projects / libapache-mod-security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Imported Upstream version 2.5.11
[libapache-mod-security.git] / rules / base_rules / modsecurity_crs_46_et_sql_injection.conf
1 SecRule REQUEST_FILENAME "!@pmFromFile modsecurity_46_et_sql_injection.data" "phase:2,nolog,pass,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,skipAfter:END_ET_SQLI_RULES"
2
3 # (sid 2007508) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID 
4 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007508,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
5 SecRule &TX:'/SQL_INJECTION.*ARGS:vehicleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
6
7 # (sid 2007514) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list 
8 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007514,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
9 SecRule &TX:'/SQL_INJECTION.*ARGS:categoryID_list/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
10
11 # (sid 2007520) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type 
12 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007520,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
13 SecRule &TX:'/SQL_INJECTION.*ARGS:sale_type/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
14
15 # (sid 2007526) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number 
16 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007526,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
17 SecRule &TX:'/SQL_INJECTION.*ARGS:stock_number/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
18
19 # (sid 2007532) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer 
20 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007532,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
21 SecRule &TX:'/SQL_INJECTION.*ARGS:manufacturer/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
22
23 # (sid 2007538) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model 
24 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007538,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
25 SecRule &TX:'/SQL_INJECTION.*ARGS:model/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
26
27 # (sid 2007544) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID 
28 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007544,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
29 SecRule &TX:'/SQL_INJECTION.*ARGS:vehicleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
30
31 # (sid 2007550) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year 
32 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007550,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
33 SecRule &TX:'/SQL_INJECTION.*ARGS:year/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
34
35 # (sid 2007556) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin 
36 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007556,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
37 SecRule &TX:'/SQL_INJECTION.*ARGS:vin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
38
39 # (sid 2007562) ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price 
40 SecRule REQUEST_URI_RAW "(?i:\/vehiclelistings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007562,rev:3,msg:'ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2020_Auto_gallery'"
41 SecRule &TX:'/SQL_INJECTION.*ARGS:listing_price/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
42
43 # (sid 2004063) ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating 
44 SecRule REQUEST_URI_RAW "(?i:\/includes\/rating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004063,rev:4,msg:'ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project'"
45 SecRule &TX:'/SQL_INJECTION.*ARGS:rating/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php rating ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
46
47 # (sid 2004075) ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id 
48 SecRule REQUEST_URI_RAW "(?i:\/includes\/rating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004075,rev:4,msg:'ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_2z_project'"
49 SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 2z Project SQL Injection Attempt -- rating.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
50
51 # (sid 2007221) ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id 
52 SecRule REQUEST_URI_RAW "(?i:\/admin\/edit\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007221,rev:3,msg:'ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_8pixel'"
53 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
54
55 # (sid 2005061) ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod 
56 SecRule REQUEST_URI_RAW "(?i:\/templates\/modif\.html)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005061,rev:4,msg:'ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ACGVannu'"
57 SecRule &TX:'/SQL_INJECTION.*ARGS:id_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ACGVannu SQL Injection Attempt -- modif.html id_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
58
59 # (sid 2005577) ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name 
60 SecRule REQUEST_URI_RAW "(?i:\/shared\/code\/cp_authorization\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005577,rev:3,msg:'ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP'"
61 SecRule &TX:'/SQL_INJECTION.*ARGS:xuser_name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
62
63 # (sid 2005583) ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did 
64 SecRule REQUEST_URI_RAW "(?i:\/public\/code\/cp_downloads\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005583,rev:3,msg:'ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AIOCP'"
65 SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
66
67 # (sid 2004533) ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id 
68 SecRule REQUEST_URI_RAW "(?i:\/subcat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004533,rev:4,msg:'ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
69 SecRule &TX:'/SQL_INJECTION.*ARGS:cate_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Auction SQL Injection Attempt -- subcat.php cate_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
70
71 # (sid 2004539) ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id 
72 SecRule REQUEST_URI_RAW "(?i:\/view_profile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004539,rev:4,msg:'ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
73 SecRule &TX:'/SQL_INJECTION.*ARGS:user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJDating SQL Injection Attempt -- view_profile.php user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
74
75 # (sid 2004545) ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid 
76 SecRule REQUEST_URI_RAW "(?i:\/postingdetails\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004545,rev:4,msg:'ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
77 SecRule &TX:'/SQL_INJECTION.*ARGS:postingid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
78
79 # (sid 2004550) ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id 
80 SecRule REQUEST_URI_RAW "(?i:\/topic_title\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004550,rev:4,msg:'ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AJ'"
81 SecRule &TX:'/SQL_INJECTION.*ARGS:td_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AJ Forum SQL Injection Attempt -- topic_title.php td_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
82
83 # (sid 2006823) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid 
84 SecRule REQUEST_URI_RAW "(?i:\/forum2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006823,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
85 SecRule &TX:'/SQL_INJECTION.*ARGS:soruid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum2.asp soruid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
86
87 # (sid 2006829) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak 
88 SecRule REQUEST_URI_RAW "(?i:\/kullanicilistesi\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006829,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
89 SecRule &TX:'/SQL_INJECTION.*ARGS:ak/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
90
91 # (sid 2006835) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler 
92 SecRule REQUEST_URI_RAW "(?i:\/aramayap\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006835,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
93 SecRule &TX:'/SQL_INJECTION.*ARGS:kelimeler/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
94
95 # (sid 2006841) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi 
96 SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006841,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
97 SecRule &TX:'/SQL_INJECTION.*ARGS:kullaniciadi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
98
99 # (sid 2006847) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno 
100 SecRule REQUEST_URI_RAW "(?i:\/mesajkutum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006847,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
101 SecRule &TX:'/SQL_INJECTION.*ARGS:mesajno/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
102
103 # (sid 2006853) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf 
104 SecRule REQUEST_URI_RAW "(?i:\/kullanicilistesi\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006853,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
105 SecRule &TX:'/SQL_INJECTION.*ARGS:harf/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
106
107 # (sid 2006859) ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik 
108 SecRule REQUEST_URI_RAW "(?i:\/forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006859,rev:3,msg:'ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASPMForum'"
109 SecRule &TX:'/SQL_INJECTION.*ARGS:baslik/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASPMForum SQL Injection Attempt -- forum.asp baslik ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
110
111 # (sid 2005109) ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username 
112 SecRule REQUEST_URI_RAW "(?i:\/artreplydelete\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005109,rev:4,msg:'ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_EDGE'"
113 SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
114
115 # (sid 2005168) ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id 
116 SecRule REQUEST_URI_RAW "(?i:\/news_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005168,rev:4,msg:'ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS'"
117 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP NEWS SQL Injection Attempt -- news_detail.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
118
119 # (sid 2005174) ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user 
120 SecRule REQUEST_URI_RAW "(?i:\/user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005174,rev:4,msg:'ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_NEWS'"
121 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP EDGE SQL Injection Attempt -- user.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
122
123 # (sid 2005887) ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro 
124 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005887,rev:4,msg:'ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_Siteware'"
125 SecRule &TX:'/SQL_INJECTION.*ARGS:iPro/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
126
127 # (sid 2007004) ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID 
128 SecRule REQUEST_URI_RAW "(?i:\/listpics\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007004,rev:3,msg:'ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ASP_listpics'"
129 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ASP ListPics SQL Injection Attempt -- listpics.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
130
131 # (sid 2004323) ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid 
132 SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004323,rev:3,msg:'ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Absolute_Image_Gallery'"
133 SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
134
135 # (sid 2007396) ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid 
136 SecRule REQUEST_URI_RAW "(?i:\/product\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007396,rev:3,msg:'ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart'"
137 SecRule &TX:'/SQL_INJECTION.*ARGS:productid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
138
139 # (sid 2007402) ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search 
140 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007402,rev:3,msg:'ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Acart'"
141 SecRule &TX:'/SQL_INJECTION.*ARGS:search/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
142
143 # (sid 2007480) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID 
144 SecRule REQUEST_URI_RAW "(?i:\/activenews_view\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007480,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
145 SecRule &TX:'/SQL_INJECTION.*ARGS:articleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
146
147 # (sid 2007485) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page 
148 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007485,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
149 SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- default.asp page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
150
151 # (sid 2007491) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID 
152 SecRule REQUEST_URI_RAW "(?i:\/activeNews_categories\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007491,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
153 SecRule &TX:'/SQL_INJECTION.*ARGS:catID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
154
155 # (sid 2007497) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID 
156 SecRule REQUEST_URI_RAW "(?i:\/activeNews_comments\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007497,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
157 SecRule &TX:'/SQL_INJECTION.*ARGS:articleID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
158
159 # (sid 2007503) ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query 
160 SecRule REQUEST_URI_RAW "(?i:\/activenews_search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007503,rev:3,msg:'ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ActiveNews'"
161 SecRule &TX:'/SQL_INJECTION.*ARGS:query/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
162
163 # (sid 2004891) ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id 
164 SecRule REQUEST_URI_RAW "(?i:\/HaberDetay\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004891,rev:4,msg:'ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script'"
165 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
166
167 # (sid 2004897) ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid 
168 SecRule REQUEST_URI_RAW "(?i:\/rss\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004897,rev:4,msg:'ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aktueldownload_Haber_script'"
169 SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
170
171 # (sid 2005776) ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang 
172 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005776,rev:4,msg:'ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alex_Guestbook'"
173 SecRule &TX:'/SQL_INJECTION.*ARGS:lang/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC @lex Guestbook SQL Injection Attempt -- index.php lang ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
174
175 # (sid 2004021) ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack 
176 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004021,rev:4,msg:'ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Alstrasoft'"
177 SecRule &TX:'/SQL_INJECTION.*ARGS:pack/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AlstraSoft E-Friends SQL Injection Attempt -- index.php pack ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
178
179 # (sid 2004721) ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id 
180 SecRule REQUEST_URI_RAW "(?i:\/section\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004721,rev:4,msg:'ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Angel_Learning_Mgmt'"
181 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
182
183 # (sid 2006565) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id 
184 SecRule REQUEST_URI_RAW "(?i:\/email\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006565,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
185 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- email.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
186
187 # (sid 2006571) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no 
188 SecRule REQUEST_URI_RAW "(?i:\/voirannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006571,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
189 SecRule &TX:'/SQL_INJECTION.*ARGS:no/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
190
191 # (sid 2006577) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre 
192 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_membre\/fiche_membre\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006577,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
193 SecRule &TX:'/SQL_INJECTION.*ARGS:idmembre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
194
195 # (sid 2006583) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce 
196 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_annonce\/okvalannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006583,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
197 SecRule &TX:'/SQL_INJECTION.*ARGS:idannonce/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
198
199 # (sid 2006589) ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce 
200 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_annonce\/changeannonce\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006589,rev:3,msg:'ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_AnnounceScriptHP'"
201 SecRule &TX:'/SQL_INJECTION.*ARGS:idannonce/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
202
203 # (sid 2006787) ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici 
204 SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006787,rev:3,msg:'ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee'"
205 SecRule &TX:'/SQL_INJECTION.*ARGS:kullanici/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
206
207 # (sid 2006793) ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola 
208 SecRule REQUEST_URI_RAW "(?i:\/giris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006793,rev:3,msg:'ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Aspee'"
209 SecRule &TX:'/SQL_INJECTION.*ARGS:parola/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
210
211 # (sid 2004728) ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID 
212 SecRule REQUEST_URI_RAW "(?i:\/system\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004728,rev:4,msg:'ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Audins'"
213 SecRule &TX:'/SQL_INJECTION.*ARGS:PHPSESSID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
214
215 # (sid 2007456) ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob 
216 SecRule REQUEST_URI_RAW "(?i:\/publications_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007456,rev:3,msg:'ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech'"
217 SecRule &TX:'/SQL_INJECTION.*ARGS:vjob/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
218
219 # (sid 2007462) ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID 
220 SecRule REQUEST_URI_RAW "(?i:\/publication_view\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007462,rev:3,msg:'ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BPG_Infotech'"
221 SecRule &TX:'/SQL_INJECTION.*ARGS:InfoID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
222
223 # (sid 2004335) ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout 
224 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004335,rev:4,msg:'ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BP_Blog'"
225 SecRule &TX:'/SQL_INJECTION.*ARGS:layout/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BP Blog SQL Injection Attempt -- default.asp layout ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
226
227 # (sid 2007215) ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id 
228 SecRule REQUEST_URI_RAW "(?i:\/edit\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007215,rev:3,msg:'ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Basicforum'"
229 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BasicForum SQL Injection Attempt -- edit.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
230
231 # (sid 2006337) ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php 
232 SecRule REQUEST_URI_RAW "(?i:\/bt\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006337,rev:4,msg:'ET WEB_SPECIFIC Bluetrait SQL Injection Attempt -- bt-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bluetrait'"
233 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
234
235 # (sid 2004832) ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd 
236 SecRule REQUEST_URI_RAW "(?i:\/admin\/config\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004832,rev:4,msg:'ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Bookmark4U'"
237 SecRule &TX:'/SQL_INJECTION.*ARGS:sqlcmd/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Bookmark4U SQL Injection Attempt -- config.php sqlcmd ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
238
239 # (sid 2004027) ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style 
240 SecRule REQUEST_URI_RAW "(?i:\/account_change\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004027,rev:4,msg:'ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker'"
241 SecRule &TX:'/SQL_INJECTION.*ARGS:style/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php style ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
242
243 # (sid 2004033) ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue 
244 SecRule REQUEST_URI_RAW "(?i:\/account_change\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004033,rev:4,msg:'ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtiTracker'"
245 SecRule &TX:'/SQL_INJECTION.*ARGS:langue/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtiTracker SQL Injection Attempt -- account_change.php langue ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
246
247 # (sid 2004989) ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by 
248 SecRule REQUEST_URI_RAW "(?i:\/torrents\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004989,rev:4,msg:'ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker'"
249 SecRule &TX:'/SQL_INJECTION.*ARGS:by/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php by ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
250
251 # (sid 2004995) ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order 
252 SecRule REQUEST_URI_RAW "(?i:\/torrents\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004995,rev:4,msg:'ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_BtitTracker'"
253 SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC BtitTracker SQL Injection Attempt -- torrents.php order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
254
255 # (sid 2003780) ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id 
256 SecRule REQUEST_URI_RAW "(?i:\/bry\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003780,rev:4,msg:'ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
257 SecRule REQUEST_URI_RAW "@contains (" "chain"
258 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
259
260 # (sid 2006253) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid 
261 SecRule REQUEST_URI_RAW "(?i:\/HABERLER\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006253,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
262 SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
263
264 # (sid 2006259) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id 
265 SecRule REQUEST_URI_RAW "(?i:\/HABERLER\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006259,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
266 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
267
268 # (sid 2006265) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id 
269 SecRule REQUEST_URI_RAW "(?i:\/ASPKAT\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006265,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
270 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
271
272 # (sid 2006271) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid 
273 SecRule REQUEST_URI_RAW "(?i:\/ASPKAT\.ASP)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006271,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
274 SecRule &TX:'/SQL_INJECTION.*ARGS:kid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
275
276 # (sid 2006277) ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id 
277 SecRule REQUEST_URI_RAW "(?i:\/down\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006277,rev:4,msg:'ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Burak'"
278 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
279
280 # (sid 2003797) ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid 
281 SecRule REQUEST_URI_RAW "(?i:\/stylesheet\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003797,rev:5,msg:'ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CMS_Made_Simple'"
282 SecRule REQUEST_URI_RAW "@contains (" "chain"
283 SecRule &TX:'/SQL_INJECTION.*ARGS:templateid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
284
285 # (sid 2006169) ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID 
286 SecRule REQUEST_URI_RAW "(?i:\/calendar_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006169,rev:4,msg:'ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX'"
287 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
288
289 # (sid 2006187) ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID 
290 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_mail_adressee\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006187,rev:4,msg:'ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Calendar_MX'"
291 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
292
293 # (sid 2007468) ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy 
294 SecRule REQUEST_URI_RAW "(?i:\/openPolicy\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007468,rev:3,msg:'ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress'"
295 SecRule &TX:'/SQL_INJECTION.*ARGS:policy/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
296
297 # (sid 2007474) ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand 
298 SecRule REQUEST_URI_RAW "(?i:\/prodList\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007474,rev:3,msg:'ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CandyPress'"
299 SecRule &TX:'/SQL_INJECTION.*ARGS:brand/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CandyPress Store SQL Injection Attempt -- prodList.asp brand ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
300
301 # (sid 2007227) ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date 
302 SecRule REQUEST_URI_RAW "(?i:\/displayCalendar\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007227,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
303 SecRule &TX:'/SQL_INJECTION.*ARGS:date/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
304
305 # (sid 2007233) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage 
306 SecRule REQUEST_URI_RAW "(?i:\/view_gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007233,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
307 SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
308
309 # (sid 2007239) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id 
310 SecRule REQUEST_URI_RAW "(?i:\/view_gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007239,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
311 SecRule &TX:'/SQL_INJECTION.*ARGS:gallery_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
312
313 # (sid 2007245) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id 
314 SecRule REQUEST_URI_RAW "(?i:\/download_image\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007245,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
315 SecRule &TX:'/SQL_INJECTION.*ARGS:image_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
316
317 # (sid 2007251) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage 
318 SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007251,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
319 SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
320
321 # (sid 2007257) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby 
322 SecRule REQUEST_URI_RAW "(?i:\/gallery\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007257,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
323 SecRule &TX:'/SQL_INJECTION.*ARGS:orderby/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
324
325 # (sid 2007263) ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage 
326 SecRule REQUEST_URI_RAW "(?i:\/view_recent\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007263,rev:3,msg:'ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
327 SecRule &TX:'/SQL_INJECTION.*ARGS:currentpage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
328
329 # (sid 2007269) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort 
330 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007269,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
331 SecRule &TX:'/SQL_INJECTION.*ARGS:AlphaSort/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
332
333 # (sid 2007275) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In 
334 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007275,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
335 SecRule &TX:'/SQL_INJECTION.*ARGS:In/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp In ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
336
337 # (sid 2007281) ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby 
338 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007281,rev:3,msg:'ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Clicktech'"
339 SecRule &TX:'/SQL_INJECTION.*ARGS:orderby/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
340
341 # (sid 2004879) ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID 
342 SecRule REQUEST_URI_RAW "(?i:\/inc_listnews\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004879,rev:4,msg:'ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CodeAvalance'"
343 SecRule &TX:'/SQL_INJECTION.*ARGS:CAT_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
344
345 # (sid 2006508) ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct 
346 SecRule REQUEST_URI_RAW "(?i:\/comersus_optReviewReadExec\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006508,rev:4,msg:'ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Comersus'"
347 SecRule &TX:'/SQL_INJECTION.*ARGS:idProduct/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
348
349 # (sid 2004639) ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi 
350 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004639,rev:4,msg:'ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ComicSense_Portal'"
351 SecRule &TX:'/SQL_INJECTION.*ARGS:epi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Comicsense SQL Injection Attempt -- index.php epi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
352
353 # (sid 2004709) ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage 
354 SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004709,rev:4,msg:'ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal'"
355 SecRule &TX:'/SQL_INJECTION.*ARGS:uploadimage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- admin.php uploadimage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
356
357 # (sid 2004715) ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin 
358 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004715,rev:4,msg:'ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Connectix_Portal'"
359 SecRule &TX:'/SQL_INJECTION.*ARGS:p_skin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Connectix Boards SQL Injection Attempt -- index.php p_skin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
360
361 # (sid 2007340) ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid 
362 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007340,rev:3,msg:'ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ContentNow'"
363 SecRule &TX:'/SQL_INJECTION.*ARGS:pageid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ContentNow SQL Injection Attempt -- index.php pageid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
364
365 # (sid 2006307) ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id 
366 SecRule REQUEST_URI_RAW "(?i:\/haber\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006307,rev:4,msg:'ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Contra_Haber'"
367 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
368
369 # (sid 2004813) ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav 
370 SecRule REQUEST_URI_RAW "(?i:\/thumbnails\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004813,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
371 SecRule &TX:'/SQL_INJECTION.*ARGS:cpg131_fav/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
372
373 # (sid 2005845) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat 
374 SecRule REQUEST_URI_RAW "(?i:\/albmgr\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005845,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
375 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
376
377 # (sid 2005851) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid 
378 SecRule REQUEST_URI_RAW "(?i:\/usermgr\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005851,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
379 SecRule &TX:'/SQL_INJECTION.*ARGS:gid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
380
381 # (sid 2005857) ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start 
382 SecRule REQUEST_URI_RAW "(?i:\/db_ecard\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005857,rev:4,msg:'ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Coppermine_Photo_Gallery'"
383 SecRule &TX:'/SQL_INJECTION.*ARGS:start/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
384
385 # (sid 2003756) ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id 
386 SecRule REQUEST_URI_RAW "(?i:\/error\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003756,rev:4,msg:'ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Creascripts'"
387 SecRule REQUEST_URI_RAW "@contains (" "chain"
388 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
389
390 # (sid 2005863) ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid 
391 SecRule REQUEST_URI_RAW "(?i:\/cats\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005863,rev:4,msg:'ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CreateAuction'"
392 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC CreateAuction SQL Injection Attempt -- cats.asp catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
393
394 # (sid 2004039) ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php 
395 SecRule REQUEST_URI_RAW "(?i:\/cart\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004039,rev:4,msg:'ET WEB_SPECIFIC CubeCart SQL Injection Attempt -- cart.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_CubeCart'"
396 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
397
398 # (sid 2004087) ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid 
399 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004087,rev:4,msg:'ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews'"
400 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
401
402 # (sid 2004460) ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid 
403 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004460,rev:4,msg:'ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DGNews'"
404 SecRule &TX:'/SQL_INJECTION.*ARGS:newsid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DGNews SQL Injection Attempt -- news.php newsid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
405
406 # (sid 2004687) ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid 
407 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004687,rev:4,msg:'ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
408 SecRule &TX:'/SQL_INJECTION.*ARGS:mid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
409
410 # (sid 2006085) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp 
411 SecRule REQUEST_URI_RAW "(?i:\/set_preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006085,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
412 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
413
414 # (sid 2006091) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp 
415 SecRule REQUEST_URI_RAW "(?i:\/send_password_preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006091,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
416 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
417
418 # (sid 2006097) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp 
419 SecRule REQUEST_URI_RAW "(?i:\/SecureLoginManager\/list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006097,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- list.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
420 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
421
422 # (sid 2006103) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent 
423 SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006103,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
424 SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
425
426 # (sid 2006109) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent 
427 SecRule REQUEST_URI_RAW "(?i:\/content\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006109,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
428 SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
429
430 # (sid 2006115) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent 
431 SecRule REQUEST_URI_RAW "(?i:\/members\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006115,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
432 SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
433
434 # (sid 2006121) ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent 
435 SecRule REQUEST_URI_RAW "(?i:\/applications\/SecureLoginManager\/inc_secureloginmanager\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006121,rev:4,msg:'ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DMXReady'"
436 SecRule &TX:'/SQL_INJECTION.*ARGS:sent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
437
438 # (sid 2005899) ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum 
439 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005899,rev:4,msg:'ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_DQOS'"
440 SecRule &TX:'/SQL_INJECTION.*ARGS:ordernum/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
441
442 # (sid 2004838) ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id 
443 SecRule REQUEST_URI_RAW "(?i:\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004838,rev:4,msg:'ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Design4Online'"
444 SecRule &TX:'/SQL_INJECTION.*ARGS:art_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
445
446 # (sid 2005595) ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id 
447 SecRule REQUEST_URI_RAW "(?i:\/visu_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005595,rev:4,msg:'ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digiappz'"
448 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
449
450 # (sid 2005839) ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id 
451 SecRule REQUEST_URI_RAW "(?i:\/info_book\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005839,rev:4,msg:'ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Digirez'"
452 SecRule &TX:'/SQL_INJECTION.*ARGS:book_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Digirez SQL Injection Attempt -- info_book.asp book_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
453
454 # (sid 2004051) ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen 
455 SecRule REQUEST_URI_RAW "(?i:\/tracking\/courseLog\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004051,rev:4,msg:'ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos'"
456 SecRule &TX:'/SQL_INJECTION.*ARGS:scormcontopen/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
457
458 # (sid 2004069) ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course 
459 SecRule REQUEST_URI_RAW "(?i:\/main\/auth\/my_progress\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004069,rev:4,msg:'ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dokeos'"
460 SecRule &TX:'/SQL_INJECTION.*ARGS:course/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dokeos SQL Injection Attempt -- my_progress.php course ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
461
462 # (sid 2006145) ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID 
463 SecRule REQUEST_URI_RAW "(?i:\/bus_details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006145,rev:4,msg:'ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Dragon_Business_Dir'"
464 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
465
466 # (sid 2004389) ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id 
467 SecRule REQUEST_URI_RAW "(?i:\/goster\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004389,rev:4,msg:'ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duruyu'"
468 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
469
470 # (sid 2006691) ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile 
471 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006691,rev:4,msg:'ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
472 SecRule &TX:'/SQL_INJECTION.*ARGS:iFile/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp iFile ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
473
474 # (sid 2006698) ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action 
475 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006698,rev:4,msg:'ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
476 SecRule &TX:'/SQL_INJECTION.*ARGS:action/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUdownload SQL Injection Attempt -- detail.asp action ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
477
478 # (sid 2006704) ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType 
479 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006704,rev:4,msg:'ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
480 SecRule &TX:'/SQL_INJECTION.*ARGS:iType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DUware DUpaypal SQL Injection Attempt -- detail.asp iType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
481
482 # (sid 2006710) ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity 
483 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006710,rev:4,msg:'ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
484 SecRule &TX:'/SQL_INJECTION.*ARGS:iCity/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
485
486 # (sid 2006716) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews 
487 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006716,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
488 SecRule &TX:'/SQL_INJECTION.*ARGS:iNews/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iNews ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
489
490 # (sid 2006722) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType 
491 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006722,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
492 SecRule &TX:'/SQL_INJECTION.*ARGS:iType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp iType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
493
494 # (sid 2006728) ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action 
495 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006728,rev:4,msg:'ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Duware'"
496 SecRule &TX:'/SQL_INJECTION.*ARGS:Action/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC DuWare DuNews SQL Injection Attempt -- detail.asp Action ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
497
498 # (sid 2003774) ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a 
499 SecRule REQUEST_URI_RAW "(?i:\/home\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003774,rev:4,msg:'ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_E-Annu'"
500 SecRule REQUEST_URI_RAW "@contains (" "chain"
501 SecRule &TX:'/SQL_INJECTION.*ARGS:a/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC E-Annu SQL Injection Attempt -- home.php a ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
502
503 # (sid 2004628) ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank 
504 SecRule REQUEST_URI_RAW "(?i:\/listmembers\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004628,rev:4,msg:'ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EQdkp'"
505 SecRule &TX:'/SQL_INJECTION.*ARGS:rank/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EQdkp SQL Injection Attempt -- listmembers.php rank ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
506
507 # (sid 2005272) ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword 
508 SecRule REQUEST_URI_RAW "(?i:\/admin\/memberlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005272,rev:4,msg:'ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay'"
509 SecRule &TX:'/SQL_INJECTION.*ARGS:keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
510
511 # (sid 2005278) ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row 
512 SecRule REQUEST_URI_RAW "(?i:\/admin\/memberlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005278,rev:4,msg:'ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Easebay'"
513 SecRule &TX:'/SQL_INJECTION.*ARGS:init_row/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
514
515 # (sid 2005043) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i 
516 SecRule REQUEST_URI_RAW "(?i:\/add_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005043,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
517 SecRule &TX:'/SQL_INJECTION.*ARGS:i/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php i ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
518
519 # (sid 2005049) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id 
520 SecRule REQUEST_URI_RAW "(?i:\/add_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005049,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
521 SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- add_comment.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
522
523 # (sid 2005055) ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i 
524 SecRule REQUEST_URI_RAW "(?i:\/list_comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005055,rev:4,msg:'ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyMoblog'"
525 SecRule &TX:'/SQL_INJECTION.*ARGS:i/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyMoblog SQL Injection Attempt -- list_comments.php i ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
526
527 # (sid 2006558) ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId 
528 SecRule REQUEST_URI_RAW "(?i:\/sptrees\/default\.aspx)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006558,rev:3,msg:'ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EasyPage'"
529 SecRule &TX:'/SQL_INJECTION.*ARGS:docId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC EasyPage SQL Injection Attempt -- default.aspx docId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
530
531 # (sid 2005091) ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid 
532 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005091,rev:4,msg:'ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eclectic_Designs'"
533 SecRule &TX:'/SQL_INJECTION.*ARGS:qid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
534
535 # (sid 2005115) ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid 
536 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005115,rev:4,msg:'ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eclectic_Designs'"
537 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
538
539 # (sid 2005989) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup 
540 SecRule REQUEST_URI_RAW "(?i:\/admin\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005989,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
541 SecRule &TX:'/SQL_INJECTION.*ARGS:grup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp grup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
542
543 # (sid 2005995) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id 
544 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005995,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
545 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
546
547 # (sid 2006001) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id 
548 SecRule REQUEST_URI_RAW "(?i:\/admin\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006001,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
549 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- admin.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
550
551 # (sid 2006163) ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup 
552 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006163,rev:4,msg:'ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Efkan'"
553 SecRule &TX:'/SQL_INJECTION.*ARGS:grup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Efkan Forum SQL Injection Attempt -- default.asp grup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
554
555 # (sid 2006453) ET WEB_SPECIFIC Elxis CMS SQL Injection Attempt -- mod_banners.php 
556 SecRule REQUEST_URI_RAW "(?i:\/mod_banners\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006453,rev:4,msg:'ET WEB_SPECIFIC Elxis CMS SQL Injection Attempt -- mod_banners.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Elxis'"
557 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
558
559 # (sid 2006139) ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID 
560 SecRule REQUEST_URI_RAW "(?i:\/newsdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006139,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
561 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
562
563 # (sid 2006151) ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id 
564 SecRule REQUEST_URI_RAW "(?i:\/Types\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006151,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
565 SecRule &TX:'/SQL_INJECTION.*ARGS:Type_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
566
567 # (sid 2006157) ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID 
568 SecRule REQUEST_URI_RAW "(?i:\/actualpic\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006157,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
569 SecRule &TX:'/SQL_INJECTION.*ARGS:Biz_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
570
571 # (sid 2007046) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID 
572 SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007046,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
573 SecRule &TX:'/SQL_INJECTION.*ARGS:AD_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
574
575 # (sid 2007052) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id 
576 SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007052,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
577 SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
578
579 # (sid 2007058) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id 
580 SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007058,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
581 SecRule &TX:'/SQL_INJECTION.*ARGS:sub_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
582
583 # (sid 2007028) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id 
584 SecRule REQUEST_URI_RAW "(?i:\/ad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007028,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
585 SecRule &TX:'/SQL_INJECTION.*ARGS:ad_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
586
587 # (sid 2007034) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid 
588 SecRule REQUEST_URI_RAW "(?i:\/dircat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007034,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
589 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
590
591 # (sid 2007040) ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid 
592 SecRule REQUEST_URI_RAW "(?i:\/dirSub\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007040,rev:4,msg:'ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
593 SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
594
595 # (sid 2007080) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid 
596 SecRule REQUEST_URI_RAW "(?i:\/dircat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007080,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
597 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
598
599 # (sid 2007086) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid 
600 SecRule REQUEST_URI_RAW "(?i:\/dirSub\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007086,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
601 SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
602
603 # (sid 2007092) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID 
604 SecRule REQUEST_URI_RAW "(?i:\/types\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007092,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
605 SecRule &TX:'/SQL_INJECTION.*ARGS:TYPE_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
606
607 # (sid 2007098) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID 
608 SecRule REQUEST_URI_RAW "(?i:\/homeDetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007098,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
609 SecRule &TX:'/SQL_INJECTION.*ARGS:AD_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
610
611 # (sid 2007104) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat 
612 SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007104,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
613 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
614
615 # (sid 2007110) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare 
616 SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007110,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
617 SecRule &TX:'/SQL_INJECTION.*ARGS:compare/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
618
619 # (sid 2007116) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear 
620 SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007116,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
621 SecRule &TX:'/SQL_INJECTION.*ARGS:clear/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
622
623 # (sid 2007122) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID 
624 SecRule REQUEST_URI_RAW "(?i:\/compareHomes\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007122,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
625 SecRule &TX:'/SQL_INJECTION.*ARGS:adID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
626
627 # (sid 2007128) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice 
628 SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007128,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
629 SecRule &TX:'/SQL_INJECTION.*ARGS:aminprice/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
630
631 # (sid 2007134) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice 
632 SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007134,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
633 SecRule &TX:'/SQL_INJECTION.*ARGS:amaxprice/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
634
635 # (sid 2007140) ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms 
636 SecRule REQUEST_URI_RAW "(?i:\/result\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007140,rev:3,msg:'ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthrallweb'"
637 SecRule &TX:'/SQL_INJECTION.*ARGS:abedrooms/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
638
639 # (sid 2005260) ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat 
640 SecRule REQUEST_URI_RAW "(?i:\/show_owned\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005260,rev:4,msg:'ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthusiast'"
641 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_owned.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
642
643 # (sid 2005266) ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat 
644 SecRule REQUEST_URI_RAW "(?i:\/show_joined\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005266,rev:4,msg:'ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Enthusiast'"
645 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Enthusiast SQL Injection Attempt -- show_joined.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
646
647 # (sid 2006223) ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user 
648 SecRule REQUEST_URI_RAW "(?i:\/administration\/administre2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006223,rev:4,msg:'ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Eric_Guillaume'"
649 SecRule &TX:'/SQL_INJECTION.*ARGS:id_user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
650
651 # (sid 2005881) ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id 
652 SecRule REQUEST_URI_RAW "(?i:\/productdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005881,rev:4,msg:'ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Esmartcart'"
653 SecRule &TX:'/SQL_INJECTION.*ARGS:product_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
654
655 # (sid 2005340) ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template 
656 SecRule REQUEST_URI_RAW "(?i:\/style\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005340,rev:4,msg:'ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Evision'"
657 SecRule &TX:'/SQL_INJECTION.*ARGS:template/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC e-Vision CMS SQL Injection Attempt -- style.php template ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
658
659 # (sid 2007064) ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno 
660 SecRule REQUEST_URI_RAW "(?i:\/products\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007064,rev:3,msg:'ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Evolve'"
661 SecRule &TX:'/SQL_INJECTION.*ARGS:partno/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Evolve shopping cart SQL Injection Attempt -- products.asp partno ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
662
663 # (sid 2005085) ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id 
664 SecRule REQUEST_URI_RAW "(?i:\/faq\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005085,rev:4,msg:'ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ExoPHPDesk'"
665 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ExoPHPDesk SQL Injection Attempt -- faq.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
666
667 # (sid 2006817) ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex 
668 SecRule REQUEST_URI_RAW "(?i:\/articles\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006817,rev:4,msg:'ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Expinion.net'"
669 SecRule &TX:'/SQL_INJECTION.*ARGS:ex/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Expinion.net iNews SQL Injection Attempt -- articles.asp ex ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
670
671 # (sid 2006343) ET WEB_SPECIFIC EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp 
672 SecRule REQUEST_URI_RAW "(?i:\/vdateUsr\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006343,rev:4,msg:'ET WEB_SPECIFIC EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_EzHRS'"
673 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
674
675 # (sid 2005619) ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid 
676 SecRule REQUEST_URI_RAW "(?i:\/boxx\/ShowAppendix\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005619,rev:4,msg:'ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ezboxx'"
677 SecRule &TX:'/SQL_INJECTION.*ARGS:iid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
678
679 # (sid 2003850) ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref 
680 SecRule REQUEST_URI_RAW "(?i:\/question\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003850,rev:4,msg:'ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FAQEngine'"
681 SecRule REQUEST_URI_RAW "@contains (" "chain"
682 SecRule &TX:'/SQL_INJECTION.*ARGS:questionref/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FAQEngine SQL Injection Attempt -- question.php questionref ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
683
684 # (sid 2006127) ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID 
685 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006127,rev:4,msg:'ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FUM'"
686 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
687
688 # (sid 2006331) ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id 
689 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006331,rev:4,msg:'ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fantastic_News'"
690 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fantastic News SQL Injection Attempt -- news.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
691
692 # (sid 2003792) ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid 
693 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003792,rev:4,msg:'ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FileRun'"
694 SecRule REQUEST_URI_RAW "@contains (" "chain"
695 SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FileRun SQL Injection Attempt -- index.php fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
696
697 # (sid 2006902) ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat 
698 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006902,rev:4,msg:'ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FipsSHOP'"
699 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
700
701 # (sid 2006908) ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did 
702 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006908,rev:4,msg:'ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_FipsSHOP'"
703 SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FipsSHOP SQL Injection Attempt -- index.asp did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
704
705 # (sid 2007186) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id 
706 SecRule REQUEST_URI_RAW "(?i:\/filelist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007186,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
707 SecRule &TX:'/SQL_INJECTION.*ARGS:show_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
708
709 # (sid 2007192) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid 
710 SecRule REQUEST_URI_RAW "(?i:\/filelist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007192,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
711 SecRule &TX:'/SQL_INJECTION.*ARGS:parentid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
712
713 # (sid 2007198) ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid 
714 SecRule REQUEST_URI_RAW "(?i:\/showfile\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007198,rev:3,msg:'ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fixit_iDMS'"
715 SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
716
717 # (sid 2003827) ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid 
718 SecRule REQUEST_URI_RAW "(?i:\/game\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003827,rev:4,msg:'ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Flashgames'"
719 SecRule REQUEST_URI_RAW "@contains (" "chain"
720 SecRule &TX:'/SQL_INJECTION.*ARGS:lid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Flashgames SQL Injection Attempt -- game.php lid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
721
722 # (sid 2005150) ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user 
723 SecRule REQUEST_URI_RAW "(?i:\/info_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005150,rev:4,msg:'ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Forum_Livre'"
724 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Forum Livre SQL Injection Attempt -- info_user.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
725
726 # (sid 2004921) ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat 
727 SecRule REQUEST_URI_RAW "(?i:\/listmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004921,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
728 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
729
730 # (sid 2005079) ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id 
731 SecRule REQUEST_URI_RAW "(?i:\/windows\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005079,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
732 SecRule &TX:'/SQL_INJECTION.*ARGS:kategori_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
733
734 # (sid 2005376) ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id 
735 SecRule REQUEST_URI_RAW "(?i:\/down_indir\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005376,rev:4,msg:'ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fullaspsite'"
736 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
737
738 # (sid 2006465) ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- index.cfm 
739 SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006465,rev:4,msg:'ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- index.cfm ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fusetalk'"
740 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
741
742 # (sid 2006471) ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode 
743 SecRule REQUEST_URI_RAW "(?i:\/forum\/include\/error\/autherror\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006471,rev:4,msg:'ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fusetalk'"
744 SecRule &TX:'/SQL_INJECTION.*ARGS:errorcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
745
746 # (sid 2006193) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId 
747 SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006193,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
748 SecRule &TX:'/SQL_INJECTION.*ARGS:newsId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm newsId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
749
750 # (sid 2006199) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid 
751 SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006199,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
752 SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
753
754 # (sid 2006205) ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId 
755 SecRule REQUEST_URI_RAW "(?i:\/index\.cfm)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006205,rev:4,msg:'ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Future_Internet'"
756 SecRule &TX:'/SQL_INJECTION.*ARGS:langId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Future Internet SQL Injection Attempt -- index.cfm langId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
757
758 # (sid 2005334) ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic 
759 SecRule REQUEST_URI_RAW "(?i:\/low\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005334,rev:4,msg:'ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Fuzzylime'"
760 SecRule &TX:'/SQL_INJECTION.*ARGS:topic/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Fuzzylime Forum SQL Injection Attempt -- low.php topic ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
761
762 # (sid 2004003) ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id 
763 SecRule REQUEST_URI_RAW "(?i:\/down_indir\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004003,rev:4,msg:'ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Gazi'"
764 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
765
766 # (sid 2004401) ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori 
767 SecRule REQUEST_URI_RAW "(?i:\/kategori\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004401,rev:4,msg:'ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_GaziYapBoz'"
768 SecRule &TX:'/SQL_INJECTION.*ARGS:kategori/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
769
770 # (sid 2005013) ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user 
771 SecRule REQUEST_URI_RAW "(?i:\/inc\/common\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005013,rev:4,msg:'ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_GlobalMegaCorp'"
772 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
773
774 # (sid 2003844) ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid 
775 SecRule REQUEST_URI_RAW "(?i:\/glossaire\-p\-f\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003844,rev:4,msg:'ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Glossaire'"
776 SecRule REQUEST_URI_RAW "@contains (" "chain"
777 SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Glossaire SQL Injection Attempt -- glossaire-p-f.php sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
778
779 # (sid 2004353) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id 
780 SecRule REQUEST_URI_RAW "(?i:\/userdetail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004353,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
781 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- userdetail.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
782
783 # (sid 2004359) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id 
784 SecRule REQUEST_URI_RAW "(?i:\/jump\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004359,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
785 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
786
787 # (sid 2004365) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id 
788 SecRule REQUEST_URI_RAW "(?i:\/detail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004365,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
789 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- detail.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
790
791 # (sid 2004371) ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url 
792 SecRule REQUEST_URI_RAW "(?i:\/jump\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004371,rev:4,msg:'ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Grayscale_Blog'"
793 SecRule &TX:'/SQL_INJECTION.*ARGS:url/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Grayscale Blog SQL Injection Attempt -- jump.php url ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
794
795 # (sid 2005311) ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id 
796 SecRule REQUEST_URI_RAW "(?i:\/print\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005311,rev:4,msg:'ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Guo_Xu_Guos'"
797 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
798
799 # (sid 2004395) ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID 
800 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004395,rev:4,msg:'ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HC_News'"
801 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HC NEWSSYSTEM SQL Injection Attempt -- index.php ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
802
803 # (sid 2007408) ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd 
804 SecRule REQUEST_URI_RAW "(?i:\/addrating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007408,rev:3,msg:'ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HIOX'"
805 SecRule &TX:'/SQL_INJECTION.*ARGS:ipadd/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
806
807 # (sid 2007414) ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url 
808 SecRule REQUEST_URI_RAW "(?i:\/addrating\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007414,rev:3,msg:'ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_HIOX'"
809 SecRule &TX:'/SQL_INJECTION.*ARGS:url/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
810
811 # (sid 2004425) ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre 
812 SecRule REQUEST_URI_RAW "(?i:\/giris_yap\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004425,rev:4,msg:'ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hazir'"
813 SecRule &TX:'/SQL_INJECTION.*ARGS:sifre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hazir Site SQL Injection Attempt -- giris_yap.asp sifre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
814
815 # (sid 2004633) ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id 
816 SecRule REQUEST_URI_RAW "(?i:\/haberoku\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004633,rev:4,msg:'ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hunkaray'"
817 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
818
819 # (sid 2005067) ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id 
820 SecRule REQUEST_URI_RAW "(?i:\/oku\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005067,rev:4,msg:'ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Hunkaray'"
821 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
822
823 # (sid 2005643) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id 
824 SecRule REQUEST_URI_RAW "(?i:\/dispimage\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005643,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
825 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
826
827 # (sid 2005649) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order 
828 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005649,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
829 SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
830
831 # (sid 2005655) ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page 
832 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005655,rev:4,msg:'ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Image_Gallery'"
833 SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Image Gallery with Access Database SQL Injection Attempt -- default.asp page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
834
835 # (sid 2006866) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id 
836 SecRule REQUEST_URI_RAW "(?i:\/rating\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006866,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
837 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
838
839 # (sid 2006872) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid 
840 SecRule REQUEST_URI_RAW "(?i:\/meal_rest\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006872,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
841 SecRule &TX:'/SQL_INJECTION.*ARGS:mealid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
842
843 # (sid 2006878) ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid 
844 SecRule REQUEST_URI_RAW "(?i:\/res_details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006878,rev:4,msg:'ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Infinitytechs'"
845 SecRule &TX:'/SQL_INJECTION.*ARGS:resid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
846
847 # (sid 2004801) ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP 
848 SecRule REQUEST_URI_RAW "(?i:\/classes\/class_session\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004801,rev:4,msg:'ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
849 SecRule &TX:'/SQL_INJECTION.*ARGS:CLIENT_IP/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
850
851 # (sid 2006673) ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img 
852 SecRule REQUEST_URI_RAW "(?i:\/forum\/modules\/gallery\/post\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006673,rev:4,msg:'ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
853 SecRule &TX:'/SQL_INJECTION.*ARGS:img/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- post.php img ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
854
855 # (sid 2006679) ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img 
856 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006679,rev:4,msg:'ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
857 SecRule &TX:'/SQL_INJECTION.*ARGS:img/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Gallery SQL Injection Attempt -- index.php img ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
858
859 # (sid 2006685) ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid 
860 SecRule REQUEST_URI_RAW "(?i:\/lib\/entry_reply_entry\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006685,rev:4,msg:'ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Invision'"
861 SecRule &TX:'/SQL_INJECTION.*ARGS:eid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
862
863 # (sid 2006211) ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id 
864 SecRule REQUEST_URI_RAW "(?i:\/ixm_ixpnews\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006211,rev:4,msg:'ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ixprim'"
865 SecRule &TX:'/SQL_INJECTION.*ARGS:story_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
866
867 # (sid 2005346) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass 
868 SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005346,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
869 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
870
871 # (sid 2005364) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user 
872 SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005364,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
873 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
874
875 # (sid 2005370) ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass 
876 SecRule REQUEST_URI_RAW "(?i:\/auth\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005370,rev:4,msg:'ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JFF_NM'"
877 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
878
879 # (sid 2004156) ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title 
880 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004156,rev:4,msg:'ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JGBBS'"
881 SecRule &TX:'/SQL_INJECTION.*ARGS:title/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp title ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
882
883 # (sid 2004341) ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author 
884 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004341,rev:4,msg:'ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JGBBS'"
885 SecRule &TX:'/SQL_INJECTION.*ARGS:author/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JGBBS SQL Injection Attempt -- search.asp author ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
886
887 # (sid 2004484) ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq 
888 SecRule REQUEST_URI_RAW "(?i:\/G_Display\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004484,rev:4,msg:'ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JackKnife'"
889 SecRule &TX:'/SQL_INJECTION.*ARGS:iCategoryUnq/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
890
891 # (sid 2004490) ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID 
892 SecRule REQUEST_URI_RAW "(?i:\/Search\/DisplayResults\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004490,rev:4,msg:'ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_JackKnife'"
893 SecRule &TX:'/SQL_INJECTION.*ARGS:iSearchID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
894
895 # (sid 2006496) ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username 
896 SecRule REQUEST_URI_RAW "(?i:\/login\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006496,rev:4,msg:'ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jasmine_CMS'"
897 SecRule &TX:'/SQL_INJECTION.*ARGS:login_username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- login.php login_username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
898
899 # (sid 2006502) ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item 
900 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006502,rev:4,msg:'ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jasmine_CMS'"
901 SecRule &TX:'/SQL_INJECTION.*ARGS:item/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jasmine CMS SQL Injection Attempt -- news.php item ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
902
903 # (sid 2004081) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php 
904 SecRule REQUEST_URI_RAW "(?i:\/admincp\/attachment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004081,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
905 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
906
907 # (sid 2004150) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php 
908 SecRule REQUEST_URI_RAW "(?i:\/admincp\/attachment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004150,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- attachment.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
909 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
910
911 # (sid 2004670) ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids 
912 SecRule REQUEST_URI_RAW "(?i:\/inlinemod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004670,rev:4,msg:'ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jelsoft'"
913 SecRule &TX:'/SQL_INJECTION.*ARGS:postids/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
914
915 # (sid 2003943) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- main_page.php 
916 SecRule REQUEST_URI_RAW "(?i:\/main_page\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003943,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- main_page.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
917 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
918
919 # (sid 2003949) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- open_tree.php 
920 SecRule REQUEST_URI_RAW "(?i:\/open_tree\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003949,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- open_tree.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
921 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
922
923 # (sid 2003955) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- outputs.php 
924 SecRule REQUEST_URI_RAW "(?i:\/outputs\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003955,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- outputs.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
925 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
926
927 # (sid 2003961) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view 
928 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003961,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
929 SecRule &TX:'/SQL_INJECTION.*ARGS:view/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php view ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
930
931 # (sid 2003967) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- opentree.php id 
932 SecRule REQUEST_URI_RAW "(?i:\/admin\/cms\/opentree\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003967,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- opentree.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
933 SecRule REQUEST_URI_RAW "@contains id[" "chain"
934 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
935
936 # (sid 2003973) ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login 
937 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003973,rev:4,msg:'ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jetbox'"
938 SecRule &TX:'/SQL_INJECTION.*ARGS:login/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Jetbox CMS SQL Injection Attempt -- index.php login ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
939
940 # (sid 2007348) ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID 
941 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007348,rev:3,msg:'ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
942 SecRule &TX:'/SQL_INJECTION.*ARGS:tID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos FAQ Manager SQL Injection Attempt -- index.asp tID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
943
944 # (sid 2007354) ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID 
945 SecRule REQUEST_URI_RAW "(?i:\/openlink\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007354,rev:3,msg:'ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
946 SecRule &TX:'/SQL_INJECTION.*ARGS:LinkID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
947
948 # (sid 2007360) ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID 
949 SecRule REQUEST_URI_RAW "(?i:\/viewlinks\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007360,rev:3,msg:'ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jiros'"
950 SecRule &TX:'/SQL_INJECTION.*ARGS:CategoryID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
951
952 # (sid 2004377) ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary 
953 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004377,rev:4,msg:'ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Jobsitepro'"
954 SecRule &TX:'/SQL_INJECTION.*ARGS:salary/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP Labs JobSitePro SQL Injection Attempt -- search.php salary ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
955
956 # (sid 2003762) ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid 
957 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003762,rev:4,msg:'ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_John_Mordo'"
958 SecRule REQUEST_URI_RAW "@contains (" "chain"
959 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC John Mordo Jobs SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
960
961 # (sid 2005296) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid 
962 SecRule REQUEST_URI_RAW "(?i:\/models\/category\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005296,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
963 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- category.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
964
965 # (sid 2005302) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id 
966 SecRule REQUEST_URI_RAW "(?i:\/letterman\.class\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005302,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
967 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- letterman.class.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
968
969 # (sid 2005394) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php 
970 SecRule REQUEST_URI_RAW "(?i:\/plugins\/user\/example\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005394,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
971 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
972
973 # (sid 2005400) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- gmail.php 
974 SecRule REQUEST_URI_RAW "(?i:\/gmail\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005400,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- gmail.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
975 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
976
977 # (sid 2005406) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php 
978 SecRule REQUEST_URI_RAW "(?i:\/example\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005406,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- example.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
979 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
980
981 # (sid 2005412) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- ldap.php 
982 SecRule REQUEST_URI_RAW "(?i:\/plugins\/authentication\/ldap\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005412,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- ldap.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
983 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
984
985 # (sid 2005418) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- menu.php 
986 SecRule REQUEST_URI_RAW "(?i:\/modules\/mod_mainmenu\/menu\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005418,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- menu.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
987 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
988
989 # (sid 2005424) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where 
990 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/content\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005424,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
991 SecRule &TX:'/SQL_INJECTION.*ARGS:where/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- content.php where ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
992
993 # (sid 2005430) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where 
994 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/weblinks\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005430,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
995 SecRule &TX:'/SQL_INJECTION.*ARGS:where/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- weblinks.php where ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
996
997 # (sid 2005436) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text 
998 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/contacts\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005436,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
999 SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- contacts.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1000
1001 # (sid 2005442) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text 
1002 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/categories\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005442,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
1003 SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- categories.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1004
1005 # (sid 2005448) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text 
1006 SecRule REQUEST_URI_RAW "(?i:\/plugins\/search\/sections\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005448,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
1007 SecRule &TX:'/SQL_INJECTION.*ARGS:text/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- sections.php text ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1008
1009 # (sid 2005454) ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email 
1010 SecRule REQUEST_URI_RAW "(?i:\/database\/table\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005454,rev:4,msg:'ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Joomla'"
1011 SecRule &TX:'/SQL_INJECTION.*ARGS:email/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Joomla! SQL Injection Attempt -- user.php email ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1012
1013 # (sid 2006764) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category 
1014 SecRule REQUEST_URI_RAW "(?i:\/search_listing\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006764,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
1015 SecRule &TX:'/SQL_INJECTION.*ARGS:category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1016
1017 # (sid 2006770) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent 
1018 SecRule REQUEST_URI_RAW "(?i:\/search_listing\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006770,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
1019 SecRule &TX:'/SQL_INJECTION.*ARGS:agent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1020
1021 # (sid 2006776) ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id 
1022 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006776,rev:4,msg:'ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_KLF_Design'"
1023 SecRule &TX:'/SQL_INJECTION.*ARGS:property_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1024
1025 # (sid 2004645) ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id 
1026 SecRule REQUEST_URI_RAW "(?i:\/news\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004645,rev:4,msg:'ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kartli'"
1027 SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1028
1029 # (sid 2004126) ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna 
1030 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004126,rev:4,msg:'ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Katalog_Plyt'"
1031 SecRule &TX:'/SQL_INJECTION.*ARGS:kolumna/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1032
1033 # (sid 2004983) ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid 
1034 SecRule REQUEST_URI_RAW "(?i:\/forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004983,rev:4,msg:'ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kisisel'"
1035 SecRule &TX:'/SQL_INJECTION.*ARGS:forumid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1036
1037 # (sid 2005800) ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id 
1038 SecRule REQUEST_URI_RAW "(?i:\/down\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005800,rev:4,msg:'ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kolayindir'"
1039 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1040
1041 # (sid 2004693) ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id 
1042 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004693,rev:4,msg:'ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Kubix'"
1043 SecRule &TX:'/SQL_INJECTION.*ARGS:member_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Kubix SQL Injection Attempt -- index.php member_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1044
1045 # (sid 2005073) ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid 
1046 SecRule REQUEST_URI_RAW "(?i:\/i\-search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005073,rev:4,msg:'ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_L2J_DropCalc'"
1047 SecRule &TX:'/SQL_INJECTION.*ARGS:itemid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1048
1049 # (sid 2005977) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w 
1050 SecRule REQUEST_URI_RAW "(?i:\/journal\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005977,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LDU'"
1051 SecRule &TX:'/SQL_INJECTION.*ARGS:w/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1052
1053 # (sid 2006319) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id 
1054 SecRule REQUEST_URI_RAW "(?i:\/polls\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006319,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LDU'"
1055 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1056
1057 # (sid 2004527) ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country 
1058 SecRule REQUEST_URI_RAW "(?i:\/guestbook\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004527,rev:4,msg:'ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LI_Guestbook'"
1059 SecRule &TX:'/SQL_INJECTION.*ARGS:country/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LI-Guestbook SQL Injection Attempt -- guestbook.php country ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1060
1061 # (sid 2007298) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id 
1062 SecRule REQUEST_URI_RAW "(?i:\/inout\/status\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007298,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1063 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1064
1065 # (sid 2007304) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id 
1066 SecRule REQUEST_URI_RAW "(?i:\/inout\/update\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007304,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1067 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1068
1069 # (sid 2007310) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id 
1070 SecRule REQUEST_URI_RAW "(?i:\/forgotpass\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007310,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1071 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1072
1073 # (sid 2007316) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid 
1074 SecRule REQUEST_URI_RAW "(?i:\/forgotpass\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007316,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1075 SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1076
1077 # (sid 2007322) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid 
1078 SecRule REQUEST_URI_RAW "(?i:\/inout\/update\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007322,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1079 SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1080
1081 # (sid 2007328) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid 
1082 SecRule REQUEST_URI_RAW "(?i:\/inout\/status\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007328,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1083 SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1084
1085 # (sid 2007334) ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id 
1086 SecRule REQUEST_URI_RAW "(?i:\/details\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007334,rev:3,msg:'ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Liberum'"
1087 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1088
1089 # (sid 2006661) ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni 
1090 SecRule REQUEST_URI_RAW "(?i:\/navigacija\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006661,rev:4,msg:'ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_CMS'"
1091 SecRule &TX:'/SQL_INJECTION.*ARGS:IDMeniGlavni/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1092
1093 # (sid 2006667) ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci 
1094 SecRule REQUEST_URI_RAW "(?i:\/prikazInformacije\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006667,rev:4,msg:'ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_CMS'"
1095 SecRule &TX:'/SQL_INJECTION.*ARGS:IDStranicaPodaci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1096
1097 # (sid 2007366) ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch 
1098 SecRule REQUEST_URI_RAW "(?i:\/linkslist\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007366,rev:3,msg:'ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_Exchange_Lite'"
1099 SecRule &TX:'/SQL_INJECTION.*ARGS:psearch/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1100
1101 # (sid 2007372) ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- search.asp 
1102 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007372,rev:3,msg:'ET WEB_SPECIFIC Link Exchange Lite SQL Injection Attempt -- search.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Link_Exchange_Lite'"
1103 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1104
1105 # (sid 2004413) ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt 
1106 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004413,rev:4,msg:'ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Links_Management'"
1107 SecRule &TX:'/SQL_INJECTION.*ARGS:lcnt/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Links Management Application SQL Injection Attempt -- index.php lcnt ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1108
1109 # (sid 2006477) ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid 
1110 SecRule REQUEST_URI_RAW "(?i:\/categoria\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006477,rev:4,msg:'ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LiveCMS'"
1111 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LiveCMS SQL Injection Attempt -- categoria.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1112
1113 # (sid 2005833) ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID 
1114 SecRule REQUEST_URI_RAW "(?i:\/main\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005833,rev:4,msg:'ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_LocazoList'"
1115 SecRule &TX:'/SQL_INJECTION.*ARGS:subcatID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LocazoList SQL Injection Attempt -- main.asp subcatID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1116
1117 # (sid 2006325) ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID 
1118 SecRule REQUEST_URI_RAW "(?i:\/ProductDetails\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006325,rev:4,msg:'ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lotfian'"
1119 SecRule &TX:'/SQL_INJECTION.*ARGS:PID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1120
1121 # (sid 2004965) ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id 
1122 SecRule REQUEST_URI_RAW "(?i:\/comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004965,rev:4,msg:'ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lushi'"
1123 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LushiNews SQL Injection Attempt -- comments.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1124
1125 # (sid 2004971) ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id 
1126 SecRule REQUEST_URI_RAW "(?i:\/register\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004971,rev:4,msg:'ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Lushi'"
1127 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC LushiWarPlaner SQL Injection Attempt -- register.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1128
1129 # (sid 2005139) ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow 
1130 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005139,rev:4,msg:'ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MDPro'"
1131 SecRule &TX:'/SQL_INJECTION.*ARGS:startrow/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MAXdev MDPro SQL Injection Attempt -- index.php startrow ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1132
1133 # (sid 2005516) ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id 
1134 SecRule REQUEST_URI_RAW "(?i:\/email\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005516,rev:4,msg:'ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGB'"
1135 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGB OpenSource Guestbook SQL Injection Attempt -- email.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1136
1137 # (sid 2006229) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p 
1138 SecRule REQUEST_URI_RAW "(?i:\/detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006229,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
1139 SecRule &TX:'/SQL_INJECTION.*ARGS:p/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1140
1141 # (sid 2006235) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l 
1142 SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006235,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
1143 SecRule &TX:'/SQL_INJECTION.*ARGS:l/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1144
1145 # (sid 2006241) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ 
1146 SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006241,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
1147 SecRule &TX:'/SQL_INJECTION.*ARGS:typ/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1148
1149 # (sid 2006247) ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc 
1150 SecRule REQUEST_URI_RAW "(?i:\/listings\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006247,rev:4,msg:'ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MGinternet'"
1151 SecRule &TX:'/SQL_INJECTION.*ARGS:loc/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1152
1153 # (sid 2003991) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid 
1154 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003991,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
1155 SecRule &TX:'/SQL_INJECTION.*ARGS:listid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- index.php listid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1156
1157 # (sid 2004431) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname 
1158 SecRule REQUEST_URI_RAW "(?i:\/moscomment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004431,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
1159 SecRule &TX:'/SQL_INJECTION.*ARGS:mcname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- moscomment.php mcname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1160
1161 # (sid 2004437) ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname 
1162 SecRule REQUEST_URI_RAW "(?i:\/com_comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004437,rev:4,msg:'ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
1163 SecRule &TX:'/SQL_INJECTION.*ARGS:mcname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mambo SQL Injection Attempt -- com_comment.php mcname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1164
1165 # (sid 2004770) ET WEB_SPECIFIC Mambo LaiThai SQL Injection Attempt -- mambo.php 
1166 SecRule REQUEST_URI_RAW "(?i:\/includes\/mambo\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004770,rev:4,msg:'ET WEB_SPECIFIC Mambo LaiThai SQL Injection Attempt -- mambo.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mambo'"
1167 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1168
1169 # (sid 2005145) ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid 
1170 SecRule REQUEST_URI_RAW "(?i:\/news_page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005145,rev:4,msg:'ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Martyn_Kilbryde_Newsposter'"
1171 SecRule &TX:'/SQL_INJECTION.*ARGS:uid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1172
1173 # (sid 2004269) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x 
1174 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004269,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1175 SecRule REQUEST_URI_RAW "@contains x[" "chain"
1176 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1177
1178 # (sid 2004275) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t 
1179 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004275,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1180 SecRule &TX:'/SQL_INJECTION.*ARGS:t/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php t ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1181
1182 # (sid 2004281) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId 
1183 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004281,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1184 SecRule &TX:'/SQL_INJECTION.*ARGS:productId/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1185
1186 # (sid 2004287) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk 
1187 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004287,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1188 SecRule &TX:'/SQL_INJECTION.*ARGS:sk/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1189
1190 # (sid 2004293) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x 
1191 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004293,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1192 SecRule &TX:'/SQL_INJECTION.*ARGS:x/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1193
1194 # (sid 2004299) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so 
1195 SecRule REQUEST_URI_RAW "(?i:\/product_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004299,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1196 SecRule &TX:'/SQL_INJECTION.*ARGS:so/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- product_review.php so ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1197
1198 # (sid 2004305) ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo 
1199 SecRule REQUEST_URI_RAW "(?i:\/order\-track\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004305,rev:4,msg:'ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Mega_Mall'"
1200 SecRule &TX:'/SQL_INJECTION.*ARGS:orderNo/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1201
1202 # (sid 2006349) ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa 
1203 SecRule REQUEST_URI_RAW "(?i:\/lire\-avis\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006349,rev:4,msg:'ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Messageriescripthp'"
1204 SecRule &TX:'/SQL_INJECTION.*ARGS:aa/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1205
1206 # (sid 2006799) ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi 
1207 SecRule REQUEST_URI_RAW "(?i:\/uye_giris_islem\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006799,rev:4,msg:'ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Metyus'"
1208 SecRule &TX:'/SQL_INJECTION.*ARGS:kullanici_ismi/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1209
1210 # (sid 2006805) ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre 
1211 SecRule REQUEST_URI_RAW "(?i:\/uye_giris_islem\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006805,rev:4,msg:'ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Metyus'"
1212 SecRule &TX:'/SQL_INJECTION.*ARGS:sifre/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1213
1214 # (sid 2005607) ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id 
1215 SecRule REQUEST_URI_RAW "(?i:\/duyuru\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005607,rev:4,msg:'ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MiNT'"
1216 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1217
1218 # (sid 2007010) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant 
1219 SecRule REQUEST_URI_RAW "(?i:\/item_show\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007010,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
1220 SecRule &TX:'/SQL_INJECTION.*ARGS:id2006quant/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1221
1222 # (sid 2007016) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup 
1223 SecRule REQUEST_URI_RAW "(?i:\/item_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007016,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
1224 SecRule &TX:'/SQL_INJECTION.*ARGS:maingroup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1225
1226 # (sid 2007022) ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup 
1227 SecRule REQUEST_URI_RAW "(?i:\/item_list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007022,rev:4,msg:'ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Midicart'"
1228 SecRule &TX:'/SQL_INJECTION.*ARGS:secondgroup/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1229
1230 # (sid 2004168) ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c 
1231 SecRule REQUEST_URI_RAW "(?i:\/forum\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004168,rev:4,msg:'ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Minerva'"
1232 SecRule &TX:'/SQL_INJECTION.*ARGS:c/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Minerva mod SQL Injection Attempt -- forum.php c ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1233
1234 # (sid 2005782) ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName 
1235 SecRule REQUEST_URI_RAW "(?i:\/admin_check_user\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005782,rev:4,msg:'ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Motionborg'"
1236 SecRule &TX:'/SQL_INJECTION.*ARGS:txtUserName/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1237
1238 # (sid 2003839) ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid 
1239 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003839,rev:4,msg:'ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MyConference'"
1240 SecRule REQUEST_URI_RAW "@contains (" "chain"
1241 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MyConference SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1242
1243 # (sid 2006631) ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details 
1244 SecRule REQUEST_URI_RAW "(?i:\/mystats\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006631,rev:4,msg:'ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_MyStats'"
1245 SecRule &TX:'/SQL_INJECTION.*ARGS:details/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC MyStats SQL Injection Attempt -- mystats.php details ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1246
1247 # (sid 2004616) ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete 
1248 SecRule REQUEST_URI_RAW "(?i:\/diary\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004616,rev:4,msg:'ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_My_Datebook'"
1249 SecRule &TX:'/SQL_INJECTION.*ARGS:delete/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC My Datebook SQL Injection Attempt -- diary.php delete ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1250
1251 # (sid 2004099) ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id 
1252 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004099,rev:4,msg:'ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_My_Little_Forum'"
1253 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC My Little Forum SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1254
1255 # (sid 2004746) ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv 
1256 SecRule REQUEST_URI_RAW "(?i:\/result\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004746,rev:4,msg:'ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Nabopoll'"
1257 SecRule &TX:'/SQL_INJECTION.*ARGS:surv/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Nabopoll SQL Injection Attempt -- result.php surv ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1258
1259 # (sid 2006884) ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id 
1260 SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006884,rev:4,msg:'ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neochrome'"
1261 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1262
1263 # (sid 2006740) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php 
1264 SecRule REQUEST_URI_RAW "(?i:\/plugins\/ipsearch\/ipsearch\.admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006740,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1265 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1266
1267 # (sid 2006746) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php 
1268 SecRule REQUEST_URI_RAW "(?i:\/pfs\/pfs\.edit\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006746,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1269 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1270
1271 # (sid 2006752) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.register.inc.php 
1272 SecRule REQUEST_URI_RAW "(?i:\/system\/core\/users\/users\.register\.inc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006752,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.register.inc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1273 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1274
1275 # (sid 2006758) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id 
1276 SecRule REQUEST_URI_RAW "(?i:\/polls\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006758,rev:4,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1277 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- polls.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1278
1279 # (sid 2007292) ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id 
1280 SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007292,rev:3,msg:'ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neocrome'"
1281 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neocrome Seditio SQL Injection Attempt -- users.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1282
1283 # (sid 2006551) ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id 
1284 SecRule REQUEST_URI_RAW "(?i:\/ViewCat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006551,rev:4,msg:'ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NetClassifieds'"
1285 SecRule &TX:'/SQL_INJECTION.*ARGS:s_user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1286
1287 # (sid 2004162) ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID 
1288 SecRule REQUEST_URI_RAW "(?i:\/News\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004162,rev:4,msg:'ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NetVIOS'"
1289 SecRule &TX:'/SQL_INJECTION.*ARGS:NewsID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC NetVIOS Portal SQL Injection Attempt -- page.asp NewsID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1290
1291 # (sid 2004940) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname 
1292 SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004940,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
1293 SecRule &TX:'/SQL_INJECTION.*ARGS:commentname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1294
1295 # (sid 2004947) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail 
1296 SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004947,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
1297 SecRule &TX:'/SQL_INJECTION.*ARGS:commentmail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1298
1299 # (sid 2004953) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite 
1300 SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004953,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
1301 SecRule &TX:'/SQL_INJECTION.*ARGS:commentwebsite/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1302
1303 # (sid 2004959) ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment 
1304 SecRule REQUEST_URI_RAW "(?i:\/pages\/addcomment2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004959,rev:4,msg:'ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Neuron_Blog'"
1305 SecRule &TX:'/SQL_INJECTION.*ARGS:comment/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Neuron Blog SQL Injection Attempt -- addcomment2.php comment ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1306
1307 # (sid 2005679) ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category 
1308 SecRule REQUEST_URI_RAW "(?i:\/shared\/code\/cp_functions_downloads\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005679,rev:4,msg:'ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Nicola_Asuni'"
1309 SecRule &TX:'/SQL_INJECTION.*ARGS:download_category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1310
1311 # (sid 2005019) ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id 
1312 SecRule REQUEST_URI_RAW "(?i:\/view\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005019,rev:4,msg:'ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Noname_Media_Gallerie'"
1313 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1314
1315 # (sid 2006595) ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid 
1316 SecRule REQUEST_URI_RAW "(?i:\/dagent\/downloadreport\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006595,rev:4,msg:'ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Novell_Zenworks'"
1317 SecRule &TX:'/SQL_INJECTION.*ARGS:agentid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1318
1319 # (sid 2006601) ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass 
1320 SecRule REQUEST_URI_RAW "(?i:\/dagent\/downloadreport\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006601,rev:4,msg:'ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Novell_Zenworks'"
1321 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1322
1323 # (sid 2004311) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php 
1324 SecRule REQUEST_URI_RAW "(?i:\/nukesentinel\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004311,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
1325 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1326
1327 # (sid 2004734) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php 
1328 SecRule REQUEST_URI_RAW "(?i:\/nukesentinel\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004734,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nukesentinel.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
1329 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1330
1331 # (sid 2004740) ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nsbypass.php 
1332 SecRule REQUEST_URI_RAW "(?i:\/includes\/nsbypass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004740,rev:4,msg:'ET WEB_SPECIFIC NukeSentinel SQL Injection Attempt -- nsbypass.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_NukeSentinel'"
1333 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1334
1335 # (sid 2006811) ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid 
1336 SecRule REQUEST_URI_RAW "(?i:\/viewthread\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006811,rev:4,msg:'ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_O2PHP'"
1337 SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1338
1339 # (sid 2005601) ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id 
1340 SecRule REQUEST_URI_RAW "(?i:\/etkinlikbak\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005601,rev:4,msg:'ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Okul'"
1341 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1342
1343 # (sid 2004454) ET WEB_SPECIFIC Omegasoft SQL Injection Attempt -- OmegaMw7.asp 
1344 SecRule REQUEST_URI_RAW "(?i:\/OmegaMw7\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004454,rev:4,msg:'ET WEB_SPECIFIC Omegasoft SQL Injection Attempt -- OmegaMw7.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Omegasoft'"
1345 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1346
1347 # (sid 2004849) ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id 
1348 SecRule REQUEST_URI_RAW "(?i:\/user_pages\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004849,rev:4,msg:'ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Online_Web_Building'"
1349 SecRule &TX:'/SQL_INJECTION.*ARGS:art_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Online Web Building SQL Injection Attempt -- page.asp art_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1350
1351 # (sid 2005941) ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate 
1352 SecRule REQUEST_URI_RAW "(?i:\/login\/register\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005941,rev:4,msg:'ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Outfront'"
1353 SecRule &TX:'/SQL_INJECTION.*ARGS:UserUpdate/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1354
1355 # (sid 2005947) ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- a_register.asp 
1356 SecRule REQUEST_URI_RAW "(?i:\/includes\/a_register\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005947,rev:4,msg:'ET WEB_SPECIFIC Outfront Spooky Login SQL Injection Attempt -- a_register.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Outfront'"
1357 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1358
1359 # (sid 2004245) ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip 
1360 SecRule REQUEST_URI_RAW "(?i:\/php\-stats\.recphp\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004245,rev:4,msg:'ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP-Stats'"
1361 SecRule &TX:'/SQL_INJECTION.*ARGS:ip/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1362
1363 # (sid 2006514) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID 
1364 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006514,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1365 SecRule &TX:'/SQL_INJECTION.*ARGS:Outgoing_Type_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1366
1367 # (sid 2006520) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID 
1368 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006520,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1369 SecRule &TX:'/SQL_INJECTION.*ARGS:Outgoing_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1370
1371 # (sid 2006526) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID 
1372 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006526,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1373 SecRule &TX:'/SQL_INJECTION.*ARGS:Project_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Project_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1374
1375 # (sid 2006532) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID 
1376 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006532,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1377 SecRule &TX:'/SQL_INJECTION.*ARGS:Client_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Client_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1378
1379 # (sid 2006538) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID 
1380 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006538,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1381 SecRule &TX:'/SQL_INJECTION.*ARGS:Invoice_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1382
1383 # (sid 2006544) ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID 
1384 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006544,rev:4,msg:'ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPAccounts'"
1385 SecRule &TX:'/SQL_INJECTION.*ARGS:Vendor_ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1386
1387 # (sid 2005971) ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id 
1388 SecRule REQUEST_URI_RAW "(?i:\/admin\/admin_acronyms\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005971,rev:4,msg:'ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPBB'"
1389 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1390
1391 # (sid 2006973) ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id 
1392 SecRule REQUEST_URI_RAW "(?i:\/admin_hacks_list\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006973,rev:4,msg:'ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPBB'"
1393 SecRule &TX:'/SQL_INJECTION.*ARGS:hack_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1394
1395 # (sid 2004045) ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id 
1396 SecRule REQUEST_URI_RAW "(?i:\/modules\/admin\/modules\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004045,rev:4,msg:'ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPEcho'"
1397 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPEcho CMS SQL Injection Attempt -- gallery.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1398
1399 # (sid 2003809) ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER 
1400 SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003809,rev:4,msg:'ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPHoo3'"
1401 SecRule REQUEST_URI_RAW "@contains (" "chain"
1402 SecRule &TX:'/SQL_INJECTION.*ARGS:ADMIN_USER/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1403
1404 # (sid 2003815) ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS 
1405 SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003815,rev:4,msg:'ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPHoo3'"
1406 SecRule REQUEST_URI_RAW "@contains (" "chain"
1407 SecRule &TX:'/SQL_INJECTION.*ARGS:ADMIN_PASS/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1408
1409 # (sid 2004699) ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid 
1410 SecRule REQUEST_URI_RAW "(?i:\/include\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004699,rev:4,msg:'ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPKit'"
1411 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPKit SQL Injection Attempt -- include.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1412
1413 # (sid 2005788) ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid 
1414 SecRule REQUEST_URI_RAW "(?i:\/comment\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005788,rev:4,msg:'ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPKit'"
1415 SecRule &TX:'/SQL_INJECTION.*ARGS:subid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHPKIT SQL Injection Attempt -- comment.php subid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1416
1417 # (sid 2004704) ET WEB_SPECIFIC PHPWind SQL Injection Attempt -- admin.php 
1418 SecRule REQUEST_URI_RAW "(?i:\/admin\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004704,rev:4,msg:'ET WEB_SPECIFIC PHPWind SQL Injection Attempt -- admin.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHPWind'"
1419 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1420
1421 # (sid 2004329) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang 
1422 SecRule REQUEST_URI_RAW "(?i:\/mainfile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004329,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1423 SecRule &TX:'/SQL_INJECTION.*ARGS:lang/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- mainfile.php lang ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1424
1425 # (sid 2004855) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id 
1426 SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004855,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1427 SecRule &TX:'/SQL_INJECTION.*ARGS:category_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php category_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1428
1429 # (sid 2005460) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active 
1430 SecRule REQUEST_URI_RAW "(?i:\/admin\/modules\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005460,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1431 SecRule &TX:'/SQL_INJECTION.*ARGS:active/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1432
1433 # (sid 2005466) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class 
1434 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005466,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1435 SecRule &TX:'/SQL_INJECTION.*ARGS:ad_class/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1436
1437 # (sid 2005472) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl 
1438 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005472,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1439 SecRule &TX:'/SQL_INJECTION.*ARGS:imageurl/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1440
1441 # (sid 2005478) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl 
1442 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005478,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1443 SecRule &TX:'/SQL_INJECTION.*ARGS:clickurl/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1444
1445 # (sid 2005484) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code 
1446 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005484,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1447 SecRule &TX:'/SQL_INJECTION.*ARGS:ad_code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1448
1449 # (sid 2005491) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position 
1450 SecRule REQUEST_URI_RAW "(?i:\/modules\/Advertising\/admin\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005491,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1451 SecRule &TX:'/SQL_INJECTION.*ARGS:position/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1452
1453 # (sid 2005589) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat 
1454 SecRule REQUEST_URI_RAW "(?i:\/blocks\/block\-Old_Articles\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005589,rev:4,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1455 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1456
1457 # (sid 2006931) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid 
1458 SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006931,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1459 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1460
1461 # (sid 2006937) ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid 
1462 SecRule REQUEST_URI_RAW "(?i:\/modules\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006937,rev:4,msg:'ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1463 SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Nuke SQL Injection Attempt -- modules.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1464
1465 # (sid 2007180) ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid 
1466 SecRule REQUEST_URI_RAW "(?i:\/modules\/News\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007180,rev:3,msg:'ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Nuke'"
1467 SecRule &TX:'/SQL_INJECTION.*ARGS:sid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1468
1469 # (sid 2005905) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage 
1470 SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005905,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
1471 SecRule &TX:'/SQL_INJECTION.*ARGS:newmessage/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newmessage ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1472
1473 # (sid 2005911) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname 
1474 SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005911,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
1475 SecRule &TX:'/SQL_INJECTION.*ARGS:newname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1476
1477 # (sid 2005917) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite 
1478 SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005917,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
1479 SecRule &TX:'/SQL_INJECTION.*ARGS:newwebsite/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1480
1481 # (sid 2005923) ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail 
1482 SecRule REQUEST_URI_RAW "(?i:\/code\/guestadd\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005923,rev:4,msg:'ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PHP_Update'"
1483 SecRule &TX:'/SQL_INJECTION.*ARGS:newemail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PHP-Update SQL Injection Attempt -- guestadd.php newemail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1484
1485 # (sid 2004610) ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c 
1486 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004610,rev:4,msg:'ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PNphpBB2'"
1487 SecRule &TX:'/SQL_INJECTION.*ARGS:c/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PNphpBB2 SQL Injection Attempt -- index.php c ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1488
1489 # (sid 2004934) ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id 
1490 SecRule REQUEST_URI_RAW "(?i:\/item\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004934,rev:4,msg:'ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PSY_Auction'"
1491 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PSY Auction SQL Injection Attempt -- item.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1492
1493 # (sid 2006734) ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main 
1494 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006734,rev:4,msg:'ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PWP'"
1495 SecRule &TX:'/SQL_INJECTION.*ARGS:main/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1496
1497 # (sid 2004263) ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid 
1498 SecRule REQUEST_URI_RAW "(?i:\/post\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004263,rev:4,msg:'ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Blogger'"
1499 SecRule &TX:'/SQL_INJECTION.*ARGS:postid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- post.php postid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1500
1501 # (sid 2005220) ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month 
1502 SecRule REQUEST_URI_RAW "(?i:\/archives\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005220,rev:4,msg:'ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Blogger'"
1503 SecRule &TX:'/SQL_INJECTION.*ARGS:month/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Blogger SQL Injection Attempt -- archives.php month ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1504
1505 # (sid 2004622) ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment 
1506 SecRule REQUEST_URI_RAW "(?i:\/viewimage\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004622,rev:4,msg:'ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Particle_Gallery'"
1507 SecRule &TX:'/SQL_INJECTION.*ARGS:editcomment/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1508
1509 # (sid 2004093) ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id 
1510 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004093,rev:4,msg:'ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Phil-A-Form'"
1511 SecRule &TX:'/SQL_INJECTION.*ARGS:form_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Phil-a-Form SQL Injection Attempt -- index.php form_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1512
1513 # (sid 2004928) ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid 
1514 SecRule REQUEST_URI_RAW "(?i:\/philboard_forum\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004928,rev:4,msg:'ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Philboard'"
1515 SecRule &TX:'/SQL_INJECTION.*ARGS:forumid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Philboard SQL Injection Attempt -- philboard_forum.asp forumid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1516
1517 # (sid 2004909) ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id 
1518 SecRule REQUEST_URI_RAW "(?i:\/pollmentorres\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004909,rev:4,msg:'ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PollMentor'"
1519 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC PollMentor SQL Injection Attempt -- pollmentorres.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1520
1521 # (sid 2005625) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid 
1522 SecRule REQUEST_URI_RAW "(?i:\/simplog\/archive\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005625,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
1523 SecRule &TX:'/SQL_INJECTION.*ARGS:blogid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php blogid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1524
1525 # (sid 2005631) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid 
1526 SecRule REQUEST_URI_RAW "(?i:\/simplog\/archive\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005631,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
1527 SecRule &TX:'/SQL_INJECTION.*ARGS:pid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- archive.php pid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1528
1529 # (sid 2005637) ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid 
1530 SecRule REQUEST_URI_RAW "(?i:\/simplog\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005637,rev:4,msg:'ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Portix'"
1531 SecRule &TX:'/SQL_INJECTION.*ARGS:blogid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Portix-PHP SQL Injection Attempt -- index.php blogid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1532
1533 # (sid 2003803) ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id 
1534 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003803,rev:4,msg:'ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_PostNuke'"
1535 SecRule REQUEST_URI_RAW "@contains (" "chain"
1536 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC v4bJournal module PostNuke SQL Injection Attempt -- index.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1537
1538 # (sid 2006355) ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa 
1539 SecRule REQUEST_URI_RAW "(?i:\/lire\-avis\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006355,rev:4,msg:'ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ProNews'"
1540 SecRule &TX:'/SQL_INJECTION.*ARGS:aa/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ProNews SQL Injection Attempt -- lire-avis.php aa ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1541
1542 # (sid 2005685) ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id 
1543 SecRule REQUEST_URI_RAW "(?i:\/viewad\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005685,rev:4,msg:'ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rapid_Classified'"
1544 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rapid Classified SQL Injection Attempt -- viewad.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1545
1546 # (sid 2005025) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user 
1547 SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005025,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
1548 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1549
1550 # (sid 2005031) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password 
1551 SecRule REQUEST_URI_RAW "(?i:\/login\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005031,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
1552 SecRule &TX:'/SQL_INJECTION.*ARGS:password/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- login.asp password ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1553
1554 # (sid 2005097) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id 
1555 SecRule REQUEST_URI_RAW "(?i:\/user_confirm\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005097,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
1556 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1557
1558 # (sid 2005103) ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass 
1559 SecRule REQUEST_URI_RAW "(?i:\/user_confirm\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005103,rev:4,msg:'ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Raymond_Berthou'"
1560 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1561
1562 # (sid 2006943) ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid 
1563 SecRule REQUEST_URI_RAW "(?i:\/recipe\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006943,rev:3,msg:'ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Recipes_Complete'"
1564 SecRule &TX:'/SQL_INJECTION.*ARGS:recipeid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1565
1566 # (sid 2006949) ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid 
1567 SecRule REQUEST_URI_RAW "(?i:\/list\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006949,rev:3,msg:'ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Recipes_Complete'"
1568 SecRule &TX:'/SQL_INJECTION.*ARGS:categoryid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Recipes Complete Website SQL Injection Attempt -- list.php categoryid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1569
1570 # (sid 2003833) ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv 
1571 SecRule REQUEST_URI_RAW "(?i:\/edit_day\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003833,rev:4,msg:'ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ResManager'"
1572 SecRule REQUEST_URI_RAW "@contains (" "chain"
1573 SecRule &TX:'/SQL_INJECTION.*ARGS:id_reserv/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ResManager SQL Injection Attempt -- edit_day.php id_reserv ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1574
1575 # (sid 2004604) ET WEB_SPECIFIC RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php 
1576 SecRule REQUEST_URI_RAW "(?i:\/inc\/class_users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004604,rev:4,msg:'ET WEB_SPECIFIC RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RevokeSoft'"
1577 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1578
1579 # (sid 2005691) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID 
1580 SecRule REQUEST_URI_RAW "(?i:\/listfull\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005691,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1581 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listfull.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1582
1583 # (sid 2005697) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID 
1584 SecRule REQUEST_URI_RAW "(?i:\/printmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005697,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1585 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- printmain.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1586
1587 # (sid 2005703) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat 
1588 SecRule REQUEST_URI_RAW "(?i:\/listmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005703,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1589 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- listmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1590
1591 # (sid 2005709) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat 
1592 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005709,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1593 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1594
1595 # (sid 2005715) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat 
1596 SecRule REQUEST_URI_RAW "(?i:\/searchmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005715,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1597 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1598
1599 # (sid 2005721) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword 
1600 SecRule REQUEST_URI_RAW "(?i:\/searchkey\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005721,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1601 SecRule &TX:'/SQL_INJECTION.*ARGS:Keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp Keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1602
1603 # (sid 2005727) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area 
1604 SecRule REQUEST_URI_RAW "(?i:\/searchmain\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005727,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1605 SecRule &TX:'/SQL_INJECTION.*ARGS:area/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchmain.asp area ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1606
1607 # (sid 2005733) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area 
1608 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005733,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1609 SecRule &TX:'/SQL_INJECTION.*ARGS:area/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp area ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1610
1611 # (sid 2005740) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin 
1612 SecRule REQUEST_URI_RAW "(?i:\/searchkey\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005740,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1613 SecRule &TX:'/SQL_INJECTION.*ARGS:searchin/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchkey.asp searchin ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1614
1615 # (sid 2005746) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1 
1616 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005746,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1617 SecRule &TX:'/SQL_INJECTION.*ARGS:cost1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1618
1619 # (sid 2005752) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2 
1620 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005752,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1621 SecRule &TX:'/SQL_INJECTION.*ARGS:cost2/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp cost2 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1622
1623 # (sid 2005758) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1 
1624 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005758,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1625 SecRule &TX:'/SQL_INJECTION.*ARGS:acreage1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp acreage1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1626
1627 # (sid 2005764) ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 
1628 SecRule REQUEST_URI_RAW "(?i:\/searchoption\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005764,rev:4,msg:'ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rialto'"
1629 SecRule &TX:'/SQL_INJECTION.*ARGS:squarefeet1/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1630
1631 # (sid 2004664) ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria 
1632 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004664,rev:4,msg:'ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Rigter_portal'"
1633 SecRule &TX:'/SQL_INJECTION.*ARGS:categoria/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1634
1635 # (sid 2003821) ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries 
1636 SecRule REQUEST_URI_RAW "(?i:\/class\/debug\/debug_show\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003821,rev:4,msg:'ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RunCMS'"
1637 SecRule REQUEST_URI_RAW "@contains (" "chain"
1638 SecRule &TX:'/SQL_INJECTION.*ARGS:executed_queries/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC RunCms SQL Injection Attempt -- debug_show.php executed_queries ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1639
1640 # (sid 2003862) ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id 
1641 SecRule REQUEST_URI_RAW "(?i:\/devami\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003862,rev:4,msg:'ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_RunawaySoft'"
1642 SecRule REQUEST_URI_RAW "@contains (" "chain"
1643 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1644
1645 # (sid 2004467) ET WEB_SPECIFIC SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp 
1646 SecRule REQUEST_URI_RAW "(?i:\/cgi\-bin\/reorder2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004467,rev:4,msg:'ET WEB_SPECIFIC SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Salescart'"
1647 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1648
1649 # (sid 2004497) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name 
1650 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004497,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1651 SecRule &TX:'/SQL_INJECTION.*ARGS:name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1652
1653 # (sid 2004503) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country 
1654 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004503,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1655 SecRule &TX:'/SQL_INJECTION.*ARGS:country/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php country ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1656
1657 # (sid 2004509) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email 
1658 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004509,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1659 SecRule &TX:'/SQL_INJECTION.*ARGS:email/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php email ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1660
1661 # (sid 2004515) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website 
1662 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004515,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1663 SecRule &TX:'/SQL_INJECTION.*ARGS:website/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php website ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1664
1665 # (sid 2004521) ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message 
1666 SecRule REQUEST_URI_RAW "(?i:\/add2\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004521,rev:4,msg:'ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Savas'"
1667 SecRule &TX:'/SQL_INJECTION.*ARGS:message/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Savas Guestbook SQL Injection Attempt -- add2.php message ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1668
1669 # (sid 2004120) ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid 
1670 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004120,rev:4,msg:'ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ScriptMagix'"
1671 SecRule &TX:'/SQL_INJECTION.*ARGS:catid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ScriptMagix Jokes SQL Injection Attempt -- index.php catid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1672
1673 # (sid 2006313) ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid 
1674 SecRule REQUEST_URI_RAW "(?i:\/utilities\/usermessages\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006313,rev:4,msg:'ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ScriptMate'"
1675 SecRule &TX:'/SQL_INJECTION.*ARGS:mesid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1676
1677 # (sid 2004419) ET WEB_SPECIFIC Serendipity SQL Injection Attempt -- index.php serendipity 
1678 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004419,rev:4,msg:'ET WEB_SPECIFIC Serendipity SQL Injection Attempt -- index.php serendipity ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Serendipity'"
1679 SecRule REQUEST_URI_RAW "@contains serendipity[multiCat][" "chain"
1680 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1681
1682 # (sid 2005794) ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID 
1683 SecRule REQUEST_URI_RAW "(?i:\/orange\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005794,rev:4,msg:'ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ShopStoreNow'"
1684 SecRule &TX:'/SQL_INJECTION.*ARGS:CatID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1685
1686 # (sid 2003856) ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr 
1687 SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003856,rev:4,msg:'ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SimpleNews'"
1688 SecRule REQUEST_URI_RAW "@contains (" "chain"
1689 SecRule &TX:'/SQL_INJECTION.*ARGS:newsnr/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SimpNews SQL Injection Attempt -- print.php newsnr ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1690
1691 # (sid 2004783) ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username 
1692 SecRule REQUEST_URI_RAW "(?i:\/logon_user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004783,rev:4,msg:'ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_PHP_Portal'"
1693 SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- logon_user.php username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1694
1695 # (sid 2004789) ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username 
1696 SecRule REQUEST_URI_RAW "(?i:\/update_profile\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004789,rev:4,msg:'ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_PHP_Portal'"
1697 SecRule &TX:'/SQL_INJECTION.*ARGS:username/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple PHP Forum SQL Injection Attempt -- update_profile.php username ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1698
1699 # (sid 2005875) ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id 
1700 SecRule REQUEST_URI_RAW "(?i:\/page\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005875,rev:4,msg:'ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Simple_Web_CMS'"
1701 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Simple Web Content Management System SQL Injection Attempt -- page.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1702
1703 # (sid 2005522) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps 
1704 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005522,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1705 SecRule &TX:'/SQL_INJECTION.*ARGS:ps/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php ps ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1706
1707 # (sid 2005528) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us 
1708 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005528,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1709 SecRule &TX:'/SQL_INJECTION.*ARGS:us/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php us ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1710
1711 # (sid 2005534) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f 
1712 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005534,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1713 SecRule &TX:'/SQL_INJECTION.*ARGS:f/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php f ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1714
1715 # (sid 2005540) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code 
1716 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005540,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1717 SecRule &TX:'/SQL_INJECTION.*ARGS:code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- index.php code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1718
1719 # (sid 2005546) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code 
1720 SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005546,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1721 SecRule &TX:'/SQL_INJECTION.*ARGS:code/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php code ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1722
1723 # (sid 2005552) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f 
1724 SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005552,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1725 SecRule &TX:'/SQL_INJECTION.*ARGS:f/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php f ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1726
1727 # (sid 2005558) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us 
1728 SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005558,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1729 SecRule &TX:'/SQL_INJECTION.*ARGS:us/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php us ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1730
1731 # (sid 2005564) ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps 
1732 SecRule REQUEST_URI_RAW "(?i:\/dl\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005564,rev:4,msg:'ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SmE'"
1733 SecRule &TX:'/SQL_INJECTION.*ARGS:ps/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SmE FileMailer SQL Injection Attempt -- dl.php ps ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1734
1735 # (sid 2004867) ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id 
1736 SecRule REQUEST_URI_RAW "(?i:\/pop_profile\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004867,rev:4,msg:'ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Snitz'"
1737 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1738
1739 # (sid 2006133) ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent 
1740 SecRule REQUEST_URI_RAW "(?i:\/list\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006133,rev:4,msg:'ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Softwebs'"
1741 SecRule &TX:'/SQL_INJECTION.*ARGS:agent/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1742
1743 # (sid 2006484) ET WEB_SPECIFIC Solar Empire SQL Injection Attempt -- game_listing.php 
1744 SecRule REQUEST_URI_RAW "(?i:\/game_listing\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006484,rev:4,msg:'ET WEB_SPECIFIC Solar Empire SQL Injection Attempt -- game_listing.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Solar_Empire'"
1745 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1746
1747 # (sid 2004383) ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list 
1748 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004383,rev:4,msg:'ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SonicMailer'"
1749 SecRule &TX:'/SQL_INJECTION.*ARGS:list/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Triexa SonicMailer Pro SQL Injection Attempt -- index.php list ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1750
1751 # (sid 2004820) ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category 
1752 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004820,rev:4,msg:'ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Sphider'"
1753 SecRule &TX:'/SQL_INJECTION.*ARGS:category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Sphider SQL Injection Attempt -- search.php category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1754
1755 # (sid 2005156) ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines 
1756 SecRule REQUEST_URI_RAW "(?i:\/rss\/show_webfeed\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005156,rev:4,msg:'ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_SpoonLabs'"
1757 SecRule &TX:'/SQL_INJECTION.*ARGS:wcHeadlines/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1758
1759 # (sid 2004826) ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat 
1760 SecRule REQUEST_URI_RAW "(?i:\/directory\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004826,rev:4,msg:'ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Super_Link_Exchange'"
1761 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Super Link Exchange Script SQL Injection Attempt -- directory.php cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1762
1763 # (sid 2006637) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp 
1764 SecRule REQUEST_URI_RAW "(?i:\/sendarticle\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006637,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
1765 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1766
1767 # (sid 2006643) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp 
1768 SecRule REQUEST_URI_RAW "(?i:\/printarticle\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006643,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
1769 SecRule QUERY_STRING|REQUEST_BODY "(?i:.+\(.+SELECT)"
1770
1771 # (sid 2006649) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID 
1772 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006649,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
1773 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1774
1775 # (sid 2006655) ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID 
1776 SecRule REQUEST_URI_RAW "(?i:\/preferences\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006655,rev:4,msg:'ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Superfreaker'"
1777 SecRule &TX:'/SQL_INJECTION.*ARGS:ID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1778
1779 # (sid 2005571) ET WEB_SPECIFIC ThWboard SQL Injection Attempt -- index.php board 
1780 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005571,rev:4,msg:'ET WEB_SPECIFIC ThWboard SQL Injection Attempt -- index.php board ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ThWboard'"
1781 SecRule REQUEST_URI_RAW "@contains board[" "chain"
1782 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1783
1784 # (sid 2006007) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname 
1785 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006007,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1786 SecRule &TX:'/SQL_INJECTION.*ARGS:lastname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php lastname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1787
1788 # (sid 2006013) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname 
1789 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006013,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1790 SecRule &TX:'/SQL_INJECTION.*ARGS:firstname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php firstname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1791
1792 # (sid 2006019) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld 
1793 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006019,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1794 SecRule &TX:'/SQL_INJECTION.*ARGS:passwordOld/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordOld ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1795
1796 # (sid 2006025) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew 
1797 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006025,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1798 SecRule &TX:'/SQL_INJECTION.*ARGS:passwordNew/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php passwordNew ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1799
1800 # (sid 2006031) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id 
1801 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006031,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1802 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1803
1804 # (sid 2006037) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language 
1805 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006037,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1806 SecRule &TX:'/SQL_INJECTION.*ARGS:language/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php language ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1807
1808 # (sid 2006043) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter 
1809 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006043,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1810 SecRule &TX:'/SQL_INJECTION.*ARGS:defaultLetter/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php defaultLetter ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1811
1812 # (sid 2006049) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass 
1813 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006049,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1814 SecRule &TX:'/SQL_INJECTION.*ARGS:newuserPass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserPass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1815
1816 # (sid 2006055) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType 
1817 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006055,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1818 SecRule &TX:'/SQL_INJECTION.*ARGS:newuserType/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserType ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1819
1820 # (sid 2006061) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail 
1821 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006061,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1822 SecRule &TX:'/SQL_INJECTION.*ARGS:newuserEmail/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- user.php newuserEmail ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1823
1824 # (sid 2006067) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo 
1825 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006067,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1826 SecRule &TX:'/SQL_INJECTION.*ARGS:goTo/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php goTo ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1827
1828 # (sid 2006073) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search 
1829 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006073,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1830 SecRule &TX:'/SQL_INJECTION.*ARGS:search/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- search.php search ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1831
1832 # (sid 2006079) ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName 
1833 SecRule REQUEST_URI_RAW "(?i:\/save\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006079,rev:4,msg:'ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_The_Address_Book'"
1834 SecRule &TX:'/SQL_INJECTION.*ARGS:groupAddName/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC The Address Book SQL Injection Attempt -- save.php groupAddName ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1835
1836 # (sid 2004873) ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id 
1837 SecRule REQUEST_URI_RAW "(?i:\/h_goster\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004873,rev:4,msg:'ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Turuncu'"
1838 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Turuncu Portal SQL Injection Attempt -- h_goster.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1839
1840 # (sid 2004676) ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug 
1841 SecRule REQUEST_URI_RAW "(?i:\/ViewReport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004676,rev:4,msg:'ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Tyger_Bug_Tracker'"
1842 SecRule &TX:'/SQL_INJECTION.*ARGS:bug/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1843
1844 # (sid 2004681) ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s 
1845 SecRule REQUEST_URI_RAW "(?i:\/ViewBugs\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004681,rev:4,msg:'ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Tyger_Bug_Tracker'"
1846 SecRule &TX:'/SQL_INJECTION.*ARGS:s/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1847
1848 # (sid 2005237) ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid 
1849 SecRule REQUEST_URI_RAW "(?i:\/banner\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005237,rev:4,msg:'ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_UDS'"
1850 SecRule &TX:'/SQL_INJECTION.*ARGS:bid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Unique Ads (UDS) SQL Injection Attempt -- banner.php bid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1851
1852 # (sid 2006890) ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci 
1853 SecRule REQUEST_URI_RAW "(?i:\/slideshow\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006890,rev:4,msg:'ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Uapplication'"
1854 SecRule &TX:'/SQL_INJECTION.*ARGS:ci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1855
1856 # (sid 2006896) ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci 
1857 SecRule REQUEST_URI_RAW "(?i:\/thumbnails\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006896,rev:4,msg:'ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Uapplication'"
1858 SecRule &TX:'/SQL_INJECTION.*ARGS:ci/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1859
1860 # (sid 2005007) ET WEB_SPECIFIC Ublog Reload SQL Injection Attempt -- badword.asp 
1861 SecRule REQUEST_URI_RAW "(?i:\/badword\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005007,rev:4,msg:'ET WEB_SPECIFIC Ublog Reload SQL Injection Attempt -- badword.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ublog'"
1862 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
1863
1864 # (sid 2007203) ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat 
1865 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007203,rev:3,msg:'ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ultimate_Survey'"
1866 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1867
1868 # (sid 2007209) ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did 
1869 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007209,rev:3,msg:'ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Ultimate_Survey'"
1870 SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ultimate Survey Pro SQL Injection Attempt -- index.asp did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1871
1872 # (sid 2005673) ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname 
1873 SecRule REQUEST_URI_RAW "(?i:\/shopgiftregsearch\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005673,rev:4,msg:'ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_VP-ASP'"
1874 SecRule &TX:'/SQL_INJECTION.*ARGS:LoginLastname/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1875
1876 # (sid 2006607) ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user 
1877 SecRule REQUEST_URI_RAW "(?i:\/vf_memberdetail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006607,rev:4,msg:'ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_VT_Forum'"
1878 SecRule &TX:'/SQL_INJECTION.*ARGS:user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1879
1880 # (sid 2006283) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod 
1881 SecRule REQUEST_URI_RAW "(?i:\/repass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006283,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
1882 SecRule &TX:'/SQL_INJECTION.*ARGS:nick_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1883
1884 # (sid 2006289) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick 
1885 SecRule REQUEST_URI_RAW "(?i:\/repass\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006289,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
1886 SecRule &TX:'/SQL_INJECTION.*ARGS:nick/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- repass.php nick ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1887
1888 # (sid 2006295) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick 
1889 SecRule REQUEST_URI_RAW "(?i:\/verify\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006295,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
1890 SecRule &TX:'/SQL_INJECTION.*ARGS:nick/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1891
1892 # (sid 2006301) ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod 
1893 SecRule REQUEST_URI_RAW "(?i:\/verify\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006301,rev:4,msg:'ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Verliadmin'"
1894 SecRule &TX:'/SQL_INJECTION.*ARGS:nick_mod/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC VerliAdmin SQL Injection Attempt -- verify.php nick_mod ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1895
1896 # (sid 2005497) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid 
1897 SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005497,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
1898 SecRule &TX:'/SQL_INJECTION.*ARGS:Itemid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1899
1900 # (sid 2005503) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id 
1901 SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005503,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
1902 SecRule &TX:'/SQL_INJECTION.*ARGS:product_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1903
1904 # (sid 2005509) ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id 
1905 SecRule REQUEST_URI_RAW "(?i:\/virtuemart_parser\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005509,rev:4,msg:'ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Virtuemart'"
1906 SecRule &TX:'/SQL_INJECTION.*ARGS:category_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1907
1908 # (sid 2003997) ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id 
1909 SecRule REQUEST_URI_RAW "(?i:\/default\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003997,rev:4,msg:'ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vizayn'"
1910 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1911
1912 # (sid 2005893) ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id 
1913 SecRule REQUEST_URI_RAW "(?i:\/haberdetay\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005893,rev:4,msg:'ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vizayn'"
1914 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Vizayn Haber SQL Injection Attempt -- haberdetay.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1915
1916 # (sid 2007420) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat 
1917 SecRule REQUEST_URI_RAW "(?i:\/cat\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007420,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1918 SecRule &TX:'/SQL_INJECTION.*ARGS:cat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- cat.asp cat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1919
1920 # (sid 2007426) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword 
1921 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007426,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1922 SecRule &TX:'/SQL_INJECTION.*ARGS:keyword/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp keyword ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1923
1924 # (sid 2007432) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order 
1925 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007432,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1926 SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1927
1928 # (sid 2007438) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort 
1929 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007438,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1930 SecRule &TX:'/SQL_INJECTION.*ARGS:sort/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp sort ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1931
1932 # (sid 2007444) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect 
1933 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007444,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1934 SecRule &TX:'/SQL_INJECTION.*ARGS:menuSelect/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1935
1936 # (sid 2007450) ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state 
1937 SecRule REQUEST_URI_RAW "(?i:\/search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007450,rev:3,msg:'ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Vspin'"
1938 SecRule &TX:'/SQL_INJECTION.*ARGS:state/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSpin.net Classified System SQL Injection Attempt -- search.asp state ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1939
1940 # (sid 2004132) ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum 
1941 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004132,rev:4,msg:'ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W-Agora'"
1942 SecRule &TX:'/SQL_INJECTION.*ARGS:search_forum/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_forum ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1943
1944 # (sid 2004138) ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user 
1945 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004138,rev:4,msg:'ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W-Agora'"
1946 SecRule &TX:'/SQL_INJECTION.*ARGS:search_user/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC w-Agora SQL Injection Attempt -- search.php search_user ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1947
1948 # (sid 2004651) ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id 
1949 SecRule REQUEST_URI_RAW "(?i:\/urunbak\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004651,rev:4,msg:'ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W1L3D4_WEBmarlet'"
1950 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1951
1952 # (sid 2005308) ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft 
1953 SecRule REQUEST_URI_RAW "(?i:\/mailer\.w2b)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005308,rev:4,msg:'ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W2B'"
1954 SecRule &TX:'/SQL_INJECTION.*ARGS:draft/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1955
1956 # (sid 2005190) ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay 
1957 SecRule REQUEST_URI_RAW "(?i:\/DocPay\.w2b)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005190,rev:4,msg:'ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_W2B'"
1958 SecRule &TX:'/SQL_INJECTION.*ARGS:listDocPay/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1959
1960 # (sid 2004318) ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id 
1961 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004318,rev:4,msg:'ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WBBlog'"
1962 SecRule &TX:'/SQL_INJECTION.*ARGS:e_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WBBlog SQL Injection Attempt -- index.php e_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1963
1964 # (sid 2005953) ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key 
1965 SecRule REQUEST_URI_RAW "(?i:\/coupon_detail\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005953,rev:4,msg:'ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WDFL'"
1966 SecRule &TX:'/SQL_INJECTION.*ARGS:key/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1967
1968 # (sid 2003768) ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid 
1969 SecRule REQUEST_URI_RAW "(?i:\/viewcat\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003768,rev:4,msg:'ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WF-Links'"
1970 SecRule REQUEST_URI_RAW "@contains (" "chain"
1971 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1972
1973 # (sid 2004257) ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id 
1974 SecRule REQUEST_URI_RAW "(?i:\/comments\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004257,rev:4,msg:'ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WSN'"
1975 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WSN Guest SQL Injection Attempt -- comments.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1976
1977 # (sid 2006459) ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page 
1978 SecRule REQUEST_URI_RAW "(?i:\/content\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006459,rev:4,msg:'ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WSPortal'"
1979 SecRule &TX:'/SQL_INJECTION.*ARGS:page/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WSPortal SQL Injection Attempt -- content.php page ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1980
1981 # (sid 2005959) ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num 
1982 SecRule REQUEST_URI_RAW "(?i:\/phonemessage\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005959,rev:4,msg:'ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WYWO'"
1983 SecRule &TX:'/SQL_INJECTION.*ARGS:num/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1984
1985 # (sid 2005965) ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode 
1986 SecRule REQUEST_URI_RAW "(?i:\/faqDsp\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005965,rev:4,msg:'ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WYWO'"
1987 SecRule &TX:'/SQL_INJECTION.*ARGS:catcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1988
1989 # (sid 2006979) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login 
1990 SecRule REQUEST_URI_RAW "(?i:\/process\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006979,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
1991 SecRule &TX:'/SQL_INJECTION.*ARGS:login/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php login ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1992
1993 # (sid 2006985) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password 
1994 SecRule REQUEST_URI_RAW "(?i:\/process\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006985,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
1995 SecRule &TX:'/SQL_INJECTION.*ARGS:password/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- process.php password ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
1996
1997 # (sid 2006991) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid 
1998 SecRule REQUEST_URI_RAW "(?i:\/dlwallpaper\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006991,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
1999 SecRule &TX:'/SQL_INJECTION.*ARGS:wallpaperid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2000
2001 # (sid 2006997) ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid 
2002 SecRule REQUEST_URI_RAW "(?i:\/wallpaper\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006997,rev:4,msg:'ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wallpaper_Complete'"
2003 SecRule &TX:'/SQL_INJECTION.*ARGS:wallpaperid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2004
2005 # (sid 2007074) ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID 
2006 SecRule REQUEST_URI_RAW "(?i:\/item\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007074,rev:3,msg:'ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Warhound'"
2007 SecRule &TX:'/SQL_INJECTION.*ARGS:ItemID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2008
2009 # (sid 2004758) ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid 
2010 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004758,rev:4,msg:'ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebMplayer'"
2011 SecRule &TX:'/SQL_INJECTION.*ARGS:strid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- index.php strid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2012
2013 # (sid 2004764) ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- filecheck.php id 
2014 SecRule REQUEST_URI_RAW "(?i:\/filecheck\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004764,rev:4,msg:'ET WEB_SPECIFIC WebMplayer SQL Injection Attempt -- filecheck.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebMplayer'"
2015 SecRule REQUEST_URI_RAW "@contains id[" "chain"
2016 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2017
2018 # (sid 2004915) ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID 
2019 SecRule REQUEST_URI_RAW "(?i:\/directions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004915,rev:4,msg:'ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_WebTester'"
2020 SecRule &TX:'/SQL_INJECTION.*ARGS:testID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WebTester SQL Injection Attempt -- directions.php testID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2021
2022 # (sid 2004776) ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id 
2023 SecRule REQUEST_URI_RAW "(?i:\/connexion\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004776,rev:4,msg:'ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Ban'"
2024 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Ban SQL Injection Attempt -- connexion.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2025
2026 # (sid 2004228) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- functions_filters.asp 
2027 SecRule REQUEST_URI_RAW "(?i:\/functions\/functions_filters\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004228,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- functions_filters.asp ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
2028 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2029
2030 # (sid 2004439) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name 
2031 SecRule REQUEST_URI_RAW "(?i:\/forum\/pop_up_member_search\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004439,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
2032 SecRule &TX:'/SQL_INJECTION.*ARGS:name/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2033
2034 # (sid 2004239) ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID 
2035 SecRule REQUEST_URI_RAW "(?i:\/News\/page\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004239,rev:4,msg:'ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Web_Wiz'"
2036 SecRule &TX:'/SQL_INJECTION.*ARGS:NewsID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Web Wiz Forums SQL Injection Attempt -- page.asp NewsID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2037
2038 # (sid 2005231) ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID 
2039 SecRule REQUEST_URI_RAW "(?i:\/eWebQuiz\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005231,rev:4,msg:'ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Website_Baker'"
2040 SecRule &TX:'/SQL_INJECTION.*ARGS:QuizID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2041
2042 # (sid 2004144) ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order 
2043 SecRule REQUEST_URI_RAW "(?i:\/check_vote\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004144,rev:4,msg:'ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Weekly_Drawing'"
2044 SecRule &TX:'/SQL_INJECTION.*ARGS:order/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2045
2046 # (sid 2004251) ET WEB_SPECIFIC Woltlab Burning Board SQL Injection Attempt -- usergroups.php 
2047 SecRule REQUEST_URI_RAW "(?i:\/usergroups\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004251,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board SQL Injection Attempt -- usergroups.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2048 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2049
2050 # (sid 2005001) ET WEB_SPECIFIC Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid 
2051 SecRule REQUEST_URI_RAW "(?i:\/pms\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005001,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2052 SecRule REQUEST_URI_RAW "@contains pmid[" "chain"
2053 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2054
2055 # (sid 2005284) ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids 
2056 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005284,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2057 SecRule REQUEST_URI_RAW "@contains boardids[" "chain"
2058 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2059
2060 # (sid 2005290) ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board 
2061 SecRule REQUEST_URI_RAW "(?i:\/search\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005290,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2062 SecRule REQUEST_URI_RAW "@contains board[" "chain"
2063 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2064
2065 # (sid 2006925) ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit 
2066 SecRule REQUEST_URI_RAW "(?i:\/thread\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006925,rev:4,msg:'ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Woltlab'"
2067 SecRule &TX:'/SQL_INJECTION.*ARGS:threadvisit/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2068
2069 # (sid 2004015) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie 
2070 SecRule REQUEST_URI_RAW "(?i:\/wp\-admin\/admin\-ajax\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004015,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2071 SecRule &TX:'/SQL_INJECTION.*ARGS:cookie/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-ajax.php cookie ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2072
2073 # (sid 2004407) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-functions.php 
2074 SecRule REQUEST_URI_RAW "(?i:\/wp\-admin\/admin\-functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004407,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- admin-functions.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2075 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2076
2077 # (sid 2004658) ET WEB_SPECIFIC Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php 
2078 SecRule REQUEST_URI_RAW "(?i:\/xmlrpc\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004658,rev:4,msg:'ET WEB_SPECIFIC Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2079 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2080
2081 # (sid 2005661) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php 
2082 SecRule REQUEST_URI_RAW "(?i:\/wp\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005661,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2083 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2084
2085 # (sid 2005869) ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php 
2086 SecRule REQUEST_URI_RAW "(?i:\/wp\-trackback\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005869,rev:4,msg:'ET WEB_SPECIFIC WordPress SQL Injection Attempt -- wp-trackback.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Wordpress'"
2087 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2088
2089 # (sid 2004347) ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id 
2090 SecRule REQUEST_URI_RAW "(?i:\/devami\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004347,rev:4,msg:'ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-Ice_News'"
2091 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-Ice News System SQL Injection Attempt -- devami.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2092
2093 # (sid 2005121) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id 
2094 SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005121,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
2095 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2096
2097 # (sid 2005127) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from 
2098 SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005127,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
2099 SecRule &TX:'/SQL_INJECTION.*ARGS:from/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php from ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2100
2101 # (sid 2005133) ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q 
2102 SecRule REQUEST_URI_RAW "(?i:\/classes\/class\.news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005133,rev:4,msg:'ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_X-dev'"
2103 SecRule &TX:'/SQL_INJECTION.*ARGS:q/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC X-dev xNews SQL Injection Attempt -- class.news.php q ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2104
2105 # (sid 2004861) ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album 
2106 SecRule REQUEST_URI_RAW "(?i:\/view\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004861,rev:4,msg:'ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_XLAtunes'"
2107 SecRule &TX:'/SQL_INJECTION.*ARGS:album/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC XLAtunes SQL Injection Attempt -- view.php album ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2108
2109 # (sid 2005382) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id 
2110 SecRule REQUEST_URI_RAW "(?i:\/kernel\/group\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005382,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
2111 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- group.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2112
2113 # (sid 2005388) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid 
2114 SecRule REQUEST_URI_RAW "(?i:\/class\/table_broken\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005388,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
2115 SecRule &TX:'/SQL_INJECTION.*ARGS:lid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- table_broken.php lid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2116
2117 # (sid 2006490) ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id 
2118 SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006490,rev:4,msg:'ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xoops'"
2119 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xoops SQL Injection Attempt -- print.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2120
2121 # (sid 2006217) ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news 
2122 SecRule REQUEST_URI_RAW "(?i:\/show_news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006217,rev:4,msg:'ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xt-News'"
2123 SecRule &TX:'/SQL_INJECTION.*ARGS:id_news/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xt-News SQL Injection Attempt -- show_news.php id_news ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2124
2125 # (sid 2005613) ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder 
2126 SecRule REQUEST_URI_RAW "(?i:\/displaypic\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005613,rev:4,msg:'ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Xtreme'"
2127 SecRule &TX:'/SQL_INJECTION.*ARGS:sortorder/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2128
2129 # (sid 2004807) ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id 
2130 SecRule REQUEST_URI_RAW "(?i:\/functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004807,rev:4,msg:'ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_ZephyrSoft'"
2131 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2132
2133 # (sid 2005196) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id 
2134 SecRule REQUEST_URI_RAW "(?i:\/mezungiris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005196,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
2135 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2136
2137 # (sid 2005202) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass 
2138 SecRule REQUEST_URI_RAW "(?i:\/mezungiris\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005202,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
2139 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2140
2141 # (sid 2005208) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass 
2142 SecRule REQUEST_URI_RAW "(?i:\/ogretmenkontrol\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005208,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
2143 SecRule &TX:'/SQL_INJECTION.*ARGS:pass/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2144
2145 # (sid 2005214) ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id 
2146 SecRule REQUEST_URI_RAW "(?i:\/ogretmenkontrol\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005214,rev:4,msg:'ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zindizayn'"
2147 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2148
2149 # (sid 2003985) ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler 
2150 SecRule REQUEST_URI_RAW "(?i:\/plugins\/mp3playlist\/mp3playlist\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003985,rev:4,msg:'ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_Zomplog'"
2151 SecRule &TX:'/SQL_INJECTION.*ARGS:speler/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC Zomplog SQL Injection Attempt -- mp3playlist.php speler ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2152
2153 # (sid 2005983) ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode 
2154 SecRule REQUEST_URI_RAW "(?i:\/faqDsp\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005983,rev:4,msg:'ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_aFAQ'"
2155 SecRule &TX:'/SQL_INJECTION.*ARGS:catcode/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC aFAQ SQL Injection Attempt -- faqDsp.asp catcode ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2156
2157 # (sid 2005328) ET WEB_SPECIFIC bbPress SQL Injection Attempt -- formatting-functions.php 
2158 SecRule REQUEST_URI_RAW "(?i:\/bb\-includes\/formatting\-functions\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005328,rev:4,msg:'ET WEB_SPECIFIC bbPress SQL Injection Attempt -- formatting-functions.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_bbPress'"
2159 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2160
2161 # (sid 2005770) ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk 
2162 SecRule REQUEST_URI_RAW "(?i:\/newsletters\/edition\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005770,rev:4,msg:'ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_bitweaver'"
2163 SecRule &TX:'/SQL_INJECTION.*ARGS:tk/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC bitweaver SQL Injection Attempt -- edition.php tk ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2164
2165 # (sid 2006175) ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse 
2166 SecRule REQUEST_URI_RAW "(?i:\/SelGruFra\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006175,rev:4,msg:'ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_chatwm'"
2167 SecRule &TX:'/SQL_INJECTION.*ARGS:txtUse/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtUse ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2168
2169 # (sid 2006181) ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas 
2170 SecRule REQUEST_URI_RAW "(?i:\/SelGruFra\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006181,rev:4,msg:'ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_chatwm'"
2171 SecRule &TX:'/SQL_INJECTION.*ARGS:txtPas/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC chatwm SQL Injection Attempt -- SelGruFra.asp txtPas ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2172
2173 # (sid 2004057) ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category 
2174 SecRule REQUEST_URI_RAW "(?i:\/category\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004057,rev:4,msg:'ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_cpCommerce'"
2175 SecRule &TX:'/SQL_INJECTION.*ARGS:id_category/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- category.php id_category ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2176
2177 # (sid 2004105) ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer 
2178 SecRule REQUEST_URI_RAW "(?i:\/manufacturer\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004105,rev:4,msg:'ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_cpCommerce'"
2179 SecRule &TX:'/SQL_INJECTION.*ARGS:id_manufacturer/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2180
2181 # (sid 2005037) ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id 
2182 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005037,rev:4,msg:'ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dB_Masters'"
2183 SecRule &TX:'/SQL_INJECTION.*ARGS:c_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dB Masters Curium CMS SQL Injection Attempt -- news.php c_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2184
2185 # (sid 2006955) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id 
2186 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006955,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
2187 SecRule &TX:'/SQL_INJECTION.*ARGS:seite_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php seite_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2188
2189 # (sid 2006961) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id 
2190 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006961,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
2191 SecRule &TX:'/SQL_INJECTION.*ARGS:gruppe_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php gruppe_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2192
2193 # (sid 2006967) ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target 
2194 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006967,rev:4,msg:'ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dev4u'"
2195 SecRule &TX:'/SQL_INJECTION.*ARGS:go_target/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dev4u CMS SQL Injection Attempt -- index.php go_target ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2196
2197 # (sid 2006619) ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc 
2198 SecRule REQUEST_URI_RAW "(?i:\/dettaglio\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006619,rev:4,msg:'ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dol_storye'"
2199 SecRule &TX:'/SQL_INJECTION.*ARGS:id_doc/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_doc ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2200
2201 # (sid 2006625) ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut 
2202 SecRule REQUEST_URI_RAW "(?i:\/dettaglio\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006625,rev:4,msg:'ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_dol_storye'"
2203 SecRule &TX:'/SQL_INJECTION.*ARGS:id_aut/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC dol storye SQL Injection Attempt -- dettaglio.asp id_aut ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2204
2205 # (sid 2005929) ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did 
2206 SecRule REQUEST_URI_RAW "(?i:\/mod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005929,rev:4,msg:'ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_eNdonesia'"
2207 SecRule &TX:'/SQL_INJECTION.*ARGS:did/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php did ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2208
2209 # (sid 2005935) ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid 
2210 SecRule REQUEST_URI_RAW "(?i:\/mod\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005935,rev:4,msg:'ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_eNdonesia'"
2211 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC eNdonesia SQL Injection Attempt -- mod.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2212
2213 # (sid 2007378) ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which 
2214 SecRule REQUEST_URI_RAW "(?i:\/index1\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007378,rev:3,msg:'ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
2215 SecRule &TX:'/SQL_INJECTION.*ARGS:which/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsGallery SQL Injection Attempt -- index1.asp which ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2216
2217 # (sid 2007384) ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat 
2218 SecRule REQUEST_URI_RAW "(?i:\/default2\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007384,rev:3,msg:'ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
2219 SecRule &TX:'/SQL_INJECTION.*ARGS:kat/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsForum SQL Injection Attempt -- default2.asp kat ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2220
2221 # (sid 2007390) ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid 
2222 SecRule REQUEST_URI_RAW "(?i:\/index\.asp)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2007390,rev:3,msg:'ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_fips'"
2223 SecRule &TX:'/SQL_INJECTION.*ARGS:fid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC fipsCMS SQL Injection Attempt -- index.asp fid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2224
2225 # (sid 2004112) ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid 
2226 SecRule REQUEST_URI_RAW "(?i:\/getnewsitem\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004112,rev:4,msg:'ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_gCards'"
2227 SecRule &TX:'/SQL_INJECTION.*ARGS:newsid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC gCards SQL Injection Attempt -- getnewsitem.php newsid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2228
2229 # (sid 2005809) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id 
2230 SecRule REQUEST_URI_RAW "(?i:\/display_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005809,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
2231 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2232
2233 # (sid 2005815) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie 
2234 SecRule REQUEST_URI_RAW "(?i:\/display_review\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005815,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
2235 SecRule &TX:'/SQL_INJECTION.*ARGS:user_login_cookie/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2236
2237 # (sid 2005821) ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id 
2238 SecRule REQUEST_URI_RAW "(?i:\/compare_product\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005821,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
2239 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Shop SQL Injection Attempt -- compare_product.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2240
2241 # (sid 2005827) ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id 
2242 SecRule REQUEST_URI_RAW "(?i:\/user\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005827,rev:4,msg:'ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iGeneric'"
2243 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iGeneric iG Calendar SQL Injection Attempt -- user.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2244
2245 # (sid 2006613) ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D 
2246 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2006613,rev:4,msg:'ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_iWare_Pro'"
2247 SecRule &TX:'/SQL_INJECTION.*ARGS:D/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC iWare Professional SQL Injection Attempt -- index.php D ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2248
2249 # (sid 2004844) ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor 
2250 SecRule REQUEST_URI_RAW "(?i:\/install\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004844,rev:4,msg:'ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_mcRefer'"
2251 SecRule &TX:'/SQL_INJECTION.*ARGS:bgcolor/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC mcRefer SQL Injection Attempt -- install.php bgcolor ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2252
2253 # (sid 2004472) ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id 
2254 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004472,rev:4,msg:'ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_myBloggie'"
2255 SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2256
2257 # (sid 2004478) ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year 
2258 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004478,rev:4,msg:'ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_myBloggie'"
2259 SecRule &TX:'/SQL_INJECTION.*ARGS:year/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC myBloggie SQL Injection Attempt -- index.php year ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2260
2261 # (sid 2004009) ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id 
2262 SecRule REQUEST_URI_RAW "(?i:\/read\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004009,rev:4,msg:'ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_olboolmarks'"
2263 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC ol\'bookmarks SQL Injection Attempt -- index.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2264
2265 # (sid 2004903) ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid 
2266 SecRule REQUEST_URI_RAW "(?i:\/nickpage\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004903,rev:4,msg:'ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpCC'"
2267 SecRule &TX:'/SQL_INJECTION.*ARGS:npid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpCC SQL Injection Attempt -- nickpage.php npid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2268
2269 # (sid 2004174) ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id 
2270 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004174,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2271 SecRule &TX:'/SQL_INJECTION.*ARGS:image_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php image_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2272
2273 # (sid 2004180) ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id 
2274 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004180,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2275 SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- gallery.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2276
2277 # (sid 2004186) ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id 
2278 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004186,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2279 SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2280
2281 # (sid 2004192) ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id 
2282 SecRule REQUEST_URI_RAW "(?i:\/print\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004192,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2283 SecRule &TX:'/SQL_INJECTION.*ARGS:news_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- print.php news_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2284
2285 # (sid 2004198) ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id 
2286 SecRule REQUEST_URI_RAW "(?i:\/news\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004198,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2287 SecRule &TX:'/SQL_INJECTION.*ARGS:news_cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- news.php news_cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2288
2289 # (sid 2004204) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id 
2290 SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004204,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2291 SecRule &TX:'/SQL_INJECTION.*ARGS:cat_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php cat_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2292
2293 # (sid 2004210) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id 
2294 SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004210,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2295 SecRule &TX:'/SQL_INJECTION.*ARGS:topic_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php topic_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2296
2297 # (sid 2004216) ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id 
2298 SecRule REQUEST_URI_RAW "(?i:\/forums\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004216,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2299 SecRule &TX:'/SQL_INJECTION.*ARGS:post_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- forums.php post_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2300
2301 # (sid 2004222) ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id 
2302 SecRule REQUEST_URI_RAW "(?i:\/users\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004222,rev:4,msg:'ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_phpx'"
2303 SecRule &TX:'/SQL_INJECTION.*ARGS:user_id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC phpx SQL Injection Attempt -- users.php user_id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2304
2305 # (sid 2003786) ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid 
2306 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2003786,rev:4,msg:'ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_pnFlashGames'"
2307 SecRule REQUEST_URI_RAW "@contains (" "chain"
2308 SecRule &TX:'/SQL_INJECTION.*ARGS:cid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC pnFlashGames SQL Injection Attempt -- index.php cid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2309
2310 # (sid 2005667) ET WEB_SPECIFIC uniForum SQL Injection Attempt -- wbsearch.aspx 
2311 SecRule REQUEST_URI_RAW "(?i:\/wbsearch\.aspx)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005667,rev:4,msg:'ET WEB_SPECIFIC uniForum SQL Injection Attempt -- wbsearch.aspx ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_uniForm'"
2312 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2313
2314 # (sid 2005352) ET WEB_SPECIFIC vBSupport SQL Injection Attempt -- vBSupport.php 
2315 SecRule REQUEST_URI_RAW "(?i:\/vBSupport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005352,rev:4,msg:'ET WEB_SPECIFIC vBSupport SQL Injection Attempt -- vBSupport.php ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_vBSupport'"
2316 SecRule QUERY_STRING|REQUEST_BODY "(?i:\(.+SELECT)"
2317
2318 # (sid 2005358) ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid 
2319 SecRule REQUEST_URI_RAW "(?i:\/vBSupport\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005358,rev:4,msg:'ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_vSupport'"
2320 SecRule &TX:'/SQL_INJECTION.*ARGS:ticketid/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2321
2322 # (sid 2004752) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic 
2323 SecRule REQUEST_URI_RAW "(?i:\/printview\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004752,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2324 SecRule &TX:'/SQL_INJECTION.*ARGS:topic/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- printview.php topic ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2325
2326 # (sid 2004885) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly 
2327 SecRule REQUEST_URI_RAW "(?i:\/index\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2004885,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2328 SecRule &TX:'/SQL_INJECTION.*ARGS:showonly/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- index.php showonly ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2329
2330 # (sid 2005243) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID 
2331 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005243,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2332 SecRule &TX:'/SQL_INJECTION.*ARGS:picID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php picID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2333
2334 # (sid 2005249) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id 
2335 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005249,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2336 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2337
2338 # (sid 2005254) ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID 
2339 SecRule REQUEST_URI_RAW "(?i:\/gallery\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005254,rev:4,msg:'ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_webSPELL'"
2340 SecRule &TX:'/SQL_INJECTION.*ARGS:galleryID/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC webSPELL SQL Injection Attempt -- gallery.php galleryID ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2341
2342 # (sid 2005162) ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id 
2343 SecRule REQUEST_URI_RAW "(?i:\/xNews\.php)" "chain,phase:2,block,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalisePathWin,capture,ctl:auditLogParts=+E,nolog,auditlog,logdata:'%{TX.0}',id:sid2005162,rev:4,msg:'ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id ',tag:'web-application-attack',tag:'url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SQL_INJECTION/WEB_xNews'"
2344 SecRule &TX:'/SQL_INJECTION.*ARGS:id/' "@gt 0" "setvar:'tx.msg=ET WEB_SPECIFIC xNews SQL Injection Attempt -- xNews.php id ',setvar:tx.sqli_score=+1,setvar:tx.anomaly_score=+20,setvar:tx.%{rule.id}-SQL_INJECTION/SQL_INJECTION-%{matched_var_name}=%{matched_var}"
2345
2346 SecMarker END_ET_SQLI_RULES
libapache-mod-security