alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_SPECIFIC_APPS ShowDoc File Upload Vulnerability"; flow:established,to_server; http.method; content:"POST"; http.uri; urilen:33; content:"/index.php?s=/home/page/uploadImg"; fast_pattern; http.content_type; content:"multipart/form-data|3b 20|"; startswith; reference:url,github.com/wy876/POC/blob/main/showDoc-uploadImg%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md; reference:url,github.com/star7th/showdoc; classtype:trojan-activity; sid:2053877; rev:1; metadata:affected_product ShowDoc, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2024_06_25, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_06_25;)