alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER PHPMyAdmin BackDoor Access"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/server_sync.php?"; fast_pattern; content:"c="; pcre:"/\/server_sync.php\?(?:.+?&)?c=/i"; reference:url,www.phpmyadmin.net/home_page/security/PMASA-2012-5.php; classtype:attempted-admin; sid:2015737; rev:8; metadata:created_at 2012_09_26, signature_severity Major, updated_at 2020_09_25;)