alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg: "ET EXPLOIT IFRAME ExecCommand? vulnerability"; flow: from_server,established; content:"