Rule History

alert http $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php 1"; flow:established,to_server; content:"/web/phpinfo.php?"; nocase; http_uri; content:"1["; nocase; http_uri; content:"script"; nocase; http_uri; pcre:"/<?(java|vb)?script>?.*<.+\/script>?/Ui"; reference:cve,CVE-2007-2632; reference:url,www.securityfocus.com/bid/23917; classtype:web-application-attack; sid:2003883; rev:7; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2019_07_26;)