alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Loggix Project RFI Attempt"; flow:established,to_server; http.uri; content:"pathToIndex="; nocase; content:".php?"; nocase; pcre:"/\.php(\?|.*\x26)pathToIndex=(https?|ftps?)\:\/\/[^\x26\x3B]+\?\?/i"; reference:url,www.exploit-db.com/exploits/9729/; classtype:web-application-attack; sid:2010530; rev:8; metadata:created_at 2010_07_30, signature_severity Major, updated_at 2020_09_11;)