mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
little refresh of PHPIDS rules for --check-payload
This commit is contained in:
parent
0ae74f27e4
commit
136e85abf3
|
@ -78,7 +78,7 @@
|
|||
</filter>
|
||||
<filter>
|
||||
<id>47</id>
|
||||
<rule><![CDATA[(?:^[\W\d]+\s*(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s+(?:concat|char|load_file)\s?\(?)|(?:end\s*\);)|("\s+regexp\W)|(?:[\s(]load_file\s*\()]]></rule>
|
||||
<rule><![CDATA[(?:[\d\W]\s+as\s*["\w]+\s*from)|(?:^[\W\d]+\s*(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\s+(?:concat|char|load_file)\s?\(?)|(?:end\s*\);)|("\s+regexp\W)|(?:[\s(]load_file\s*\()]]></rule>
|
||||
<description>Detects concatenated basic SQL injection and SQLLFI attempts</description>
|
||||
<tags>
|
||||
<tag>sqli</tag>
|
||||
|
@ -99,7 +99,7 @@
|
|||
</filter>
|
||||
<filter>
|
||||
<id>49</id>
|
||||
<rule><![CDATA[(?:\(\s*select\s*\w+\s*\()|(?:\*\/from)|(?:\+\s*\d+\s*\+\s*@)|(?:\w"\s*(?:[-+=|@]+\s*)+[\d(])|(?:coalesce\s*\(|@@\w+\s*[^\w\s])|(?:\W!+"\w)|(?:";\s*(?:if|while|begin))|(?:"[\s\d]+=\s*\d)|(?:order\s+by\s+if\w*\s*\()|(?:[\s(]+case\d*\W.+[tw]hen[\s(])]]></rule>
|
||||
<rule><![CDATA[(?:"\s+and\s*=\W)|(?:\(\s*select\s*\w+\s*\()|(?:\*\/from)|(?:\+\s*\d+\s*\+\s*@)|(?:\w"\s*(?:[-+=|@]+\s*)+[\d(])|(?:coalesce\s*\(|@@\w+\s*[^\w\s])|(?:\W!+"\w)|(?:";\s*(?:if|while|begin))|(?:"[\s\d]+=\s*\d)|(?:order\s+by\s+if\w*\s*\()|(?:[\s(]+case\d*\W.+[tw]hen[\s(])]]></rule>
|
||||
<description>Detects chained SQL injection attempts 2/2</description>
|
||||
<tags>
|
||||
<tag>sqli</tag>
|
||||
|
@ -159,7 +159,7 @@
|
|||
</filter>
|
||||
<filter>
|
||||
<id>55</id>
|
||||
<rule><![CDATA[(?:"\s*!\s*["\w])|(?:from\s+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*\([^\)]*)|(?:";?\s*(?:select|union|having)\s*[^\s])|(?:\wiif\s*\()|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*select)|(?:select.*\w?user\()|(?:into[\s+]+(?:dump|out)file\s*")]]></rule>
|
||||
<rule><![CDATA[(?:\sexec\s+xp_cmdshell)|(?:"\s*!\s*["\w])|(?:from\s+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*\([^\)]*)|(?:";?\s*(?:select|union|having)\s*[^\s])|(?:\wiif\s*\()|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*select)|(?:select.*\w?user\()|(?:into[\s+]+(?:dump|out)file\s*")]]></rule>
|
||||
<description>Detects MSSQL code execution and information gathering attempts</description>
|
||||
<tags>
|
||||
<tag>sqli</tag>
|
||||
|
@ -186,7 +186,7 @@
|
|||
<tag>id</tag>
|
||||
</tags>
|
||||
<impact>5</impact>
|
||||
</filter>
|
||||
</filter>
|
||||
<filter>
|
||||
<id>70</id>
|
||||
<rule><![CDATA[(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|or)\])]]></rule>
|
||||
|
@ -195,5 +195,5 @@
|
|||
<tag>sqli</tag>
|
||||
</tags>
|
||||
<impact>4</impact>
|
||||
</filter>
|
||||
</filter>
|
||||
</filters>
|
||||
|
|
Loading…
Reference in New Issue
Block a user