forked from xsec-lab/x-waf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpost.rule
1 lines (1 loc) · 1.62 KB
/
post.rule
1
[{"Id":46,"RuleType":"post","RuleItem":"\\.\\./"},{"Id":47,"RuleType":"post","RuleItem":"select.+(from|limit)"},{"Id":48,"RuleType":"post","RuleItem":"(?:(union(.*?)select))"},{"Id":49,"RuleType":"post","RuleItem":"having|rongjitest"},{"Id":50,"RuleType":"post","RuleItem":"sleep\\((\\s*)(\\d*)(\\s*)\\)"},{"Id":51,"RuleType":"post","RuleItem":"benchmark\\((.*)\\,(.*)\\)"},{"Id":52,"RuleType":"post","RuleItem":"base64_decode\\("},{"Id":53,"RuleType":"post","RuleItem":"(?:from\\W+information_schema\\W)"},{"Id":54,"RuleType":"post","RuleItem":"(?:(?:current_)user|database|schema|connection_id)\\s*\\("},{"Id":55,"RuleType":"post","RuleItem":"(?:etc\\/\\W*passwd)"},{"Id":56,"RuleType":"post","RuleItem":"into(\\s+)+(?:dump|out)file\\s*"},{"Id":57,"RuleType":"post","RuleItem":"group\\s+by.+\\("},{"Id":58,"RuleType":"post","RuleItem":"xwork.MethodAccessor"},{"Id":59,"RuleType":"post","RuleItem":"(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\("},{"Id":60,"RuleType":"post","RuleItem":"xwork\\.MethodAccessor"},{"Id":61,"RuleType":"post","RuleItem":"(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/"},{"Id":62,"RuleType":"post","RuleItem":"java\\.lang"},{"Id":63,"RuleType":"post","RuleItem":"\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\["},{"Id":64,"RuleType":"post","RuleItem":"\\\u003c(iframe|script|body|img|layer|div|meta|style|base|object|input)"},{"Id":65,"RuleType":"post","RuleItem":"(onmouseover|onerror|onload)\\="},{"Id":75,"RuleType":"args","RuleItem":"and\\s+(1=1|1=2)"}]