<url>=select%20|select+|insert%20|%20from%20|%20where%20|union%20|</url>
<url>union+|where+|null,null|xp_cmdshell</url>
<description>SQL injection attempt.</description>
<group>attack,sql_injection,</group>
</rule>
<url>=select%20|select+|insert%20|%20from%20|%20where%20|union%20|</url>
<url>union+|where+|null,null|xp_cmdshell</url>
<description>SQL injection attempt.</description>
<group>attack,sql_injection,</group>
</rule>