alert http any any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Magento XMLRPC-Exploit Attempt"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/api/xmlrpc"; http.request_body; content:"file|3a 2f 2f 2f|"; fast_pattern; reference:url,www.magentocommerce.com/blog/comments/important-security-update-zend-platform-vulnerability/; reference:url,www.magentocommerce.com/blog/update-zend-framework-vulnerability-security-update; reference:url,www.exploit-db.com/exploits/19793/; classtype:web-application-attack; sid:2015625; rev:4; metadata:created_at 2012_08_15, signature_severity Major, updated_at 2020_11_05;)