alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Docebo INSERT INTO Injection Attempt"; flow:established,to_server; http.uri; content:"/docebo/docebo"; nocase; content:"/index.php?modname="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; pcre:"/modname=(?:(?:meta_)?certificate|link).+?\bINSERT\b.*?INTO\b/i"; reference:url,www.securityfocus.com/bid/36654/info; reference:url,www.securityfocus.com/archive/1/507072; classtype:web-application-attack; sid:2010077; rev:7; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, updated_at 2020_09_13;)