui"; classtype:web-application-attack;