alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS 35mm Slide Gallery imgdir Parameter Directory Traversal Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri.raw; content:"index.php?"; nocase; content:"imgdir="; fast_pattern; nocase; content:".."; pcre:"/\/index\.php(\?|.*\x26)imgdir=([^\x26\x3B\x0D\x0A]*[\x2F\x5C])?\.\.[\x2F\x5C]/i"; reference:url,www.packetstormsecurity.org/0912-exploits/35mmsg-traversal.txt; classtype:web-application-attack; sid:2010601; rev:7; metadata:created_at 2010_07_30, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)