alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS BASE base_stat_common.php remote file include"; flow:to_server,established; http.uri; content:"/base_stat_common.php"; nocase; fast_pattern; content:"BASE_path="; nocase; pcre:"/^(?:(?:ht|f)tps?|data|php)/Ri"; reference:url,secunia.com/advisories/20300/; classtype:web-application-attack; sid:2019524; rev:7; metadata:affected_product Any, attack_target Server, created_at 2010_09_23, deployment Datacenter, signature_severity Major, tag Remote_File_Include, updated_at 2020_05_13, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)