1 SecRule REQUEST_FILENAME "!@pmFromFile modsecurity_46_et_sql_injection.data" "phase:2,nolog,pass,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,skipAfter:END_ET_SQLI_RULES"
3 # (sid 2007508) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID
4 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007508,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
5 SecRule &TX:'/SQL_INJECTION.*ARGS:vehicleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
7 # (sid 2007514) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list
8 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007514,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
9 SecRule &TX:'/SQL_INJECTION.*ARGS:categoryID_list/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
11 # (sid 2007520) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type
12 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007520,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
13 SecRule &TX:'/SQL_INJECTION.*ARGS:sale_type/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
15 # (sid 2007526) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number
16 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007526,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
17 SecRule &TX:'/SQL_INJECTION.*ARGS:stock_number/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
19 # (sid 2007532) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer
20 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007532,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
21 SecRule &TX:'/SQL_INJECTION.*ARGS:manufacturer/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
23 # (sid 2007538) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model
24 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007538,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
25 SecRule &TX:'/SQL_INJECTION.*ARGS:model/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
27 # (sid 2007544) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID
28 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007544,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
29 SecRule &TX:'/SQL_INJECTION.*ARGS:vehicleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
31 # (sid 2007550) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year
32 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007550,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
33 SecRule &TX:'/SQL_INJECTION.*ARGS:year/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
35 # (sid 2007556) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin
36 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007556,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
37 SecRule &TX:'/SQL_INJECTION.*ARGS:vin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
39 # (sid 2007562) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price
40 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007562,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
41 SecRule &TX:'/SQL_INJECTION.*ARGS:listing_price/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
43 # (sid 2004063) ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating
44 SecRule REQUEST_URI_RAW "(?i:\/includes\/rating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004063,rev:4,msg:'ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project'"
45 SecRule &TX:'/SQL_INJECTION.*ARGS:rating/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
47 # (sid 2004075) ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id
48 SecRule REQUEST_URI_RAW "(?i:\/includes\/rating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004075,rev:4,msg:'ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project'"
49 SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
51 # (sid 2007221) ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id
52 SecRule REQUEST_URI_RAW "(?i:\/admin\/edit\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007221,rev:3,msg:'ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel'"
53 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
55 # (sid 2005061) ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod
56 SecRule REQUEST_URI_RAW "(?i:\/templates\/modif\.html)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005061,rev:4,msg:'ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu'"
57 SecRule &TX:'/SQL_INJECTION.*ARGS:id_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
59 # (sid 2005577) ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name
60 SecRule REQUEST_URI_RAW "(?i:\/shared\/code\/cp_authorization\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005577,rev:3,msg:'ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP'"
61 SecRule &TX:'/SQL_INJECTION.*ARGS:xuser_name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
63 # (sid 2005583) ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did
64 SecRule REQUEST_URI_RAW "(?i:\/public\/code\/cp_downloads\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005583,rev:3,msg:'ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP'"
65 SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
67 # (sid 2004533) ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id
68 SecRule REQUEST_URI_RAW "(?i:\/subcat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004533,rev:4,msg:'ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
69 SecRule &TX:'/SQL_INJECTION.*ARGS:cate_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
71 # (sid 2004539) ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id
72 SecRule REQUEST_URI_RAW "(?i:\/view_profile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004539,rev:4,msg:'ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
73 SecRule &TX:'/SQL_INJECTION.*ARGS:user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
75 # (sid 2004545) ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid
76 SecRule REQUEST_URI_RAW "(?i:\/postingdetails\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004545,rev:4,msg:'ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
77 SecRule &TX:'/SQL_INJECTION.*ARGS:postingid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
79 # (sid 2004550) ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id
80 SecRule REQUEST_URI_RAW "(?i:\/topic_title\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004550,rev:4,msg:'ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
81 SecRule &TX:'/SQL_INJECTION.*ARGS:td_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
83 # (sid 2006823) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid
84 SecRule REQUEST_URI_RAW "(?i:\/forum2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006823,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
85 SecRule &TX:'/SQL_INJECTION.*ARGS:soruid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
87 # (sid 2006829) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak
88 SecRule REQUEST_URI_RAW "(?i:\/kullanicilistesi\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006829,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
89 SecRule &TX:'/SQL_INJECTION.*ARGS:ak/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
91 # (sid 2006835) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler
92 SecRule REQUEST_URI_RAW "(?i:\/aramayap\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006835,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
93 SecRule &TX:'/SQL_INJECTION.*ARGS:kelimeler/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
95 # (sid 2006841) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi
96 SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006841,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
97 SecRule &TX:'/SQL_INJECTION.*ARGS:kullaniciadi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
99 # (sid 2006847) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno
100 SecRule REQUEST_URI_RAW "(?i:\/mesajkutum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006847,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
101 SecRule &TX:'/SQL_INJECTION.*ARGS:mesajno/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
103 # (sid 2006853) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf
104 SecRule REQUEST_URI_RAW "(?i:\/kullanicilistesi\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006853,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
105 SecRule &TX:'/SQL_INJECTION.*ARGS:harf/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
107 # (sid 2006859) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik
108 SecRule REQUEST_URI_RAW "(?i:\/forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006859,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
109 SecRule &TX:'/SQL_INJECTION.*ARGS:baslik/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
111 # (sid 2005109) ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username
112 SecRule REQUEST_URI_RAW "(?i:\/artreplydelete\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005109,rev:4,msg:'ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE'"
113 SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
115 # (sid 2005168) ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id
116 SecRule REQUEST_URI_RAW "(?i:\/news_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005168,rev:4,msg:'ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS'"
117 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
119 # (sid 2005174) ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user
120 SecRule REQUEST_URI_RAW "(?i:\/user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005174,rev:4,msg:'ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS'"
121 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
123 # (sid 2005887) ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro
124 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005887,rev:4,msg:'ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware'"
125 SecRule &TX:'/SQL_INJECTION.*ARGS:iPro/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
127 # (sid 2007004) ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID
128 SecRule REQUEST_URI_RAW "(?i:\/listpics\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007004,rev:3,msg:'ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics'"
129 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
131 # (sid 2004323) ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid
132 SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004323,rev:3,msg:'ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery'"
133 SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
135 # (sid 2007396) ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid
136 SecRule REQUEST_URI_RAW "(?i:\/product\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007396,rev:3,msg:'ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart'"
137 SecRule &TX:'/SQL_INJECTION.*ARGS:productid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
139 # (sid 2007402) ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search
140 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007402,rev:3,msg:'ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart'"
141 SecRule &TX:'/SQL_INJECTION.*ARGS:search/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
143 # (sid 2007480) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID
144 SecRule REQUEST_URI_RAW "(?i:\/activenews_view\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007480,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
145 SecRule &TX:'/SQL_INJECTION.*ARGS:articleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
147 # (sid 2007485) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page
148 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007485,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
149 SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
151 # (sid 2007491) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID
152 SecRule REQUEST_URI_RAW "(?i:\/activeNews_categories\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007491,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
153 SecRule &TX:'/SQL_INJECTION.*ARGS:catID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
155 # (sid 2007497) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID
156 SecRule REQUEST_URI_RAW "(?i:\/activeNews_comments\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007497,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
157 SecRule &TX:'/SQL_INJECTION.*ARGS:articleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
159 # (sid 2007503) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query
160 SecRule REQUEST_URI_RAW "(?i:\/activenews_search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007503,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
161 SecRule &TX:'/SQL_INJECTION.*ARGS:query/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
163 # (sid 2004891) ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id
164 SecRule REQUEST_URI_RAW "(?i:\/HaberDetay\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004891,rev:4,msg:'ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script'"
165 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
167 # (sid 2004897) ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid
168 SecRule REQUEST_URI_RAW "(?i:\/rss\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004897,rev:4,msg:'ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script'"
169 SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
171 # (sid 2005776) ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang
172 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005776,rev:4,msg:'ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook'"
173 SecRule &TX:'/SQL_INJECTION.*ARGS:lang/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
175 # (sid 2004021) ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack
176 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004021,rev:4,msg:'ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft'"
177 SecRule &TX:'/SQL_INJECTION.*ARGS:pack/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
179 # (sid 2004721) ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id
180 SecRule REQUEST_URI_RAW "(?i:\/section\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004721,rev:4,msg:'ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt'"
181 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
183 # (sid 2006565) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id
184 SecRule REQUEST_URI_RAW "(?i:\/email\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006565,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
185 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
187 # (sid 2006571) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no
188 SecRule REQUEST_URI_RAW "(?i:\/voirannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006571,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
189 SecRule &TX:'/SQL_INJECTION.*ARGS:no/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
191 # (sid 2006577) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre
192 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_membre\/fiche_membre\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006577,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
193 SecRule &TX:'/SQL_INJECTION.*ARGS:idmembre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
195 # (sid 2006583) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce
196 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_annonce\/okvalannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006583,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
197 SecRule &TX:'/SQL_INJECTION.*ARGS:idannonce/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
199 # (sid 2006589) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce
200 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_annonce\/changeannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006589,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
201 SecRule &TX:'/SQL_INJECTION.*ARGS:idannonce/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
203 # (sid 2006787) ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici
204 SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006787,rev:3,msg:'ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee'"
205 SecRule &TX:'/SQL_INJECTION.*ARGS:kullanici/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
207 # (sid 2006793) ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola
208 SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006793,rev:3,msg:'ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee'"
209 SecRule &TX:'/SQL_INJECTION.*ARGS:parola/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
211 # (sid 2004728) ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID
212 SecRule REQUEST_URI_RAW "(?i:\/system\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004728,rev:4,msg:'ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins'"
213 SecRule &TX:'/SQL_INJECTION.*ARGS:PHPSESSID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
215 # (sid 2007456) ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob
216 SecRule REQUEST_URI_RAW "(?i:\/publications_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007456,rev:3,msg:'ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech'"
217 SecRule &TX:'/SQL_INJECTION.*ARGS:vjob/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
219 # (sid 2007462) ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID
220 SecRule REQUEST_URI_RAW "(?i:\/publication_view\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007462,rev:3,msg:'ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech'"
221 SecRule &TX:'/SQL_INJECTION.*ARGS:InfoID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
223 # (sid 2004335) ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout
224 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004335,rev:4,msg:'ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog'"
225 SecRule &TX:'/SQL_INJECTION.*ARGS:layout/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
227 # (sid 2007215) ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id
228 SecRule REQUEST_URI_RAW "(?i:\/edit\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007215,rev:3,msg:'ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum'"
229 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
231 # (sid 2006337) ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php
232 SecRule REQUEST_URI_RAW "(?i:\/bt\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006337,rev:4,msg:'ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait'"
233 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
235 # (sid 2004832) ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd
236 SecRule REQUEST_URI_RAW "(?i:\/admin\/config\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004832,rev:4,msg:'ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U'"
237 SecRule &TX:'/SQL_INJECTION.*ARGS:sqlcmd/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
239 # (sid 2004027) ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style
240 SecRule REQUEST_URI_RAW "(?i:\/account_change\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004027,rev:4,msg:'ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker'"
241 SecRule &TX:'/SQL_INJECTION.*ARGS:style/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
243 # (sid 2004033) ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue
244 SecRule REQUEST_URI_RAW "(?i:\/account_change\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004033,rev:4,msg:'ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker'"
245 SecRule &TX:'/SQL_INJECTION.*ARGS:langue/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
247 # (sid 2004989) ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by
248 SecRule REQUEST_URI_RAW "(?i:\/torrents\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004989,rev:4,msg:'ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker'"
249 SecRule &TX:'/SQL_INJECTION.*ARGS:by/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
251 # (sid 2004995) ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order
252 SecRule REQUEST_URI_RAW "(?i:\/torrents\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004995,rev:4,msg:'ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker'"
253 SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
255 # (sid 2003780) ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id
256 SecRule REQUEST_URI_RAW "(?i:\/bry\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003780,rev:4,msg:'ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
257 SecRule REQUEST_URI_RAW "@contains (" "chain"
258 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
260 # (sid 2006253) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid
261 SecRule REQUEST_URI_RAW "(?i:\/HABERLER\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006253,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
262 SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
264 # (sid 2006259) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id
265 SecRule REQUEST_URI_RAW "(?i:\/HABERLER\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006259,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
266 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
268 # (sid 2006265) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id
269 SecRule REQUEST_URI_RAW "(?i:\/ASPKAT\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006265,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
270 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
272 # (sid 2006271) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid
273 SecRule REQUEST_URI_RAW "(?i:\/ASPKAT\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006271,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
274 SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
276 # (sid 2006277) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id
277 SecRule REQUEST_URI_RAW "(?i:\/down\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006277,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
278 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
280 # (sid 2003797) ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid
281 SecRule REQUEST_URI_RAW "(?i:\/stylesheet\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003797,rev:5,msg:'ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple'"
282 SecRule REQUEST_URI_RAW "@contains (" "chain"
283 SecRule &TX:'/SQL_INJECTION.*ARGS:templateid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
285 # (sid 2006169) ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID
286 SecRule REQUEST_URI_RAW "(?i:\/calendar_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006169,rev:4,msg:'ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX'"
287 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
289 # (sid 2006187) ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID
290 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_mail_adressee\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006187,rev:4,msg:'ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX'"
291 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
293 # (sid 2007468) ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy
294 SecRule REQUEST_URI_RAW "(?i:\/openPolicy\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007468,rev:3,msg:'ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress'"
295 SecRule &TX:'/SQL_INJECTION.*ARGS:policy/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
297 # (sid 2007474) ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand
298 SecRule REQUEST_URI_RAW "(?i:\/prodList\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007474,rev:3,msg:'ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress'"
299 SecRule &TX:'/SQL_INJECTION.*ARGS:brand/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
301 # (sid 2007227) ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date
302 SecRule REQUEST_URI_RAW "(?i:\/displayCalendar\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007227,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
303 SecRule &TX:'/SQL_INJECTION.*ARGS:date/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
305 # (sid 2007233) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage
306 SecRule REQUEST_URI_RAW "(?i:\/view_gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007233,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
307 SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
309 # (sid 2007239) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id
310 SecRule REQUEST_URI_RAW "(?i:\/view_gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007239,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
311 SecRule &TX:'/SQL_INJECTION.*ARGS:gallery_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
313 # (sid 2007245) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id
314 SecRule REQUEST_URI_RAW "(?i:\/download_image\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007245,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
315 SecRule &TX:'/SQL_INJECTION.*ARGS:image_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
317 # (sid 2007251) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage
318 SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007251,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
319 SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
321 # (sid 2007257) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby
322 SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007257,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
323 SecRule &TX:'/SQL_INJECTION.*ARGS:orderby/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
325 # (sid 2007263) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage
326 SecRule REQUEST_URI_RAW "(?i:\/view_recent\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007263,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
327 SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
329 # (sid 2007269) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort
330 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007269,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
331 SecRule &TX:'/SQL_INJECTION.*ARGS:AlphaSort/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
333 # (sid 2007275) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In
334 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007275,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
335 SecRule &TX:'/SQL_INJECTION.*ARGS:In/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
337 # (sid 2007281) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby
338 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007281,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
339 SecRule &TX:'/SQL_INJECTION.*ARGS:orderby/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
341 # (sid 2004879) ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID
342 SecRule REQUEST_URI_RAW "(?i:\/inc_listnews\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004879,rev:4,msg:'ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance'"
343 SecRule &TX:'/SQL_INJECTION.*ARGS:CAT_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
345 # (sid 2006508) ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct
346 SecRule REQUEST_URI_RAW "(?i:\/comersus_optReviewReadExec\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006508,rev:4,msg:'ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus'"
347 SecRule &TX:'/SQL_INJECTION.*ARGS:idProduct/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
349 # (sid 2004639) ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi
350 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004639,rev:4,msg:'ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal'"
351 SecRule &TX:'/SQL_INJECTION.*ARGS:epi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
353 # (sid 2004709) ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage
354 SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004709,rev:4,msg:'ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal'"
355 SecRule &TX:'/SQL_INJECTION.*ARGS:uploadimage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
357 # (sid 2004715) ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin
358 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004715,rev:4,msg:'ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal'"
359 SecRule &TX:'/SQL_INJECTION.*ARGS:p_skin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
361 # (sid 2007340) ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid
362 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007340,rev:3,msg:'ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow'"
363 SecRule &TX:'/SQL_INJECTION.*ARGS:pageid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
365 # (sid 2006307) ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id
366 SecRule REQUEST_URI_RAW "(?i:\/haber\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006307,rev:4,msg:'ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber'"
367 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
369 # (sid 2004813) ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav
370 SecRule REQUEST_URI_RAW "(?i:\/thumbnails\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004813,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
371 SecRule &TX:'/SQL_INJECTION.*ARGS:cpg131_fav/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
373 # (sid 2005845) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat
374 SecRule REQUEST_URI_RAW "(?i:\/albmgr\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005845,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
375 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
377 # (sid 2005851) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid
378 SecRule REQUEST_URI_RAW "(?i:\/usermgr\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005851,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
379 SecRule &TX:'/SQL_INJECTION.*ARGS:gid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
381 # (sid 2005857) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start
382 SecRule REQUEST_URI_RAW "(?i:\/db_ecard\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005857,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
383 SecRule &TX:'/SQL_INJECTION.*ARGS:start/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
385 # (sid 2003756) ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id
386 SecRule REQUEST_URI_RAW "(?i:\/error\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003756,rev:4,msg:'ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts'"
387 SecRule REQUEST_URI_RAW "@contains (" "chain"
388 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
390 # (sid 2005863) ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid
391 SecRule REQUEST_URI_RAW "(?i:\/cats\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005863,rev:4,msg:'ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction'"
392 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
394 # (sid 2004039) ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php
395 SecRule REQUEST_URI_RAW "(?i:\/cart\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004039,rev:4,msg:'ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart'"
396 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
398 # (sid 2004087) ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid
399 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004087,rev:4,msg:'ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews'"
400 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
402 # (sid 2004460) ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid
403 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004460,rev:4,msg:'ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews'"
404 SecRule &TX:'/SQL_INJECTION.*ARGS:newsid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
406 # (sid 2004687) ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid
407 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004687,rev:4,msg:'ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
408 SecRule &TX:'/SQL_INJECTION.*ARGS:mid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
410 # (sid 2006085) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp
411 SecRule REQUEST_URI_RAW "(?i:\/set_preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006085,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
412 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
414 # (sid 2006091) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp
415 SecRule REQUEST_URI_RAW "(?i:\/send_password_preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006091,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
416 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
418 # (sid 2006097) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp
419 SecRule REQUEST_URI_RAW "(?i:\/SecureLoginManager\/list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006097,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
420 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
422 # (sid 2006103) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent
423 SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006103,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
424 SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
426 # (sid 2006109) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent
427 SecRule REQUEST_URI_RAW "(?i:\/content\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006109,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
428 SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
430 # (sid 2006115) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent
431 SecRule REQUEST_URI_RAW "(?i:\/members\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006115,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
432 SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
434 # (sid 2006121) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent
435 SecRule REQUEST_URI_RAW "(?i:\/applications\/SecureLoginManager\/inc_secureloginmanager\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006121,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
436 SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
438 # (sid 2005899) ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum
439 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005899,rev:4,msg:'ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS'"
440 SecRule &TX:'/SQL_INJECTION.*ARGS:ordernum/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
442 # (sid 2004838) ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id
443 SecRule REQUEST_URI_RAW "(?i:\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004838,rev:4,msg:'ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online'"
444 SecRule &TX:'/SQL_INJECTION.*ARGS:art_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
446 # (sid 2005595) ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id
447 SecRule REQUEST_URI_RAW "(?i:\/visu_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005595,rev:4,msg:'ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz'"
448 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
450 # (sid 2005839) ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id
451 SecRule REQUEST_URI_RAW "(?i:\/info_book\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005839,rev:4,msg:'ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez'"
452 SecRule &TX:'/SQL_INJECTION.*ARGS:book_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
454 # (sid 2004051) ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen
455 SecRule REQUEST_URI_RAW "(?i:\/tracking\/courseLog\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004051,rev:4,msg:'ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos'"
456 SecRule &TX:'/SQL_INJECTION.*ARGS:scormcontopen/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
458 # (sid 2004069) ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course
459 SecRule REQUEST_URI_RAW "(?i:\/main\/auth\/my_progress\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004069,rev:4,msg:'ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos'"
460 SecRule &TX:'/SQL_INJECTION.*ARGS:course/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
462 # (sid 2006145) ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID
463 SecRule REQUEST_URI_RAW "(?i:\/bus_details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006145,rev:4,msg:'ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir'"
464 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
466 # (sid 2004389) ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id
467 SecRule REQUEST_URI_RAW "(?i:\/goster\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004389,rev:4,msg:'ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu'"
468 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
470 # (sid 2006691) ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile
471 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006691,rev:4,msg:'ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
472 SecRule &TX:'/SQL_INJECTION.*ARGS:iFile/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
474 # (sid 2006698) ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action
475 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006698,rev:4,msg:'ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
476 SecRule &TX:'/SQL_INJECTION.*ARGS:action/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
478 # (sid 2006704) ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType
479 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006704,rev:4,msg:'ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
480 SecRule &TX:'/SQL_INJECTION.*ARGS:iType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
482 # (sid 2006710) ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity
483 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006710,rev:4,msg:'ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
484 SecRule &TX:'/SQL_INJECTION.*ARGS:iCity/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
486 # (sid 2006716) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews
487 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006716,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
488 SecRule &TX:'/SQL_INJECTION.*ARGS:iNews/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
490 # (sid 2006722) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType
491 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006722,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
492 SecRule &TX:'/SQL_INJECTION.*ARGS:iType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
494 # (sid 2006728) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action
495 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006728,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
496 SecRule &TX:'/SQL_INJECTION.*ARGS:Action/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
498 # (sid 2003774) ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a
499 SecRule REQUEST_URI_RAW "(?i:\/home\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003774,rev:4,msg:'ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu'"
500 SecRule REQUEST_URI_RAW "@contains (" "chain"
501 SecRule &TX:'/SQL_INJECTION.*ARGS:a/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
503 # (sid 2004628) ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank
504 SecRule REQUEST_URI_RAW "(?i:\/listmembers\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004628,rev:4,msg:'ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp'"
505 SecRule &TX:'/SQL_INJECTION.*ARGS:rank/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
507 # (sid 2005272) ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword
508 SecRule REQUEST_URI_RAW "(?i:\/admin\/memberlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005272,rev:4,msg:'ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay'"
509 SecRule &TX:'/SQL_INJECTION.*ARGS:keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
511 # (sid 2005278) ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row
512 SecRule REQUEST_URI_RAW "(?i:\/admin\/memberlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005278,rev:4,msg:'ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay'"
513 SecRule &TX:'/SQL_INJECTION.*ARGS:init_row/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
515 # (sid 2005043) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i
516 SecRule REQUEST_URI_RAW "(?i:\/add_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005043,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
517 SecRule &TX:'/SQL_INJECTION.*ARGS:i/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
519 # (sid 2005049) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id
520 SecRule REQUEST_URI_RAW "(?i:\/add_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005049,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
521 SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
523 # (sid 2005055) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i
524 SecRule REQUEST_URI_RAW "(?i:\/list_comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005055,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
525 SecRule &TX:'/SQL_INJECTION.*ARGS:i/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
527 # (sid 2006558) ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId
528 SecRule REQUEST_URI_RAW "(?i:\/sptrees\/default\.aspx)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006558,rev:3,msg:'ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyPage'"
529 SecRule &TX:'/SQL_INJECTION.*ARGS:docId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
531 # (sid 2005091) ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid
532 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005091,rev:4,msg:'ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eclectic_Designs'"
533 SecRule &TX:'/SQL_INJECTION.*ARGS:qid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
535 # (sid 2005115) ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid
536 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005115,rev:4,msg:'ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eclectic_Designs'"
537 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
539 # (sid 2005989) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup
540 SecRule REQUEST_URI_RAW "(?i:\/admin\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005989,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
541 SecRule &TX:'/SQL_INJECTION.*ARGS:grup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
543 # (sid 2005995) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id
544 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005995,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
545 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
547 # (sid 2006001) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id
548 SecRule REQUEST_URI_RAW "(?i:\/admin\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006001,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
549 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
551 # (sid 2006163) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup
552 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006163,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
553 SecRule &TX:'/SQL_INJECTION.*ARGS:grup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
555 # (sid 2006453) ET WEB_SPECIFIC Elxis CMS SQL Injection Attempt -- mod_banners.php
556 SecRule REQUEST_URI_RAW "(?i:\/mod_banners\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006453,rev:4,msg:'ET WEB_SPECIFIC Elxis CMS SQL Injection Attempt -- mod_banners.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Elxis'"
557 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
559 # (sid 2006139) ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID
560 SecRule REQUEST_URI_RAW "(?i:\/newsdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006139,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
561 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
563 # (sid 2006151) ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id
564 SecRule REQUEST_URI_RAW "(?i:\/Types\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006151,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
565 SecRule &TX:'/SQL_INJECTION.*ARGS:Type_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
567 # (sid 2006157) ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID
568 SecRule REQUEST_URI_RAW "(?i:\/actualpic\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006157,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
569 SecRule &TX:'/SQL_INJECTION.*ARGS:Biz_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
571 # (sid 2007046) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID
572 SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007046,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
573 SecRule &TX:'/SQL_INJECTION.*ARGS:AD_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
575 # (sid 2007052) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id
576 SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007052,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
577 SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
579 # (sid 2007058) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id
580 SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007058,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
581 SecRule &TX:'/SQL_INJECTION.*ARGS:sub_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
583 # (sid 2007028) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id
584 SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007028,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
585 SecRule &TX:'/SQL_INJECTION.*ARGS:ad_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
587 # (sid 2007034) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid
588 SecRule REQUEST_URI_RAW "(?i:\/dircat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007034,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
589 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
591 # (sid 2007040) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid
592 SecRule REQUEST_URI_RAW "(?i:\/dirSub\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007040,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
593 SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
595 # (sid 2007080) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid
596 SecRule REQUEST_URI_RAW "(?i:\/dircat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007080,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
597 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
599 # (sid 2007086) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid
600 SecRule REQUEST_URI_RAW "(?i:\/dirSub\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007086,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
601 SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
603 # (sid 2007092) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID
604 SecRule REQUEST_URI_RAW "(?i:\/types\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007092,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
605 SecRule &TX:'/SQL_INJECTION.*ARGS:TYPE_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
607 # (sid 2007098) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID
608 SecRule REQUEST_URI_RAW "(?i:\/homeDetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007098,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
609 SecRule &TX:'/SQL_INJECTION.*ARGS:AD_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
611 # (sid 2007104) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat
612 SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007104,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
613 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
615 # (sid 2007110) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare
616 SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007110,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
617 SecRule &TX:'/SQL_INJECTION.*ARGS:compare/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
619 # (sid 2007116) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear
620 SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007116,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
621 SecRule &TX:'/SQL_INJECTION.*ARGS:clear/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
623 # (sid 2007122) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID
624 SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007122,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
625 SecRule &TX:'/SQL_INJECTION.*ARGS:adID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
627 # (sid 2007128) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice
628 SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007128,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
629 SecRule &TX:'/SQL_INJECTION.*ARGS:aminprice/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
631 # (sid 2007134) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice
632 SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007134,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
633 SecRule &TX:'/SQL_INJECTION.*ARGS:amaxprice/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
635 # (sid 2007140) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms
636 SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007140,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
637 SecRule &TX:'/SQL_INJECTION.*ARGS:abedrooms/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
639 # (sid 2005260) ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat
640 SecRule REQUEST_URI_RAW "(?i:\/show_owned\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005260,rev:4,msg:'ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthusiast'"
641 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
643 # (sid 2005266) ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat
644 SecRule REQUEST_URI_RAW "(?i:\/show_joined\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005266,rev:4,msg:'ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthusiast'"
645 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
647 # (sid 2006223) ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user
648 SecRule REQUEST_URI_RAW "(?i:\/administration\/administre2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006223,rev:4,msg:'ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eric_Guillaume'"
649 SecRule &TX:'/SQL_INJECTION.*ARGS:id_user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
651 # (sid 2005881) ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id
652 SecRule REQUEST_URI_RAW "(?i:\/productdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005881,rev:4,msg:'ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Esmartcart'"
653 SecRule &TX:'/SQL_INJECTION.*ARGS:product_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
655 # (sid 2005340) ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template
656 SecRule REQUEST_URI_RAW "(?i:\/style\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005340,rev:4,msg:'ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Evision'"
657 SecRule &TX:'/SQL_INJECTION.*ARGS:template/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
659 # (sid 2007064) ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno
660 SecRule REQUEST_URI_RAW "(?i:\/products\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007064,rev:3,msg:'ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Evolve'"
661 SecRule &TX:'/SQL_INJECTION.*ARGS:partno/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
663 # (sid 2005085) ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id
664 SecRule REQUEST_URI_RAW "(?i:\/faq\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005085,rev:4,msg:'ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ExoPHPDesk'"
665 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
667 # (sid 2006817) ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex
668 SecRule REQUEST_URI_RAW "(?i:\/articles\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006817,rev:4,msg:'ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Expinion.net'"
669 SecRule &TX:'/SQL_INJECTION.*ARGS:ex/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
671 # (sid 2006343) ET WEB_SPECIFIC EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp
672 SecRule REQUEST_URI_RAW "(?i:\/vdateUsr\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006343,rev:4,msg:'ET WEB_SPECIFIC EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EzHRS'"
673 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
675 # (sid 2005619) ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid
676 SecRule REQUEST_URI_RAW "(?i:\/boxx\/ShowAppendix\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005619,rev:4,msg:'ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ezboxx'"
677 SecRule &TX:'/SQL_INJECTION.*ARGS:iid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
679 # (sid 2003850) ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref
680 SecRule REQUEST_URI_RAW "(?i:\/question\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003850,rev:4,msg:'ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FAQEngine'"
681 SecRule REQUEST_URI_RAW "@contains (" "chain"
682 SecRule &TX:'/SQL_INJECTION.*ARGS:questionref/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
684 # (sid 2006127) ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID
685 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006127,rev:4,msg:'ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FUM'"
686 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
688 # (sid 2006331) ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id
689 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006331,rev:4,msg:'ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fantastic_News'"
690 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
692 # (sid 2003792) ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid
693 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003792,rev:4,msg:'ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FileRun'"
694 SecRule REQUEST_URI_RAW "@contains (" "chain"
695 SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
697 # (sid 2006902) ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat
698 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006902,rev:4,msg:'ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FipsSHOP'"
699 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
701 # (sid 2006908) ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did
702 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006908,rev:4,msg:'ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FipsSHOP'"
703 SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
705 # (sid 2007186) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id
706 SecRule REQUEST_URI_RAW "(?i:\/filelist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007186,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
707 SecRule &TX:'/SQL_INJECTION.*ARGS:show_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
709 # (sid 2007192) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid
710 SecRule REQUEST_URI_RAW "(?i:\/filelist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007192,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
711 SecRule &TX:'/SQL_INJECTION.*ARGS:parentid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
713 # (sid 2007198) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid
714 SecRule REQUEST_URI_RAW "(?i:\/showfile\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007198,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
715 SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
717 # (sid 2003827) ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid
718 SecRule REQUEST_URI_RAW "(?i:\/game\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003827,rev:4,msg:'ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Flashgames'"
719 SecRule REQUEST_URI_RAW "@contains (" "chain"
720 SecRule &TX:'/SQL_INJECTION.*ARGS:lid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
722 # (sid 2005150) ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user
723 SecRule REQUEST_URI_RAW "(?i:\/info_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005150,rev:4,msg:'ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Forum_Livre'"
724 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
726 # (sid 2004921) ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat
727 SecRule REQUEST_URI_RAW "(?i:\/listmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004921,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
728 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
730 # (sid 2005079) ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id
731 SecRule REQUEST_URI_RAW "(?i:\/windows\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005079,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
732 SecRule &TX:'/SQL_INJECTION.*ARGS:kategori_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
734 # (sid 2005376) ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id
735 SecRule REQUEST_URI_RAW "(?i:\/down_indir\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005376,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
736 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
738 # (sid 2006465) ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- index.cfm
739 SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006465,rev:4,msg:'ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- index.cfm ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fusetalk'"
740 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
742 # (sid 2006471) ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode
743 SecRule REQUEST_URI_RAW "(?i:\/forum\/include\/error\/autherror\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006471,rev:4,msg:'ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fusetalk'"
744 SecRule &TX:'/SQL_INJECTION.*ARGS:errorcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
746 # (sid 2006193) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId
747 SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006193,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
748 SecRule &TX:'/SQL_INJECTION.*ARGS:newsId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
750 # (sid 2006199) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid
751 SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006199,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
752 SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
754 # (sid 2006205) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId
755 SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006205,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
756 SecRule &TX:'/SQL_INJECTION.*ARGS:langId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
758 # (sid 2005334) ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic
759 SecRule REQUEST_URI_RAW "(?i:\/low\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005334,rev:4,msg:'ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fuzzylime'"
760 SecRule &TX:'/SQL_INJECTION.*ARGS:topic/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
762 # (sid 2004003) ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id
763 SecRule REQUEST_URI_RAW "(?i:\/down_indir\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004003,rev:4,msg:'ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Gazi'"
764 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
766 # (sid 2004401) ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori
767 SecRule REQUEST_URI_RAW "(?i:\/kategori\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004401,rev:4,msg:'ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_GaziYapBoz'"
768 SecRule &TX:'/SQL_INJECTION.*ARGS:kategori/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
770 # (sid 2005013) ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user
771 SecRule REQUEST_URI_RAW "(?i:\/inc\/common\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005013,rev:4,msg:'ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_GlobalMegaCorp'"
772 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
774 # (sid 2003844) ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid
775 SecRule REQUEST_URI_RAW "(?i:\/glossaire\-p\-f\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003844,rev:4,msg:'ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Glossaire'"
776 SecRule REQUEST_URI_RAW "@contains (" "chain"
777 SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
779 # (sid 2004353) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id
780 SecRule REQUEST_URI_RAW "(?i:\/userdetail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004353,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
781 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
783 # (sid 2004359) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id
784 SecRule REQUEST_URI_RAW "(?i:\/jump\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004359,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
785 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
787 # (sid 2004365) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id
788 SecRule REQUEST_URI_RAW "(?i:\/detail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004365,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
789 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
791 # (sid 2004371) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url
792 SecRule REQUEST_URI_RAW "(?i:\/jump\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004371,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
793 SecRule &TX:'/SQL_INJECTION.*ARGS:url/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
795 # (sid 2005311) ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id
796 SecRule REQUEST_URI_RAW "(?i:\/print\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005311,rev:4,msg:'ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Guo_Xu_Guos'"
797 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
799 # (sid 2004395) ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID
800 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004395,rev:4,msg:'ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HC_News'"
801 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
803 # (sid 2007408) ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd
804 SecRule REQUEST_URI_RAW "(?i:\/addrating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007408,rev:3,msg:'ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HIOX'"
805 SecRule &TX:'/SQL_INJECTION.*ARGS:ipadd/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
807 # (sid 2007414) ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url
808 SecRule REQUEST_URI_RAW "(?i:\/addrating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007414,rev:3,msg:'ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HIOX'"
809 SecRule &TX:'/SQL_INJECTION.*ARGS:url/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
811 # (sid 2004425) ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre
812 SecRule REQUEST_URI_RAW "(?i:\/giris_yap\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004425,rev:4,msg:'ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hazir'"
813 SecRule &TX:'/SQL_INJECTION.*ARGS:sifre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
815 # (sid 2004633) ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id
816 SecRule REQUEST_URI_RAW "(?i:\/haberoku\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004633,rev:4,msg:'ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hunkaray'"
817 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
819 # (sid 2005067) ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id
820 SecRule REQUEST_URI_RAW "(?i:\/oku\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005067,rev:4,msg:'ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hunkaray'"
821 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
823 # (sid 2005643) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id
824 SecRule REQUEST_URI_RAW "(?i:\/dispimage\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005643,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
825 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
827 # (sid 2005649) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order
828 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005649,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
829 SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
831 # (sid 2005655) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page
832 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005655,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
833 SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
835 # (sid 2006866) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id
836 SecRule REQUEST_URI_RAW "(?i:\/rating\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006866,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
837 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
839 # (sid 2006872) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid
840 SecRule REQUEST_URI_RAW "(?i:\/meal_rest\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006872,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
841 SecRule &TX:'/SQL_INJECTION.*ARGS:mealid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
843 # (sid 2006878) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid
844 SecRule REQUEST_URI_RAW "(?i:\/res_details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006878,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
845 SecRule &TX:'/SQL_INJECTION.*ARGS:resid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
847 # (sid 2004801) ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP
848 SecRule REQUEST_URI_RAW "(?i:\/classes\/class_session\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004801,rev:4,msg:'ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
849 SecRule &TX:'/SQL_INJECTION.*ARGS:CLIENT_IP/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
851 # (sid 2006673) ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img
852 SecRule REQUEST_URI_RAW "(?i:\/forum\/modules\/gallery\/post\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006673,rev:4,msg:'ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
853 SecRule &TX:'/SQL_INJECTION.*ARGS:img/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
855 # (sid 2006679) ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img
856 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006679,rev:4,msg:'ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
857 SecRule &TX:'/SQL_INJECTION.*ARGS:img/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
859 # (sid 2006685) ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid
860 SecRule REQUEST_URI_RAW "(?i:\/lib\/entry_reply_entry\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006685,rev:4,msg:'ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
861 SecRule &TX:'/SQL_INJECTION.*ARGS:eid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
863 # (sid 2006211) ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id
864 SecRule REQUEST_URI_RAW "(?i:\/ixm_ixpnews\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006211,rev:4,msg:'ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ixprim'"
865 SecRule &TX:'/SQL_INJECTION.*ARGS:story_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
867 # (sid 2005346) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass
868 SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005346,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
869 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
871 # (sid 2005364) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user
872 SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005364,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
873 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
875 # (sid 2005370) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass
876 SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005370,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
877 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
879 # (sid 2004156) ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title
880 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004156,rev:4,msg:'ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JGBBS'"
881 SecRule &TX:'/SQL_INJECTION.*ARGS:title/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
883 # (sid 2004341) ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author
884 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004341,rev:4,msg:'ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JGBBS'"
885 SecRule &TX:'/SQL_INJECTION.*ARGS:author/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
887 # (sid 2004484) ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq
888 SecRule REQUEST_URI_RAW "(?i:\/G_Display\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004484,rev:4,msg:'ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JackKnife'"
889 SecRule &TX:'/SQL_INJECTION.*ARGS:iCategoryUnq/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
891 # (sid 2004490) ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID
892 SecRule REQUEST_URI_RAW "(?i:\/Search\/DisplayResults\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004490,rev:4,msg:'ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JackKnife'"
893 SecRule &TX:'/SQL_INJECTION.*ARGS:iSearchID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
895 # (sid 2006496) ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username
896 SecRule REQUEST_URI_RAW "(?i:\/login\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006496,rev:4,msg:'ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jasmine_CMS'"
897 SecRule &TX:'/SQL_INJECTION.*ARGS:login_username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
899 # (sid 2006502) ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item
900 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006502,rev:4,msg:'ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jasmine_CMS'"
901 SecRule &TX:'/SQL_INJECTION.*ARGS:item/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
903 # (sid 2004081) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php
904 SecRule REQUEST_URI_RAW "(?i:\/admincp\/attachment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004081,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
905 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
907 # (sid 2004150) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php
908 SecRule REQUEST_URI_RAW "(?i:\/admincp\/attachment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004150,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
909 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
911 # (sid 2004670) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids
912 SecRule REQUEST_URI_RAW "(?i:\/inlinemod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004670,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
913 SecRule &TX:'/SQL_INJECTION.*ARGS:postids/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
915 # (sid 2003943) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- main_page.php
916 SecRule REQUEST_URI_RAW "(?i:\/main_page\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003943,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- main_page.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
917 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
919 # (sid 2003949) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- open_tree.php
920 SecRule REQUEST_URI_RAW "(?i:\/open_tree\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003949,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- open_tree.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
921 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
923 # (sid 2003955) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- outputs.php
924 SecRule REQUEST_URI_RAW "(?i:\/outputs\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003955,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- outputs.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
925 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
927 # (sid 2003961) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view
928 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003961,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
929 SecRule &TX:'/SQL_INJECTION.*ARGS:view/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
931 # (sid 2003967) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- opentree.php id
932 SecRule REQUEST_URI_RAW "(?i:\/admin\/cms\/opentree\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003967,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- opentree.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
933 SecRule REQUEST_URI_RAW "@contains id[" "chain"
934 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
936 # (sid 2003973) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login
937 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003973,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
938 SecRule &TX:'/SQL_INJECTION.*ARGS:login/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
940 # (sid 2007348) ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID
941 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007348,rev:3,msg:'ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
942 SecRule &TX:'/SQL_INJECTION.*ARGS:tID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
944 # (sid 2007354) ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID
945 SecRule REQUEST_URI_RAW "(?i:\/openlink\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007354,rev:3,msg:'ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
946 SecRule &TX:'/SQL_INJECTION.*ARGS:LinkID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
948 # (sid 2007360) ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID
949 SecRule REQUEST_URI_RAW "(?i:\/viewlinks\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007360,rev:3,msg:'ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
950 SecRule &TX:'/SQL_INJECTION.*ARGS:CategoryID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
952 # (sid 2004377) ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary
953 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004377,rev:4,msg:'ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jobsitepro'"
954 SecRule &TX:'/SQL_INJECTION.*ARGS:salary/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
956 # (sid 2003762) ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid
957 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003762,rev:4,msg:'ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_John_Mordo'"
958 SecRule REQUEST_URI_RAW "@contains (" "chain"
959 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
961 # (sid 2005296) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid
962 SecRule REQUEST_URI_RAW "(?i:\/models\/category\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005296,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
963 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
965 # (sid 2005302) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id
966 SecRule REQUEST_URI_RAW "(?i:\/letterman\.class\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005302,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
967 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
969 # (sid 2005394) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php
970 SecRule REQUEST_URI_RAW "(?i:\/plugins\/user\/example\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005394,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
971 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
973 # (sid 2005400) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- gmail.php
974 SecRule REQUEST_URI_RAW "(?i:\/gmail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005400,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- gmail.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
975 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
977 # (sid 2005406) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php
978 SecRule REQUEST_URI_RAW "(?i:\/example\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005406,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
979 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
981 # (sid 2005412) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- ldap.php
982 SecRule REQUEST_URI_RAW "(?i:\/plugins\/authentication\/ldap\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005412,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- ldap.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
983 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
985 # (sid 2005418) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- menu.php
986 SecRule REQUEST_URI_RAW "(?i:\/modules\/mod_mainmenu\/menu\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005418,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- menu.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
987 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
989 # (sid 2005424) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where
990 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/content\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005424,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
991 SecRule &TX:'/SQL_INJECTION.*ARGS:where/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
993 # (sid 2005430) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where
994 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/weblinks\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005430,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
995 SecRule &TX:'/SQL_INJECTION.*ARGS:where/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
997 # (sid 2005436) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text
998 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/contacts\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005436,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
999 SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1001 # (sid 2005442) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text
1002 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/categories\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005442,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
1003 SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1005 # (sid 2005448) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text
1006 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/sections\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005448,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
1007 SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1009 # (sid 2005454) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email
1010 SecRule REQUEST_URI_RAW "(?i:\/database\/table\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005454,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
1011 SecRule &TX:'/SQL_INJECTION.*ARGS:email/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1013 # (sid 2006764) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category
1014 SecRule REQUEST_URI_RAW "(?i:\/search_listing\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006764,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
1015 SecRule &TX:'/SQL_INJECTION.*ARGS:category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1017 # (sid 2006770) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent
1018 SecRule REQUEST_URI_RAW "(?i:\/search_listing\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006770,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
1019 SecRule &TX:'/SQL_INJECTION.*ARGS:agent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1021 # (sid 2006776) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id
1022 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006776,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
1023 SecRule &TX:'/SQL_INJECTION.*ARGS:property_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1025 # (sid 2004645) ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id
1026 SecRule REQUEST_URI_RAW "(?i:\/news\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004645,rev:4,msg:'ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kartli'"
1027 SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1029 # (sid 2004126) ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna
1030 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004126,rev:4,msg:'ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Katalog_Plyt'"
1031 SecRule &TX:'/SQL_INJECTION.*ARGS:kolumna/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1033 # (sid 2004983) ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid
1034 SecRule REQUEST_URI_RAW "(?i:\/forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004983,rev:4,msg:'ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kisisel'"
1035 SecRule &TX:'/SQL_INJECTION.*ARGS:forumid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1037 # (sid 2005800) ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id
1038 SecRule REQUEST_URI_RAW "(?i:\/down\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005800,rev:4,msg:'ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kolayindir'"
1039 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1041 # (sid 2004693) ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id
1042 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004693,rev:4,msg:'ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kubix'"
1043 SecRule &TX:'/SQL_INJECTION.*ARGS:member_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1045 # (sid 2005073) ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid
1046 SecRule REQUEST_URI_RAW "(?i:\/i\-search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005073,rev:4,msg:'ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_L2J_DropCalc'"
1047 SecRule &TX:'/SQL_INJECTION.*ARGS:itemid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1049 # (sid 2005977) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w
1050 SecRule REQUEST_URI_RAW "(?i:\/journal\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005977,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LDU'"
1051 SecRule &TX:'/SQL_INJECTION.*ARGS:w/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1053 # (sid 2006319) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id
1054 SecRule REQUEST_URI_RAW "(?i:\/polls\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006319,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LDU'"
1055 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1057 # (sid 2004527) ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country
1058 SecRule REQUEST_URI_RAW "(?i:\/guestbook\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004527,rev:4,msg:'ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LI_Guestbook'"
1059 SecRule &TX:'/SQL_INJECTION.*ARGS:country/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1061 # (sid 2007298) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id
1062 SecRule REQUEST_URI_RAW "(?i:\/inout\/status\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007298,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1063 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1065 # (sid 2007304) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id
1066 SecRule REQUEST_URI_RAW "(?i:\/inout\/update\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007304,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1067 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1069 # (sid 2007310) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id
1070 SecRule REQUEST_URI_RAW "(?i:\/forgotpass\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007310,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1071 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1073 # (sid 2007316) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid
1074 SecRule REQUEST_URI_RAW "(?i:\/forgotpass\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007316,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1075 SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1077 # (sid 2007322) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid
1078 SecRule REQUEST_URI_RAW "(?i:\/inout\/update\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007322,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1079 SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1081 # (sid 2007328) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid
1082 SecRule REQUEST_URI_RAW "(?i:\/inout\/status\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007328,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1083 SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1085 # (sid 2007334) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id
1086 SecRule REQUEST_URI_RAW "(?i:\/details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007334,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1087 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1089 # (sid 2006661) ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni
1090 SecRule REQUEST_URI_RAW "(?i:\/navigacija\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006661,rev:4,msg:'ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_CMS'"
1091 SecRule &TX:'/SQL_INJECTION.*ARGS:IDMeniGlavni/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1093 # (sid 2006667) ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci
1094 SecRule REQUEST_URI_RAW "(?i:\/prikazInformacije\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006667,rev:4,msg:'ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_CMS'"
1095 SecRule &TX:'/SQL_INJECTION.*ARGS:IDStranicaPodaci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1097 # (sid 2007366) ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch
1098 SecRule REQUEST_URI_RAW "(?i:\/linkslist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007366,rev:3,msg:'ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_Exchange_Lite'"
1099 SecRule &TX:'/SQL_INJECTION.*ARGS:psearch/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1101 # (sid 2007372) ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- search.asp
1102 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007372,rev:3,msg:'ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- search.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_Exchange_Lite'"
1103 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1105 # (sid 2004413) ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt
1106 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004413,rev:4,msg:'ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Links_Management'"
1107 SecRule &TX:'/SQL_INJECTION.*ARGS:lcnt/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1109 # (sid 2006477) ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid
1110 SecRule REQUEST_URI_RAW "(?i:\/categoria\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006477,rev:4,msg:'ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LiveCMS'"
1111 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1113 # (sid 2005833) ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID
1114 SecRule REQUEST_URI_RAW "(?i:\/main\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005833,rev:4,msg:'ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LocazoList'"
1115 SecRule &TX:'/SQL_INJECTION.*ARGS:subcatID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1117 # (sid 2006325) ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID
1118 SecRule REQUEST_URI_RAW "(?i:\/ProductDetails\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006325,rev:4,msg:'ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lotfian'"
1119 SecRule &TX:'/SQL_INJECTION.*ARGS:PID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1121 # (sid 2004965) ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id
1122 SecRule REQUEST_URI_RAW "(?i:\/comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004965,rev:4,msg:'ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lushi'"
1123 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1125 # (sid 2004971) ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id
1126 SecRule REQUEST_URI_RAW "(?i:\/register\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004971,rev:4,msg:'ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lushi'"
1127 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1129 # (sid 2005139) ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow
1130 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005139,rev:4,msg:'ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MDPro'"
1131 SecRule &TX:'/SQL_INJECTION.*ARGS:startrow/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1133 # (sid 2005516) ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id
1134 SecRule REQUEST_URI_RAW "(?i:\/email\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005516,rev:4,msg:'ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGB'"
1135 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1137 # (sid 2006229) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p
1138 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006229,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
1139 SecRule &TX:'/SQL_INJECTION.*ARGS:p/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1141 # (sid 2006235) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l
1142 SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006235,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
1143 SecRule &TX:'/SQL_INJECTION.*ARGS:l/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1145 # (sid 2006241) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ
1146 SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006241,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
1147 SecRule &TX:'/SQL_INJECTION.*ARGS:typ/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1149 # (sid 2006247) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc
1150 SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006247,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
1151 SecRule &TX:'/SQL_INJECTION.*ARGS:loc/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1153 # (sid 2003991) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid
1154 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003991,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
1155 SecRule &TX:'/SQL_INJECTION.*ARGS:listid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1157 # (sid 2004431) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname
1158 SecRule REQUEST_URI_RAW "(?i:\/moscomment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004431,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
1159 SecRule &TX:'/SQL_INJECTION.*ARGS:mcname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1161 # (sid 2004437) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname
1162 SecRule REQUEST_URI_RAW "(?i:\/com_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004437,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
1163 SecRule &TX:'/SQL_INJECTION.*ARGS:mcname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1165 # (sid 2004770) ET WEB_SPECIFIC Mambo LaiThai SQL Injection Attempt -- mambo.php
1166 SecRule REQUEST_URI_RAW "(?i:\/includes\/mambo\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004770,rev:4,msg:'ET WEB_SPECIFIC Mambo LaiThai SQL Injection Attempt -- mambo.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
1167 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1169 # (sid 2005145) ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid
1170 SecRule REQUEST_URI_RAW "(?i:\/news_page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005145,rev:4,msg:'ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Martyn_Kilbryde_Newsposter'"
1171 SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1173 # (sid 2004269) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x
1174 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004269,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1175 SecRule REQUEST_URI_RAW "@contains x[" "chain"
1176 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1178 # (sid 2004275) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t
1179 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004275,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1180 SecRule &TX:'/SQL_INJECTION.*ARGS:t/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1182 # (sid 2004281) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId
1183 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004281,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1184 SecRule &TX:'/SQL_INJECTION.*ARGS:productId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1186 # (sid 2004287) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk
1187 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004287,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1188 SecRule &TX:'/SQL_INJECTION.*ARGS:sk/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1190 # (sid 2004293) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x
1191 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004293,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1192 SecRule &TX:'/SQL_INJECTION.*ARGS:x/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1194 # (sid 2004299) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so
1195 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004299,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1196 SecRule &TX:'/SQL_INJECTION.*ARGS:so/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1198 # (sid 2004305) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo
1199 SecRule REQUEST_URI_RAW "(?i:\/order\-track\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004305,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1200 SecRule &TX:'/SQL_INJECTION.*ARGS:orderNo/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1202 # (sid 2006349) ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa
1203 SecRule REQUEST_URI_RAW "(?i:\/lire\-avis\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006349,rev:4,msg:'ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Messageriescripthp'"
1204 SecRule &TX:'/SQL_INJECTION.*ARGS:aa/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1206 # (sid 2006799) ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi
1207 SecRule REQUEST_URI_RAW "(?i:\/uye_giris_islem\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006799,rev:4,msg:'ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Metyus'"
1208 SecRule &TX:'/SQL_INJECTION.*ARGS:kullanici_ismi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1210 # (sid 2006805) ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre
1211 SecRule REQUEST_URI_RAW "(?i:\/uye_giris_islem\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006805,rev:4,msg:'ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Metyus'"
1212 SecRule &TX:'/SQL_INJECTION.*ARGS:sifre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1214 # (sid 2005607) ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id
1215 SecRule REQUEST_URI_RAW "(?i:\/duyuru\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005607,rev:4,msg:'ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MiNT'"
1216 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1218 # (sid 2007010) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant
1219 SecRule REQUEST_URI_RAW "(?i:\/item_show\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007010,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
1220 SecRule &TX:'/SQL_INJECTION.*ARGS:id2006quant/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1222 # (sid 2007016) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup
1223 SecRule REQUEST_URI_RAW "(?i:\/item_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007016,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
1224 SecRule &TX:'/SQL_INJECTION.*ARGS:maingroup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1226 # (sid 2007022) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup
1227 SecRule REQUEST_URI_RAW "(?i:\/item_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007022,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
1228 SecRule &TX:'/SQL_INJECTION.*ARGS:secondgroup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1230 # (sid 2004168) ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c
1231 SecRule REQUEST_URI_RAW "(?i:\/forum\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004168,rev:4,msg:'ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Minerva'"
1232 SecRule &TX:'/SQL_INJECTION.*ARGS:c/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1234 # (sid 2005782) ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName
1235 SecRule REQUEST_URI_RAW "(?i:\/admin_check_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005782,rev:4,msg:'ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Motionborg'"
1236 SecRule &TX:'/SQL_INJECTION.*ARGS:txtUserName/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1238 # (sid 2003839) ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid
1239 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003839,rev:4,msg:'ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MyConference'"
1240 SecRule REQUEST_URI_RAW "@contains (" "chain"
1241 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1243 # (sid 2006631) ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details
1244 SecRule REQUEST_URI_RAW "(?i:\/mystats\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006631,rev:4,msg:'ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MyStats'"
1245 SecRule &TX:'/SQL_INJECTION.*ARGS:details/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1247 # (sid 2004616) ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete
1248 SecRule REQUEST_URI_RAW "(?i:\/diary\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004616,rev:4,msg:'ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_My_Datebook'"
1249 SecRule &TX:'/SQL_INJECTION.*ARGS:delete/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1251 # (sid 2004099) ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id
1252 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004099,rev:4,msg:'ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_My_Little_Forum'"
1253 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1255 # (sid 2004746) ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv
1256 SecRule REQUEST_URI_RAW "(?i:\/result\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004746,rev:4,msg:'ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Nabopoll'"
1257 SecRule &TX:'/SQL_INJECTION.*ARGS:surv/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1259 # (sid 2006884) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id
1260 SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006884,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neochrome'"
1261 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1263 # (sid 2006740) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php
1264 SecRule REQUEST_URI_RAW "(?i:\/plugins\/ipsearch\/ipsearch\.admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006740,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1265 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1267 # (sid 2006746) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php
1268 SecRule REQUEST_URI_RAW "(?i:\/pfs\/pfs\.edit\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006746,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1269 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1271 # (sid 2006752) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.register.inc.php
1272 SecRule REQUEST_URI_RAW "(?i:\/system\/core\/users\/users\.register\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006752,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.register.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1273 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1275 # (sid 2006758) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id
1276 SecRule REQUEST_URI_RAW "(?i:\/polls\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006758,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1277 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1279 # (sid 2007292) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id
1280 SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007292,rev:3,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1281 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1283 # (sid 2006551) ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id
1284 SecRule REQUEST_URI_RAW "(?i:\/ViewCat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006551,rev:4,msg:'ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NetClassifieds'"
1285 SecRule &TX:'/SQL_INJECTION.*ARGS:s_user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1287 # (sid 2004162) ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID
1288 SecRule REQUEST_URI_RAW "(?i:\/News\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004162,rev:4,msg:'ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NetVIOS'"
1289 SecRule &TX:'/SQL_INJECTION.*ARGS:NewsID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1291 # (sid 2004940) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname
1292 SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004940,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
1293 SecRule &TX:'/SQL_INJECTION.*ARGS:commentname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1295 # (sid 2004947) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail
1296 SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004947,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
1297 SecRule &TX:'/SQL_INJECTION.*ARGS:commentmail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1299 # (sid 2004953) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite
1300 SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004953,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
1301 SecRule &TX:'/SQL_INJECTION.*ARGS:commentwebsite/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1303 # (sid 2004959) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment
1304 SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004959,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
1305 SecRule &TX:'/SQL_INJECTION.*ARGS:comment/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1307 # (sid 2005679) ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category
1308 SecRule REQUEST_URI_RAW "(?i:\/shared\/code\/cp_functions_downloads\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005679,rev:4,msg:'ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Nicola_Asuni'"
1309 SecRule &TX:'/SQL_INJECTION.*ARGS:download_category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1311 # (sid 2005019) ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id
1312 SecRule REQUEST_URI_RAW "(?i:\/view\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005019,rev:4,msg:'ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Noname_Media_Gallerie'"
1313 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1315 # (sid 2006595) ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid
1316 SecRule REQUEST_URI_RAW "(?i:\/dagent\/downloadreport\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006595,rev:4,msg:'ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Novell_Zenworks'"
1317 SecRule &TX:'/SQL_INJECTION.*ARGS:agentid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1319 # (sid 2006601) ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass
1320 SecRule REQUEST_URI_RAW "(?i:\/dagent\/downloadreport\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006601,rev:4,msg:'ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Novell_Zenworks'"
1321 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1323 # (sid 2004311) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php
1324 SecRule REQUEST_URI_RAW "(?i:\/nukesentinel\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004311,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
1325 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1327 # (sid 2004734) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php
1328 SecRule REQUEST_URI_RAW "(?i:\/nukesentinel\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004734,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
1329 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1331 # (sid 2004740) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nsbypass.php
1332 SecRule REQUEST_URI_RAW "(?i:\/includes\/nsbypass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004740,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nsbypass.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
1333 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1335 # (sid 2006811) ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid
1336 SecRule REQUEST_URI_RAW "(?i:\/viewthread\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006811,rev:4,msg:'ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_O2PHP'"
1337 SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1339 # (sid 2005601) ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id
1340 SecRule REQUEST_URI_RAW "(?i:\/etkinlikbak\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005601,rev:4,msg:'ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Okul'"
1341 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1343 # (sid 2004454) ET WEB_SPECIFIC Omegasoft SQL Injection Attempt -- OmegaMw7.asp
1344 SecRule REQUEST_URI_RAW "(?i:\/OmegaMw7\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004454,rev:4,msg:'ET WEB_SPECIFIC Omegasoft SQL Injection Attempt -- OmegaMw7.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Omegasoft'"
1345 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1347 # (sid 2004849) ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id
1348 SecRule REQUEST_URI_RAW "(?i:\/user_pages\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004849,rev:4,msg:'ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Online_Web_Building'"
1349 SecRule &TX:'/SQL_INJECTION.*ARGS:art_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1351 # (sid 2005941) ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate
1352 SecRule REQUEST_URI_RAW "(?i:\/login\/register\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005941,rev:4,msg:'ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Outfront'"
1353 SecRule &TX:'/SQL_INJECTION.*ARGS:UserUpdate/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1355 # (sid 2005947) ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- a_register.asp
1356 SecRule REQUEST_URI_RAW "(?i:\/includes\/a_register\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005947,rev:4,msg:'ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- a_register.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Outfront'"
1357 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1359 # (sid 2004245) ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip
1360 SecRule REQUEST_URI_RAW "(?i:\/php\-stats\.recphp\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004245,rev:4,msg:'ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP-Stats'"
1361 SecRule &TX:'/SQL_INJECTION.*ARGS:ip/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1363 # (sid 2006514) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID
1364 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006514,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1365 SecRule &TX:'/SQL_INJECTION.*ARGS:Outgoing_Type_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1367 # (sid 2006520) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID
1368 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006520,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1369 SecRule &TX:'/SQL_INJECTION.*ARGS:Outgoing_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1371 # (sid 2006526) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID
1372 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006526,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1373 SecRule &TX:'/SQL_INJECTION.*ARGS:Project_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1375 # (sid 2006532) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID
1376 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006532,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1377 SecRule &TX:'/SQL_INJECTION.*ARGS:Client_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1379 # (sid 2006538) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID
1380 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006538,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1381 SecRule &TX:'/SQL_INJECTION.*ARGS:Invoice_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1383 # (sid 2006544) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID
1384 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006544,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1385 SecRule &TX:'/SQL_INJECTION.*ARGS:Vendor_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1387 # (sid 2005971) ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id
1388 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_acronyms\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005971,rev:4,msg:'ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPBB'"
1389 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1391 # (sid 2006973) ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id
1392 SecRule REQUEST_URI_RAW "(?i:\/admin_hacks_list\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006973,rev:4,msg:'ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPBB'"
1393 SecRule &TX:'/SQL_INJECTION.*ARGS:hack_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1395 # (sid 2004045) ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id
1396 SecRule REQUEST_URI_RAW "(?i:\/modules\/admin\/modules\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004045,rev:4,msg:'ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPEcho'"
1397 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1399 # (sid 2003809) ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER
1400 SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003809,rev:4,msg:'ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPHoo3'"
1401 SecRule REQUEST_URI_RAW "@contains (" "chain"
1402 SecRule &TX:'/SQL_INJECTION.*ARGS:ADMIN_USER/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1404 # (sid 2003815) ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS
1405 SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003815,rev:4,msg:'ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPHoo3'"
1406 SecRule REQUEST_URI_RAW "@contains (" "chain"
1407 SecRule &TX:'/SQL_INJECTION.*ARGS:ADMIN_PASS/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1409 # (sid 2004699) ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid
1410 SecRule REQUEST_URI_RAW "(?i:\/include\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004699,rev:4,msg:'ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPKit'"
1411 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1413 # (sid 2005788) ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid
1414 SecRule REQUEST_URI_RAW "(?i:\/comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005788,rev:4,msg:'ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPKit'"
1415 SecRule &TX:'/SQL_INJECTION.*ARGS:subid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1417 # (sid 2004704) ET WEB_SPECIFIC PHPWind SQL Injection Attempt -- admin.php
1418 SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004704,rev:4,msg:'ET WEB_SPECIFIC PHPWind SQL Injection Attempt -- admin.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPWind'"
1419 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1421 # (sid 2004329) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang
1422 SecRule REQUEST_URI_RAW "(?i:\/mainfile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004329,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1423 SecRule &TX:'/SQL_INJECTION.*ARGS:lang/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1425 # (sid 2004855) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id
1426 SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004855,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1427 SecRule &TX:'/SQL_INJECTION.*ARGS:category_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1429 # (sid 2005460) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active
1430 SecRule REQUEST_URI_RAW "(?i:\/admin\/modules\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005460,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1431 SecRule &TX:'/SQL_INJECTION.*ARGS:active/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1433 # (sid 2005466) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class
1434 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005466,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1435 SecRule &TX:'/SQL_INJECTION.*ARGS:ad_class/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1437 # (sid 2005472) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl
1438 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005472,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1439 SecRule &TX:'/SQL_INJECTION.*ARGS:imageurl/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1441 # (sid 2005478) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl
1442 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005478,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1443 SecRule &TX:'/SQL_INJECTION.*ARGS:clickurl/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1445 # (sid 2005484) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code
1446 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005484,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1447 SecRule &TX:'/SQL_INJECTION.*ARGS:ad_code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1449 # (sid 2005491) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position
1450 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005491,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1451 SecRule &TX:'/SQL_INJECTION.*ARGS:position/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1453 # (sid 2005589) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat
1454 SecRule REQUEST_URI_RAW "(?i:\/blocks\/block\-Old_Articles\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005589,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1455 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1457 # (sid 2006931) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid
1458 SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006931,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1459 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1461 # (sid 2006937) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid
1462 SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006937,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1463 SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1465 # (sid 2007180) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid
1466 SecRule REQUEST_URI_RAW "(?i:\/modules\/News\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007180,rev:3,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1467 SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1469 # (sid 2005905) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage
1470 SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005905,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
1471 SecRule &TX:'/SQL_INJECTION.*ARGS:newmessage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1473 # (sid 2005911) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname
1474 SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005911,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
1475 SecRule &TX:'/SQL_INJECTION.*ARGS:newname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1477 # (sid 2005917) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite
1478 SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005917,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
1479 SecRule &TX:'/SQL_INJECTION.*ARGS:newwebsite/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1481 # (sid 2005923) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail
1482 SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005923,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
1483 SecRule &TX:'/SQL_INJECTION.*ARGS:newemail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1485 # (sid 2004610) ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c
1486 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004610,rev:4,msg:'ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PNphpBB2'"
1487 SecRule &TX:'/SQL_INJECTION.*ARGS:c/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1489 # (sid 2004934) ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id
1490 SecRule REQUEST_URI_RAW "(?i:\/item\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004934,rev:4,msg:'ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PSY_Auction'"
1491 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1493 # (sid 2006734) ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main
1494 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006734,rev:4,msg:'ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PWP'"
1495 SecRule &TX:'/SQL_INJECTION.*ARGS:main/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1497 # (sid 2004263) ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid
1498 SecRule REQUEST_URI_RAW "(?i:\/post\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004263,rev:4,msg:'ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Blogger'"
1499 SecRule &TX:'/SQL_INJECTION.*ARGS:postid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1501 # (sid 2005220) ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month
1502 SecRule REQUEST_URI_RAW "(?i:\/archives\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005220,rev:4,msg:'ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Blogger'"
1503 SecRule &TX:'/SQL_INJECTION.*ARGS:month/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1505 # (sid 2004622) ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment
1506 SecRule REQUEST_URI_RAW "(?i:\/viewimage\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004622,rev:4,msg:'ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Gallery'"
1507 SecRule &TX:'/SQL_INJECTION.*ARGS:editcomment/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1509 # (sid 2004093) ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id
1510 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004093,rev:4,msg:'ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Phil-A-Form'"
1511 SecRule &TX:'/SQL_INJECTION.*ARGS:form_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1513 # (sid 2004928) ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid
1514 SecRule REQUEST_URI_RAW "(?i:\/philboard_forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004928,rev:4,msg:'ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Philboard'"
1515 SecRule &TX:'/SQL_INJECTION.*ARGS:forumid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1517 # (sid 2004909) ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id
1518 SecRule REQUEST_URI_RAW "(?i:\/pollmentorres\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004909,rev:4,msg:'ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PollMentor'"
1519 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1521 # (sid 2005625) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid
1522 SecRule REQUEST_URI_RAW "(?i:\/simplog\/archive\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005625,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
1523 SecRule &TX:'/SQL_INJECTION.*ARGS:blogid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1525 # (sid 2005631) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid
1526 SecRule REQUEST_URI_RAW "(?i:\/simplog\/archive\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005631,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
1527 SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1529 # (sid 2005637) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid
1530 SecRule REQUEST_URI_RAW "(?i:\/simplog\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005637,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
1531 SecRule &TX:'/SQL_INJECTION.*ARGS:blogid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1533 # (sid 2003803) ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id
1534 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003803,rev:4,msg:'ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PostNuke'"
1535 SecRule REQUEST_URI_RAW "@contains (" "chain"
1536 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1538 # (sid 2006355) ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa
1539 SecRule REQUEST_URI_RAW "(?i:\/lire\-avis\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006355,rev:4,msg:'ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ProNews'"
1540 SecRule &TX:'/SQL_INJECTION.*ARGS:aa/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1542 # (sid 2005685) ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id
1543 SecRule REQUEST_URI_RAW "(?i:\/viewad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005685,rev:4,msg:'ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rapid_Classified'"
1544 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1546 # (sid 2005025) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user
1547 SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005025,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
1548 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1550 # (sid 2005031) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password
1551 SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005031,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
1552 SecRule &TX:'/SQL_INJECTION.*ARGS:password/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1554 # (sid 2005097) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id
1555 SecRule REQUEST_URI_RAW "(?i:\/user_confirm\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005097,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
1556 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1558 # (sid 2005103) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass
1559 SecRule REQUEST_URI_RAW "(?i:\/user_confirm\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005103,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
1560 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1562 # (sid 2006943) ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid
1563 SecRule REQUEST_URI_RAW "(?i:\/recipe\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006943,rev:3,msg:'ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Recipes_Complete'"
1564 SecRule &TX:'/SQL_INJECTION.*ARGS:recipeid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1566 # (sid 2006949) ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid
1567 SecRule REQUEST_URI_RAW "(?i:\/list\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006949,rev:3,msg:'ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Recipes_Complete'"
1568 SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1570 # (sid 2003833) ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv
1571 SecRule REQUEST_URI_RAW "(?i:\/edit_day\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003833,rev:4,msg:'ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ResManager'"
1572 SecRule REQUEST_URI_RAW "@contains (" "chain"
1573 SecRule &TX:'/SQL_INJECTION.*ARGS:id_reserv/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1575 # (sid 2004604) ET WEB_SPECIFIC RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php
1576 SecRule REQUEST_URI_RAW "(?i:\/inc\/class_users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004604,rev:4,msg:'ET WEB_SPECIFIC RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RevokeSoft'"
1577 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1579 # (sid 2005691) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID
1580 SecRule REQUEST_URI_RAW "(?i:\/listfull\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005691,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1581 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1583 # (sid 2005697) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID
1584 SecRule REQUEST_URI_RAW "(?i:\/printmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005697,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1585 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1587 # (sid 2005703) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat
1588 SecRule REQUEST_URI_RAW "(?i:\/listmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005703,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1589 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1591 # (sid 2005709) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat
1592 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005709,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1593 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1595 # (sid 2005715) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat
1596 SecRule REQUEST_URI_RAW "(?i:\/searchmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005715,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1597 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1599 # (sid 2005721) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword
1600 SecRule REQUEST_URI_RAW "(?i:\/searchkey\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005721,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1601 SecRule &TX:'/SQL_INJECTION.*ARGS:Keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1603 # (sid 2005727) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area
1604 SecRule REQUEST_URI_RAW "(?i:\/searchmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005727,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1605 SecRule &TX:'/SQL_INJECTION.*ARGS:area/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1607 # (sid 2005733) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area
1608 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005733,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1609 SecRule &TX:'/SQL_INJECTION.*ARGS:area/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1611 # (sid 2005740) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin
1612 SecRule REQUEST_URI_RAW "(?i:\/searchkey\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005740,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1613 SecRule &TX:'/SQL_INJECTION.*ARGS:searchin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1615 # (sid 2005746) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1
1616 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005746,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1617 SecRule &TX:'/SQL_INJECTION.*ARGS:cost1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1619 # (sid 2005752) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2
1620 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005752,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1621 SecRule &TX:'/SQL_INJECTION.*ARGS:cost2/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1623 # (sid 2005758) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1
1624 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005758,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1625 SecRule &TX:'/SQL_INJECTION.*ARGS:acreage1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1627 # (sid 2005764) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1
1628 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005764,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1629 SecRule &TX:'/SQL_INJECTION.*ARGS:squarefeet1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1631 # (sid 2004664) ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria
1632 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004664,rev:4,msg:'ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rigter_portal'"
1633 SecRule &TX:'/SQL_INJECTION.*ARGS:categoria/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1635 # (sid 2003821) ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries
1636 SecRule REQUEST_URI_RAW "(?i:\/class\/debug\/debug_show\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003821,rev:4,msg:'ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RunCMS'"
1637 SecRule REQUEST_URI_RAW "@contains (" "chain"
1638 SecRule &TX:'/SQL_INJECTION.*ARGS:executed_queries/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1640 # (sid 2003862) ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id
1641 SecRule REQUEST_URI_RAW "(?i:\/devami\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003862,rev:4,msg:'ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RunawaySoft'"
1642 SecRule REQUEST_URI_RAW "@contains (" "chain"
1643 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1645 # (sid 2004467) ET WEB_SPECIFIC SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp
1646 SecRule REQUEST_URI_RAW "(?i:\/cgi\-bin\/reorder2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004467,rev:4,msg:'ET WEB_SPECIFIC SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Salescart'"
1647 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1649 # (sid 2004497) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name
1650 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004497,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1651 SecRule &TX:'/SQL_INJECTION.*ARGS:name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1653 # (sid 2004503) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country
1654 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004503,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1655 SecRule &TX:'/SQL_INJECTION.*ARGS:country/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1657 # (sid 2004509) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email
1658 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004509,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1659 SecRule &TX:'/SQL_INJECTION.*ARGS:email/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1661 # (sid 2004515) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website
1662 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004515,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1663 SecRule &TX:'/SQL_INJECTION.*ARGS:website/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1665 # (sid 2004521) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message
1666 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004521,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1667 SecRule &TX:'/SQL_INJECTION.*ARGS:message/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1669 # (sid 2004120) ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid
1670 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004120,rev:4,msg:'ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ScriptMagix'"
1671 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1673 # (sid 2006313) ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid
1674 SecRule REQUEST_URI_RAW "(?i:\/utilities\/usermessages\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006313,rev:4,msg:'ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ScriptMate'"
1675 SecRule &TX:'/SQL_INJECTION.*ARGS:mesid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1677 # (sid 2004419) ET WEB_SPECIFIC Serendipity SQL Injection Attempt -- index.php serendipity
1678 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004419,rev:4,msg:'ET WEB_SPECIFIC Serendipity SQL Injection Attempt -- index.php serendipity ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Serendipity'"
1679 SecRule REQUEST_URI_RAW "@contains serendipity[multiCat][" "chain"
1680 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1682 # (sid 2005794) ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID
1683 SecRule REQUEST_URI_RAW "(?i:\/orange\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005794,rev:4,msg:'ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ShopStoreNow'"
1684 SecRule &TX:'/SQL_INJECTION.*ARGS:CatID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1686 # (sid 2003856) ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr
1687 SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003856,rev:4,msg:'ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SimpleNews'"
1688 SecRule REQUEST_URI_RAW "@contains (" "chain"
1689 SecRule &TX:'/SQL_INJECTION.*ARGS:newsnr/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1691 # (sid 2004783) ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username
1692 SecRule REQUEST_URI_RAW "(?i:\/logon_user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004783,rev:4,msg:'ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_PHP_Portal'"
1693 SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1695 # (sid 2004789) ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username
1696 SecRule REQUEST_URI_RAW "(?i:\/update_profile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004789,rev:4,msg:'ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_PHP_Portal'"
1697 SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1699 # (sid 2005875) ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id
1700 SecRule REQUEST_URI_RAW "(?i:\/page\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005875,rev:4,msg:'ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_Web_CMS'"
1701 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1703 # (sid 2005522) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps
1704 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005522,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1705 SecRule &TX:'/SQL_INJECTION.*ARGS:ps/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1707 # (sid 2005528) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us
1708 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005528,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1709 SecRule &TX:'/SQL_INJECTION.*ARGS:us/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1711 # (sid 2005534) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f
1712 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005534,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1713 SecRule &TX:'/SQL_INJECTION.*ARGS:f/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1715 # (sid 2005540) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code
1716 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005540,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1717 SecRule &TX:'/SQL_INJECTION.*ARGS:code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1719 # (sid 2005546) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code
1720 SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005546,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1721 SecRule &TX:'/SQL_INJECTION.*ARGS:code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1723 # (sid 2005552) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f
1724 SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005552,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1725 SecRule &TX:'/SQL_INJECTION.*ARGS:f/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1727 # (sid 2005558) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us
1728 SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005558,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1729 SecRule &TX:'/SQL_INJECTION.*ARGS:us/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1731 # (sid 2005564) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps
1732 SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005564,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1733 SecRule &TX:'/SQL_INJECTION.*ARGS:ps/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1735 # (sid 2004867) ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id
1736 SecRule REQUEST_URI_RAW "(?i:\/pop_profile\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004867,rev:4,msg:'ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Snitz'"
1737 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1739 # (sid 2006133) ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent
1740 SecRule REQUEST_URI_RAW "(?i:\/list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006133,rev:4,msg:'ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Softwebs'"
1741 SecRule &TX:'/SQL_INJECTION.*ARGS:agent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1743 # (sid 2006484) ET WEB_SPECIFIC Solar Empire SQL Injection Attempt -- game_listing.php
1744 SecRule REQUEST_URI_RAW "(?i:\/game_listing\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006484,rev:4,msg:'ET WEB_SPECIFIC Solar Empire SQL Injection Attempt -- game_listing.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Solar_Empire'"
1745 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1747 # (sid 2004383) ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list
1748 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004383,rev:4,msg:'ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SonicMailer'"
1749 SecRule &TX:'/SQL_INJECTION.*ARGS:list/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1751 # (sid 2004820) ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category
1752 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004820,rev:4,msg:'ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Sphider'"
1753 SecRule &TX:'/SQL_INJECTION.*ARGS:category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1755 # (sid 2005156) ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines
1756 SecRule REQUEST_URI_RAW "(?i:\/rss\/show_webfeed\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005156,rev:4,msg:'ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SpoonLabs'"
1757 SecRule &TX:'/SQL_INJECTION.*ARGS:wcHeadlines/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1759 # (sid 2004826) ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat
1760 SecRule REQUEST_URI_RAW "(?i:\/directory\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004826,rev:4,msg:'ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Super_Link_Exchange'"
1761 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1763 # (sid 2006637) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp
1764 SecRule REQUEST_URI_RAW "(?i:\/sendarticle\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006637,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
1765 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1767 # (sid 2006643) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp
1768 SecRule REQUEST_URI_RAW "(?i:\/printarticle\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006643,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
1769 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1771 # (sid 2006649) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID
1772 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006649,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
1773 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1775 # (sid 2006655) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID
1776 SecRule REQUEST_URI_RAW "(?i:\/preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006655,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
1777 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1779 # (sid 2005571) ET WEB_SPECIFIC ThWboard SQL Injection Attempt -- index.php board
1780 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005571,rev:4,msg:'ET WEB_SPECIFIC ThWboard SQL Injection Attempt -- index.php board ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ThWboard'"
1781 SecRule REQUEST_URI_RAW "@contains board[" "chain"
1782 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1784 # (sid 2006007) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname
1785 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006007,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1786 SecRule &TX:'/SQL_INJECTION.*ARGS:lastname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1788 # (sid 2006013) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname
1789 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006013,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1790 SecRule &TX:'/SQL_INJECTION.*ARGS:firstname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1792 # (sid 2006019) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld
1793 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006019,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1794 SecRule &TX:'/SQL_INJECTION.*ARGS:passwordOld/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1796 # (sid 2006025) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew
1797 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006025,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1798 SecRule &TX:'/SQL_INJECTION.*ARGS:passwordNew/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1800 # (sid 2006031) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id
1801 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006031,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1802 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1804 # (sid 2006037) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language
1805 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006037,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1806 SecRule &TX:'/SQL_INJECTION.*ARGS:language/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1808 # (sid 2006043) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter
1809 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006043,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1810 SecRule &TX:'/SQL_INJECTION.*ARGS:defaultLetter/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1812 # (sid 2006049) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass
1813 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006049,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1814 SecRule &TX:'/SQL_INJECTION.*ARGS:newuserPass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1816 # (sid 2006055) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType
1817 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006055,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1818 SecRule &TX:'/SQL_INJECTION.*ARGS:newuserType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1820 # (sid 2006061) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail
1821 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006061,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1822 SecRule &TX:'/SQL_INJECTION.*ARGS:newuserEmail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1824 # (sid 2006067) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo
1825 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006067,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1826 SecRule &TX:'/SQL_INJECTION.*ARGS:goTo/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1828 # (sid 2006073) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search
1829 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006073,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1830 SecRule &TX:'/SQL_INJECTION.*ARGS:search/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1832 # (sid 2006079) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName
1833 SecRule REQUEST_URI_RAW "(?i:\/save\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006079,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1834 SecRule &TX:'/SQL_INJECTION.*ARGS:groupAddName/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1836 # (sid 2004873) ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id
1837 SecRule REQUEST_URI_RAW "(?i:\/h_goster\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004873,rev:4,msg:'ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Turuncu'"
1838 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1840 # (sid 2004676) ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug
1841 SecRule REQUEST_URI_RAW "(?i:\/ViewReport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004676,rev:4,msg:'ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Tyger_Bug_Tracker'"
1842 SecRule &TX:'/SQL_INJECTION.*ARGS:bug/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1844 # (sid 2004681) ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s
1845 SecRule REQUEST_URI_RAW "(?i:\/ViewBugs\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004681,rev:4,msg:'ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Tyger_Bug_Tracker'"
1846 SecRule &TX:'/SQL_INJECTION.*ARGS:s/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1848 # (sid 2005237) ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid
1849 SecRule REQUEST_URI_RAW "(?i:\/banner\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005237,rev:4,msg:'ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_UDS'"
1850 SecRule &TX:'/SQL_INJECTION.*ARGS:bid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1852 # (sid 2006890) ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci
1853 SecRule REQUEST_URI_RAW "(?i:\/slideshow\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006890,rev:4,msg:'ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Uapplication'"
1854 SecRule &TX:'/SQL_INJECTION.*ARGS:ci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1856 # (sid 2006896) ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci
1857 SecRule REQUEST_URI_RAW "(?i:\/thumbnails\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006896,rev:4,msg:'ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Uapplication'"
1858 SecRule &TX:'/SQL_INJECTION.*ARGS:ci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1860 # (sid 2005007) ET WEB_SPECIFIC Ublog Reload SQL Injection Attempt -- badword.asp
1861 SecRule REQUEST_URI_RAW "(?i:\/badword\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005007,rev:4,msg:'ET WEB_SPECIFIC Ublog Reload SQL Injection Attempt -- badword.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ublog'"
1862 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1864 # (sid 2007203) ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat
1865 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007203,rev:3,msg:'ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ultimate_Survey'"
1866 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1868 # (sid 2007209) ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did
1869 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007209,rev:3,msg:'ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ultimate_Survey'"
1870 SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1872 # (sid 2005673) ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname
1873 SecRule REQUEST_URI_RAW "(?i:\/shopgiftregsearch\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005673,rev:4,msg:'ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_VP-ASP'"
1874 SecRule &TX:'/SQL_INJECTION.*ARGS:LoginLastname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1876 # (sid 2006607) ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user
1877 SecRule REQUEST_URI_RAW "(?i:\/vf_memberdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006607,rev:4,msg:'ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_VT_Forum'"
1878 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1880 # (sid 2006283) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod
1881 SecRule REQUEST_URI_RAW "(?i:\/repass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006283,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
1882 SecRule &TX:'/SQL_INJECTION.*ARGS:nick_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1884 # (sid 2006289) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick
1885 SecRule REQUEST_URI_RAW "(?i:\/repass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006289,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
1886 SecRule &TX:'/SQL_INJECTION.*ARGS:nick/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1888 # (sid 2006295) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick
1889 SecRule REQUEST_URI_RAW "(?i:\/verify\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006295,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
1890 SecRule &TX:'/SQL_INJECTION.*ARGS:nick/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1892 # (sid 2006301) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod
1893 SecRule REQUEST_URI_RAW "(?i:\/verify\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006301,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
1894 SecRule &TX:'/SQL_INJECTION.*ARGS:nick_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1896 # (sid 2005497) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid
1897 SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005497,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
1898 SecRule &TX:'/SQL_INJECTION.*ARGS:Itemid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1900 # (sid 2005503) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id
1901 SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005503,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
1902 SecRule &TX:'/SQL_INJECTION.*ARGS:product_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1904 # (sid 2005509) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id
1905 SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005509,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
1906 SecRule &TX:'/SQL_INJECTION.*ARGS:category_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1908 # (sid 2003997) ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id
1909 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003997,rev:4,msg:'ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vizayn'"
1910 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1912 # (sid 2005893) ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id
1913 SecRule REQUEST_URI_RAW "(?i:\/haberdetay\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005893,rev:4,msg:'ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vizayn'"
1914 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1916 # (sid 2007420) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat
1917 SecRule REQUEST_URI_RAW "(?i:\/cat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007420,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1918 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1920 # (sid 2007426) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword
1921 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007426,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1922 SecRule &TX:'/SQL_INJECTION.*ARGS:keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1924 # (sid 2007432) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order
1925 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007432,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1926 SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1928 # (sid 2007438) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort
1929 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007438,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1930 SecRule &TX:'/SQL_INJECTION.*ARGS:sort/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1932 # (sid 2007444) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect
1933 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007444,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1934 SecRule &TX:'/SQL_INJECTION.*ARGS:menuSelect/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1936 # (sid 2007450) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state
1937 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007450,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1938 SecRule &TX:'/SQL_INJECTION.*ARGS:state/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1940 # (sid 2004132) ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum
1941 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004132,rev:4,msg:'ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W-Agora'"
1942 SecRule &TX:'/SQL_INJECTION.*ARGS:search_forum/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1944 # (sid 2004138) ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user
1945 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004138,rev:4,msg:'ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W-Agora'"
1946 SecRule &TX:'/SQL_INJECTION.*ARGS:search_user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1948 # (sid 2004651) ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id
1949 SecRule REQUEST_URI_RAW "(?i:\/urunbak\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004651,rev:4,msg:'ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W1L3D4_WEBmarlet'"
1950 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1952 # (sid 2005308) ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft
1953 SecRule REQUEST_URI_RAW "(?i:\/mailer\.w2b)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005308,rev:4,msg:'ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W2B'"
1954 SecRule &TX:'/SQL_INJECTION.*ARGS:draft/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1956 # (sid 2005190) ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay
1957 SecRule REQUEST_URI_RAW "(?i:\/DocPay\.w2b)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005190,rev:4,msg:'ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W2B'"
1958 SecRule &TX:'/SQL_INJECTION.*ARGS:listDocPay/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1960 # (sid 2004318) ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id
1961 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004318,rev:4,msg:'ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WBBlog'"
1962 SecRule &TX:'/SQL_INJECTION.*ARGS:e_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1964 # (sid 2005953) ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key
1965 SecRule REQUEST_URI_RAW "(?i:\/coupon_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005953,rev:4,msg:'ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WDFL'"
1966 SecRule &TX:'/SQL_INJECTION.*ARGS:key/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1968 # (sid 2003768) ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid
1969 SecRule REQUEST_URI_RAW "(?i:\/viewcat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003768,rev:4,msg:'ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WF-Links'"
1970 SecRule REQUEST_URI_RAW "@contains (" "chain"
1971 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1973 # (sid 2004257) ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id
1974 SecRule REQUEST_URI_RAW "(?i:\/comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004257,rev:4,msg:'ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WSN'"
1975 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1977 # (sid 2006459) ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page
1978 SecRule REQUEST_URI_RAW "(?i:\/content\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006459,rev:4,msg:'ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WSPortal'"
1979 SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1981 # (sid 2005959) ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num
1982 SecRule REQUEST_URI_RAW "(?i:\/phonemessage\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005959,rev:4,msg:'ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WYWO'"
1983 SecRule &TX:'/SQL_INJECTION.*ARGS:num/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1985 # (sid 2005965) ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode
1986 SecRule REQUEST_URI_RAW "(?i:\/faqDsp\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005965,rev:4,msg:'ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WYWO'"
1987 SecRule &TX:'/SQL_INJECTION.*ARGS:catcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1989 # (sid 2006979) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login
1990 SecRule REQUEST_URI_RAW "(?i:\/process\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006979,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
1991 SecRule &TX:'/SQL_INJECTION.*ARGS:login/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1993 # (sid 2006985) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password
1994 SecRule REQUEST_URI_RAW "(?i:\/process\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006985,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
1995 SecRule &TX:'/SQL_INJECTION.*ARGS:password/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1997 # (sid 2006991) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid
1998 SecRule REQUEST_URI_RAW "(?i:\/dlwallpaper\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006991,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
1999 SecRule &TX:'/SQL_INJECTION.*ARGS:wallpaperid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2001 # (sid 2006997) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid
2002 SecRule REQUEST_URI_RAW "(?i:\/wallpaper\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006997,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
2003 SecRule &TX:'/SQL_INJECTION.*ARGS:wallpaperid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2005 # (sid 2007074) ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID
2006 SecRule REQUEST_URI_RAW "(?i:\/item\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007074,rev:3,msg:'ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Warhound'"
2007 SecRule &TX:'/SQL_INJECTION.*ARGS:ItemID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2009 # (sid 2004758) ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid
2010 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004758,rev:4,msg:'ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebMplayer'"
2011 SecRule &TX:'/SQL_INJECTION.*ARGS:strid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2013 # (sid 2004764) ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- filecheck.php id
2014 SecRule REQUEST_URI_RAW "(?i:\/filecheck\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004764,rev:4,msg:'ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- filecheck.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebMplayer'"
2015 SecRule REQUEST_URI_RAW "@contains id[" "chain"
2016 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2018 # (sid 2004915) ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID
2019 SecRule REQUEST_URI_RAW "(?i:\/directions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004915,rev:4,msg:'ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebTester'"
2020 SecRule &TX:'/SQL_INJECTION.*ARGS:testID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2022 # (sid 2004776) ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id
2023 SecRule REQUEST_URI_RAW "(?i:\/connexion\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004776,rev:4,msg:'ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Ban'"
2024 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2026 # (sid 2004228) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- functions_filters.asp
2027 SecRule REQUEST_URI_RAW "(?i:\/functions\/functions_filters\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004228,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- functions_filters.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
2028 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2030 # (sid 2004439) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name
2031 SecRule REQUEST_URI_RAW "(?i:\/forum\/pop_up_member_search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004439,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
2032 SecRule &TX:'/SQL_INJECTION.*ARGS:name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2034 # (sid 2004239) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID
2035 SecRule REQUEST_URI_RAW "(?i:\/News\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004239,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
2036 SecRule &TX:'/SQL_INJECTION.*ARGS:NewsID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2038 # (sid 2005231) ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID
2039 SecRule REQUEST_URI_RAW "(?i:\/eWebQuiz\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005231,rev:4,msg:'ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Website_Baker'"
2040 SecRule &TX:'/SQL_INJECTION.*ARGS:QuizID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2042 # (sid 2004144) ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order
2043 SecRule REQUEST_URI_RAW "(?i:\/check_vote\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004144,rev:4,msg:'ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Weekly_Drawing'"
2044 SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2046 # (sid 2004251) ET WEB_SPECIFIC Woltlab Burning Board SQL Injection Attempt -- usergroups.php
2047 SecRule REQUEST_URI_RAW "(?i:\/usergroups\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004251,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board SQL Injection Attempt -- usergroups.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2048 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2050 # (sid 2005001) ET WEB_SPECIFIC Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid
2051 SecRule REQUEST_URI_RAW "(?i:\/pms\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005001,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2052 SecRule REQUEST_URI_RAW "@contains pmid[" "chain"
2053 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2055 # (sid 2005284) ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids
2056 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005284,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2057 SecRule REQUEST_URI_RAW "@contains boardids[" "chain"
2058 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2060 # (sid 2005290) ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board
2061 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005290,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2062 SecRule REQUEST_URI_RAW "@contains board[" "chain"
2063 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2065 # (sid 2006925) ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit
2066 SecRule REQUEST_URI_RAW "(?i:\/thread\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006925,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2067 SecRule &TX:'/SQL_INJECTION.*ARGS:threadvisit/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2069 # (sid 2004015) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie
2070 SecRule REQUEST_URI_RAW "(?i:\/wp\-admin\/admin\-ajax\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004015,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2071 SecRule &TX:'/SQL_INJECTION.*ARGS:cookie/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2073 # (sid 2004407) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-functions.php
2074 SecRule REQUEST_URI_RAW "(?i:\/wp\-admin\/admin\-functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004407,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-functions.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2075 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2077 # (sid 2004658) ET WEB_SPECIFIC Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php
2078 SecRule REQUEST_URI_RAW "(?i:\/xmlrpc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004658,rev:4,msg:'ET WEB_SPECIFIC Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2079 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2081 # (sid 2005661) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php
2082 SecRule REQUEST_URI_RAW "(?i:\/wp\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005661,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2083 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2085 # (sid 2005869) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php
2086 SecRule REQUEST_URI_RAW "(?i:\/wp\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005869,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2087 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2089 # (sid 2004347) ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id
2090 SecRule REQUEST_URI_RAW "(?i:\/devami\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004347,rev:4,msg:'ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-Ice_News'"
2091 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2093 # (sid 2005121) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id
2094 SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005121,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
2095 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2097 # (sid 2005127) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from
2098 SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005127,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
2099 SecRule &TX:'/SQL_INJECTION.*ARGS:from/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2101 # (sid 2005133) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q
2102 SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005133,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
2103 SecRule &TX:'/SQL_INJECTION.*ARGS:q/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2105 # (sid 2004861) ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album
2106 SecRule REQUEST_URI_RAW "(?i:\/view\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004861,rev:4,msg:'ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_XLAtunes'"
2107 SecRule &TX:'/SQL_INJECTION.*ARGS:album/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2109 # (sid 2005382) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id
2110 SecRule REQUEST_URI_RAW "(?i:\/kernel\/group\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005382,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
2111 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2113 # (sid 2005388) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid
2114 SecRule REQUEST_URI_RAW "(?i:\/class\/table_broken\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005388,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
2115 SecRule &TX:'/SQL_INJECTION.*ARGS:lid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2117 # (sid 2006490) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id
2118 SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006490,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
2119 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2121 # (sid 2006217) ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news
2122 SecRule REQUEST_URI_RAW "(?i:\/show_news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006217,rev:4,msg:'ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xt-News'"
2123 SecRule &TX:'/SQL_INJECTION.*ARGS:id_news/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2125 # (sid 2005613) ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder
2126 SecRule REQUEST_URI_RAW "(?i:\/displaypic\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005613,rev:4,msg:'ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xtreme'"
2127 SecRule &TX:'/SQL_INJECTION.*ARGS:sortorder/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2129 # (sid 2004807) ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id
2130 SecRule REQUEST_URI_RAW "(?i:\/functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004807,rev:4,msg:'ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ZephyrSoft'"
2131 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2133 # (sid 2005196) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id
2134 SecRule REQUEST_URI_RAW "(?i:\/mezungiris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005196,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
2135 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2137 # (sid 2005202) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass
2138 SecRule REQUEST_URI_RAW "(?i:\/mezungiris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005202,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
2139 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2141 # (sid 2005208) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass
2142 SecRule REQUEST_URI_RAW "(?i:\/ogretmenkontrol\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005208,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
2143 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2145 # (sid 2005214) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id
2146 SecRule REQUEST_URI_RAW "(?i:\/ogretmenkontrol\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005214,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
2147 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2149 # (sid 2003985) ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler
2150 SecRule REQUEST_URI_RAW "(?i:\/plugins\/mp3playlist\/mp3playlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003985,rev:4,msg:'ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zomplog'"
2151 SecRule &TX:'/SQL_INJECTION.*ARGS:speler/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2153 # (sid 2005983) ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode
2154 SecRule REQUEST_URI_RAW "(?i:\/faqDsp\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005983,rev:4,msg:'ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_aFAQ'"
2155 SecRule &TX:'/SQL_INJECTION.*ARGS:catcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2157 # (sid 2005328) ET WEB_SPECIFIC bbPress SQL Injection Attempt -- formatting-functions.php
2158 SecRule REQUEST_URI_RAW "(?i:\/bb\-includes\/formatting\-functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005328,rev:4,msg:'ET WEB_SPECIFIC bbPress SQL Injection Attempt -- formatting-functions.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_bbPress'"
2159 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2161 # (sid 2005770) ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk
2162 SecRule REQUEST_URI_RAW "(?i:\/newsletters\/edition\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005770,rev:4,msg:'ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_bitweaver'"
2163 SecRule &TX:'/SQL_INJECTION.*ARGS:tk/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2165 # (sid 2006175) ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse
2166 SecRule REQUEST_URI_RAW "(?i:\/SelGruFra\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006175,rev:4,msg:'ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_chatwm'"
2167 SecRule &TX:'/SQL_INJECTION.*ARGS:txtUse/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2169 # (sid 2006181) ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas
2170 SecRule REQUEST_URI_RAW "(?i:\/SelGruFra\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006181,rev:4,msg:'ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_chatwm'"
2171 SecRule &TX:'/SQL_INJECTION.*ARGS:txtPas/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2173 # (sid 2004057) ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category
2174 SecRule REQUEST_URI_RAW "(?i:\/category\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004057,rev:4,msg:'ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_cpCommerce'"
2175 SecRule &TX:'/SQL_INJECTION.*ARGS:id_category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2177 # (sid 2004105) ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer
2178 SecRule REQUEST_URI_RAW "(?i:\/manufacturer\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004105,rev:4,msg:'ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_cpCommerce'"
2179 SecRule &TX:'/SQL_INJECTION.*ARGS:id_manufacturer/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2181 # (sid 2005037) ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id
2182 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005037,rev:4,msg:'ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dB_Masters'"
2183 SecRule &TX:'/SQL_INJECTION.*ARGS:c_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2185 # (sid 2006955) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id
2186 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006955,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
2187 SecRule &TX:'/SQL_INJECTION.*ARGS:seite_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2189 # (sid 2006961) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id
2190 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006961,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
2191 SecRule &TX:'/SQL_INJECTION.*ARGS:gruppe_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2193 # (sid 2006967) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target
2194 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006967,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
2195 SecRule &TX:'/SQL_INJECTION.*ARGS:go_target/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2197 # (sid 2006619) ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc
2198 SecRule REQUEST_URI_RAW "(?i:\/dettaglio\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006619,rev:4,msg:'ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dol_storye'"
2199 SecRule &TX:'/SQL_INJECTION.*ARGS:id_doc/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2201 # (sid 2006625) ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut
2202 SecRule REQUEST_URI_RAW "(?i:\/dettaglio\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006625,rev:4,msg:'ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dol_storye'"
2203 SecRule &TX:'/SQL_INJECTION.*ARGS:id_aut/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2205 # (sid 2005929) ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did
2206 SecRule REQUEST_URI_RAW "(?i:\/mod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005929,rev:4,msg:'ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_eNdonesia'"
2207 SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2209 # (sid 2005935) ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid
2210 SecRule REQUEST_URI_RAW "(?i:\/mod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005935,rev:4,msg:'ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_eNdonesia'"
2211 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2213 # (sid 2007378) ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which
2214 SecRule REQUEST_URI_RAW "(?i:\/index1\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007378,rev:3,msg:'ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
2215 SecRule &TX:'/SQL_INJECTION.*ARGS:which/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2217 # (sid 2007384) ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat
2218 SecRule REQUEST_URI_RAW "(?i:\/default2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007384,rev:3,msg:'ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
2219 SecRule &TX:'/SQL_INJECTION.*ARGS:kat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2221 # (sid 2007390) ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid
2222 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007390,rev:3,msg:'ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
2223 SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2225 # (sid 2004112) ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid
2226 SecRule REQUEST_URI_RAW "(?i:\/getnewsitem\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004112,rev:4,msg:'ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_gCards'"
2227 SecRule &TX:'/SQL_INJECTION.*ARGS:newsid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2229 # (sid 2005809) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id
2230 SecRule REQUEST_URI_RAW "(?i:\/display_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005809,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
2231 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2233 # (sid 2005815) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie
2234 SecRule REQUEST_URI_RAW "(?i:\/display_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005815,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
2235 SecRule &TX:'/SQL_INJECTION.*ARGS:user_login_cookie/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2237 # (sid 2005821) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id
2238 SecRule REQUEST_URI_RAW "(?i:\/compare_product\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005821,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
2239 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2241 # (sid 2005827) ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id
2242 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005827,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
2243 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2245 # (sid 2006613) ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D
2246 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006613,rev:4,msg:'ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iWare_Pro'"
2247 SecRule &TX:'/SQL_INJECTION.*ARGS:D/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2249 # (sid 2004844) ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor
2250 SecRule REQUEST_URI_RAW "(?i:\/install\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004844,rev:4,msg:'ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_mcRefer'"
2251 SecRule &TX:'/SQL_INJECTION.*ARGS:bgcolor/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2253 # (sid 2004472) ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id
2254 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004472,rev:4,msg:'ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_myBloggie'"
2255 SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2257 # (sid 2004478) ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year
2258 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004478,rev:4,msg:'ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_myBloggie'"
2259 SecRule &TX:'/SQL_INJECTION.*ARGS:year/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2261 # (sid 2004009) ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id
2262 SecRule REQUEST_URI_RAW "(?i:\/read\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004009,rev:4,msg:'ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_olboolmarks'"
2263 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2265 # (sid 2004903) ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid
2266 SecRule REQUEST_URI_RAW "(?i:\/nickpage\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004903,rev:4,msg:'ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpCC'"
2267 SecRule &TX:'/SQL_INJECTION.*ARGS:npid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2269 # (sid 2004174) ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id
2270 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004174,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2271 SecRule &TX:'/SQL_INJECTION.*ARGS:image_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2273 # (sid 2004180) ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id
2274 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004180,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2275 SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2277 # (sid 2004186) ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id
2278 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004186,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2279 SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2281 # (sid 2004192) ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id
2282 SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004192,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2283 SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2285 # (sid 2004198) ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id
2286 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004198,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2287 SecRule &TX:'/SQL_INJECTION.*ARGS:news_cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2289 # (sid 2004204) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id
2290 SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004204,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2291 SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2293 # (sid 2004210) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id
2294 SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004210,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2295 SecRule &TX:'/SQL_INJECTION.*ARGS:topic_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2297 # (sid 2004216) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id
2298 SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004216,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2299 SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2301 # (sid 2004222) ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id
2302 SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004222,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2303 SecRule &TX:'/SQL_INJECTION.*ARGS:user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2305 # (sid 2003786) ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid
2306 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003786,rev:4,msg:'ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_pnFlashGames'"
2307 SecRule REQUEST_URI_RAW "@contains (" "chain"
2308 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2310 # (sid 2005667) ET WEB_SPECIFIC uniForum SQL Injection Attempt -- wbsearch.aspx
2311 SecRule REQUEST_URI_RAW "(?i:\/wbsearch\.aspx)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005667,rev:4,msg:'ET WEB_SPECIFIC uniForum SQL Injection Attempt -- wbsearch.aspx ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_uniForm'"
2312 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2314 # (sid 2005352) ET WEB_SPECIFIC vBSupport SQL Injection Attempt -- vBSupport.php
2315 SecRule REQUEST_URI_RAW "(?i:\/vBSupport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005352,rev:4,msg:'ET WEB_SPECIFIC vBSupport SQL Injection Attempt -- vBSupport.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_vBSupport'"
2316 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2318 # (sid 2005358) ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid
2319 SecRule REQUEST_URI_RAW "(?i:\/vBSupport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005358,rev:4,msg:'ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_vSupport'"
2320 SecRule &TX:'/SQL_INJECTION.*ARGS:ticketid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2322 # (sid 2004752) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic
2323 SecRule REQUEST_URI_RAW "(?i:\/printview\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004752,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2324 SecRule &TX:'/SQL_INJECTION.*ARGS:topic/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2326 # (sid 2004885) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly
2327 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004885,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2328 SecRule &TX:'/SQL_INJECTION.*ARGS:showonly/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2330 # (sid 2005243) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID
2331 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005243,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2332 SecRule &TX:'/SQL_INJECTION.*ARGS:picID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2334 # (sid 2005249) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id
2335 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005249,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2336 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2338 # (sid 2005254) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID
2339 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005254,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2340 SecRule &TX:'/SQL_INJECTION.*ARGS:galleryID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2342 # (sid 2005162) ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id
2343 SecRule REQUEST_URI_RAW "(?i:\/xNews\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005162,rev:4,msg:'ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_xNews'"
2344 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2346 SecMarker END_ET_SQLI_RULES