alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Blind Server-Side Request Forgery"; flow:established,to_server; http.uri; content:"/xmlrpc/pingback"; endswith; http.request_body; content:"<methodCall>"; content:"<methodName>pingback.ping</methodName>"; fast_pattern; content:"<value>http://"; content:"<value>http://"; distance:0; reference:url,exploit-db.com/raw/44945/; classtype:attempted-user; sid:2025759; rev:3; metadata:attack_target Client_Endpoint, created_at 2018_06_27, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2020_09_16;)