""ET WEB_SPECIFIC_APPS EZPX photoblog tpl_base_dir Parameter Remote File Inclusion Attempt""

SID: 2011725

Revision: 3

Class Type: web-application-attack

Metadata: created_at 2010_07_30, updated_at 2010_10_27

Reference:

• bugtraq

• 40881

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HTTP_SERVERS

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

• Value: "GET"

• Value: "/application/views/public/commentform.php?"

• Value: "tpl_base_dir="

Within:

PCRE: "/tpl_base_dir=\s*(ftps?|https?|php)\:\//Ui"

Special Options:

• http_method

• nocase

• http_uri

• nocase

• http_uri

source