alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Hubscript XSS Attempt"; flow:to_server,established; http.uri; content:"/patch/single_winner1.php?bid_id="; nocase; content:"<script>"; nocase; content:"</script>"; nocase; reference:url,www.packetstormsecurity.com/0907-exploits/hubscript-xssphpinfo.txt; classtype:web-application-attack; sid:2009647; rev:7; metadata:created_at 2010_07_30, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_11;)