alert http $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Exploit Suspected PHP Injection Attack (name=)"; flow:to_server,established; content:"GET "; nocase; depth:4; content:".php?"; http_uri; nocase; content:"name="; http_uri; nocase; pcre:"/name=(https?|ftps?|php)/Ui"; reference:cve,2002-0953; classtype:web-application-attack; sid:2001621; rev:36; metadata:created_at 2010_07_30, signature_severity Unknown, updated_at 2019_08_22;)