Rule History

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php)"; flow:established,to_server; http.uri; content:"/mod/poll.php?"; nocase; content:"GLOBALS[nlang]="; nocase; pcre:"/(\?|&)GLOBALS\[nlang\]=[^\x26\x3B\x2f\x5c]*[\x2f\x5c]/i"; reference:url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt; classtype:web-application-attack; sid:2010543; rev:6; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_09_11;)