alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER jQuery File Upload Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/php/"; http.request_body; content:"name=|22|files|22 3b|"; content:"<?php"; nocase; reference:url,github.com/lcashdol/Exploits/tree/master/CVE-2018-9206; reference:cve,2018-9206; classtype:web-application-attack; sid:2026552; rev:4; metadata:affected_product PHP, attack_target Server, created_at 2018_10_25, cve CVE_2018_9206, deployment Datacenter, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_08_27;)