emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 1"; flow:established,to_server; content:"name["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])name\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019422; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 2"; flow:established,to_server; content:"name%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])name\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019423; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 3"; flow:established,to_server; content:"nam%65["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])nam\%65\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019424; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 4"; flow:established,to_server; content:"nam%65%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])nam\%65\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019425; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 5"; flow:established,to_server; content:"na%6de["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])na\%6de\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019426; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 6"; flow:established,to_server; content:"na%6de%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])na\%6de\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019427; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 7"; flow:established,to_server; content:"na%6d%65["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])na\%6d\%65\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019428; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 8"; flow:established,to_server; content:"na%6d%65%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])na\%6d\%65\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019429; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 9"; flow:established,to_server; content:"n%61me["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61me\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019430; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 10"; flow:established,to_server; content:"n%61me%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61me\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019431; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 11"; flow:established,to_server; content:"n%61m%65["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61m\%65\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019432; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 12"; flow:established,to_server; content:"n%61m%65%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61m\%65\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019433; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 13"; flow:established,to_server; content:"n%61%6de["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61\%6de\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019434; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 14"; flow:established,to_server; content:"n%61%6de%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61\%6de\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019435; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 15"; flow:established,to_server; content:"n%61%6d%65["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61\%6d\%65\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019436; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 16"; flow:established,to_server; content:"n%61%6d%65%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])n\%61\%6d\%65\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019437; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 17"; flow:established,to_server; content:"%6eame["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6eame\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019438; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 18"; flow:established,to_server; content:"%6eame%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6eame\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019439; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 19"; flow:established,to_server; content:"%6eam%65["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6eam\%65\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019440; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 20"; flow:established,to_server; content:"%6eam%65%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6eam\%65\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019441; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 21"; flow:established,to_server; content:"%6ea%6de["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6ea\%6de\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019442; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 22"; flow:established,to_server; content:"%6ea%6de%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6ea\%6de\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019443; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 23"; flow:established,to_server; content:"%6ea%6d%65["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6ea\%6d\%65\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019444; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 24"; flow:established,to_server; content:"%6ea%6d%65%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6ea\%6d\%65\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019445; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 25"; flow:established,to_server; content:"%6e%61me["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6e\%61me\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019446; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 26"; flow:established,to_server; content:"%6e%61me%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6e\%61me\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019447; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27"; flow:established,to_server; content:"%6e%61m%65["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6e\%61m\%65\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019448; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 28"; flow:established,to_server; content:"%6e%61m%65%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6e\%61m\%65\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019449; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 29"; flow:established,to_server; content:"%6e%61%6de["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6e\%61\%6de\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019450; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 30"; flow:established,to_server; content:"%6e%61%6de%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6e\%61\%6de\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019451; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 31"; flow:established,to_server; content:"%6e%61%6d%65["; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6e\%61\%6d\%65\[[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019452; rev:2;)
emerging-exploit.rules:alert tcp any any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 32"; flow:established,to_server; content:"%6e%61%6d%65%5b"; nocase; fast_pattern; http_client_body; pcre:"/(?:^|&|Content-Disposition[\x3a][^\n]*?name\s*?=\s*?[\x22\x27])\%6e\%61\%6d\%65\%5b[^\x5d]*?\W/Pi"; reference:url,pastebin.com/F2Dk9LbX; classtype:web-application-attack; sid:2019453; rev:2;)