40 Detects MySQL comments, conditions and ch(a)r injections sqli id lfi 6 41 ~])]]> Detects conditional SQL injection attempts sqli id lfi 6 42 Detects classic SQL injection probings 1/2 sqli id lfi 6 43 %+-][\w-]+[^\w\s]+"[^,])]]> Detects classic SQL injection probings 2/2 sqli id lfi 6 44 =(),-]\s*[\d"])|(?:"\s*[^\w\s]?=\s*")|(?:"\W*[+=]+\W*")|(?:"\s*[!=|][\d\s!=+-]+.*["(].*$)|(?:"\s*[!=|][\d\s!=]+.*\d+$)|(?:"\s*like\W+[\w"(])|(?:\sis\s*0\W)|(?:where\s[\s\w\.,-]+\s=)|(?:"[<>~]+")]]> Detects basic SQL authentication bypass attempts 1/3 sqli id lfi 7 45 Detects basic SQL authentication bypass attempts 2/3 sqli id lfi 7 46 ^=]+\d\s*(=|or))|(?:"\W+[\w+-]+\s*=\s*\d\W+")|(?:"\s*is\s*\d.+"?\w)|(?:"\|?[\w-]{3,}[^\w\s.,]+")|(?:"\s*is\s*[\d.]+\s*\W.*")]]> Detects basic SQL authentication bypass attempts 3/3 sqli id lfi 7 47 Detects concatenated basic SQL injection and SQLLFI attempts sqli id lfi 5 48 Detects chained SQL injection attempts 1/2 sqli id 6 49 Detects chained SQL injection attempts 2/2 sqli id 6 50 Detects SQL benchmark and sleep injection attempts including conditional queries sqli id 4 51 Detects MySQL UDF injection and other data/structure manipulation attempts sqli id 6 52 Detects MySQL charset switch and MSSQL DoS attempts sqli id 6 53 Detects MySQL and PostgreSQL stored procedure/function injections sqli id 7 54 Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts sqli id 5 55 Detects MSSQL code execution and information gathering attempts sqli id 5 56 Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections sqli id 5 57 Detects MySQL comment-/space-obfuscated injections sqli id 5 70 finds basic MongoDB SQL injection attempts sqli 4