|
44 | 44 | "SecRuleEngine On", |
45 | 45 | "SecRule ARGS \"@detectSQLi\" \"id:1,phase:2,capture,pass,t:trim\"" |
46 | 46 | ] |
47 | | - }, |
| 47 | + },[ |
48 | 48 | { |
49 | 49 | "enabled": 1, |
50 | 50 | "version_min": 300000, |
51 | | - "title": "Testing Operator :: @detectXSS :: basic script payload", |
| 51 | + "title": "Testing Operator :: @detectSQLi :: known fingerprint payload", |
52 | 52 | "client": { |
53 | 53 | "ip": "200.249.12.31", |
54 | 54 | "port": 123 |
|
62 | 62 | "Host": "localhost", |
63 | 63 | "User-Agent": "curl/7.38.0", |
64 | 64 | "Accept": "*/*", |
65 | | - "Content-Length": "45", |
| 65 | + "Content-Length": "61", |
66 | 66 | "Content-Type": "application/x-www-form-urlencoded" |
67 | 67 | }, |
68 | 68 | "uri": "/", |
69 | 69 | "method": "POST", |
70 | 70 | "body": [ |
71 | | - "param1=<script>alert(1)</script¶m2=value2" |
| 71 | + "param1=ascii(substring(version() from 1 for 1))¶m2=value2" |
72 | 72 | ] |
73 | 73 | }, |
74 | 74 | "response": { |
|
83 | 83 | ] |
84 | 84 | }, |
85 | 85 | "expected": { |
86 | | - "debug_log": "Added DetectXSS match TX.0: <script>alert(1)</script", |
| 86 | + "debug_log": "Added DetectSQLi match TX.0: f\\(f\\(f", |
87 | 87 | "http_code": 200 |
88 | 88 | }, |
89 | 89 | "rules": [ |
90 | 90 | "SecRuleEngine On", |
91 | | - "SecRule ARGS \"@detectXSS\" \"id:1,phase:2,capture,pass,t:trim\"" |
| 91 | + "SecRule ARGS \"@detectSQLi\" \"id:1,phase:2,capture,pass,t:trim\"" |
92 | 92 | ] |
93 | 93 | }, |
94 | 94 | { |
95 | 95 | "enabled": 1, |
96 | 96 | "version_min": 300000, |
97 | | - "title": "Testing Operator :: @detectXSS :: trim preserves captured payload", |
| 97 | + "title": "Testing Operator :: @detectSQLi :: trim still captures fingerprint", |
98 | 98 | "client": { |
99 | 99 | "ip": "200.249.12.31", |
100 | 100 | "port": 123 |
|
108 | 108 | "Host": "localhost", |
109 | 109 | "User-Agent": "curl/7.38.0", |
110 | 110 | "Accept": "*/*", |
111 | | - "Content-Length": "53", |
| 111 | + "Content-Length": "67", |
112 | 112 | "Content-Type": "application/x-www-form-urlencoded" |
113 | 113 | }, |
114 | 114 | "uri": "/", |
115 | 115 | "method": "POST", |
116 | 116 | "body": [ |
117 | | - "param1= <script>alert(1)</script ¶m2=value2" |
| 117 | + "param1= ascii(substring(version() from 1 for 1)) ¶m2=value2" |
118 | 118 | ] |
119 | 119 | }, |
120 | 120 | "response": { |
|
129 | 129 | ] |
130 | 130 | }, |
131 | 131 | "expected": { |
132 | | - "debug_log": "Added DetectXSS match TX.0: <script>alert(1)</script", |
| 132 | + "debug_log": "Added DetectSQLi match TX.0: f\\(f\\(f", |
133 | 133 | "http_code": 200 |
134 | 134 | }, |
135 | 135 | "rules": [ |
136 | 136 | "SecRuleEngine On", |
137 | | - "SecRule ARGS \"@detectXSS\" \"id:2,phase:2,capture,pass,t:trim\"" |
| 137 | + "SecRule ARGS \"@detectSQLi\" \"id:2,phase:2,capture,pass,t:trim\"" |
138 | 138 | ] |
139 | 139 | }, |
140 | 140 | { |
141 | 141 | "enabled": 1, |
142 | 142 | "version_min": 300000, |
143 | | - "title": "Testing Operator :: @detectXSS :: image onerror payload", |
| 143 | + "title": "Testing Operator :: @detectSQLi :: boolean style payload", |
144 | 144 | "client": { |
145 | 145 | "ip": "200.249.12.31", |
146 | 146 | "port": 123 |
|
154 | 154 | "Host": "localhost", |
155 | 155 | "User-Agent": "curl/7.38.0", |
156 | 156 | "Accept": "*/*", |
157 | | - "Content-Length": "42", |
| 157 | + "Content-Length": "31", |
158 | 158 | "Content-Type": "application/x-www-form-urlencoded" |
159 | 159 | }, |
160 | 160 | "uri": "/", |
161 | 161 | "method": "POST", |
162 | 162 | "body": [ |
163 | | - "param1=<img src=x onerror=alert(1)>&p=1" |
| 163 | + "param1=' or 1=1 -- ¶m2=x" |
164 | 164 | ] |
165 | 165 | }, |
166 | 166 | "response": { |
|
175 | 175 | ] |
176 | 176 | }, |
177 | 177 | "expected": { |
178 | | - "debug_log": "Added DetectXSS match TX.0: <img src=x onerror=alert(1)>", |
179 | 178 | "http_code": 200 |
180 | 179 | }, |
181 | 180 | "rules": [ |
182 | 181 | "SecRuleEngine On", |
183 | | - "SecRule ARGS \"@detectXSS\" \"id:3,phase:2,capture,pass,t:trim\"" |
| 182 | + "SecRule ARGS \"@detectSQLi\" \"id:3,phase:2,capture,pass,t:trim\"" |
184 | 183 | ] |
185 | 184 | }, |
186 | 185 | { |
187 | 186 | "enabled": 1, |
188 | 187 | "version_min": 300000, |
189 | | - "title": "Testing Operator :: @detectXSS :: benign input should not match", |
| 188 | + "title": "Testing Operator :: @detectSQLi :: benign input should not match", |
190 | 189 | "client": { |
191 | 190 | "ip": "200.249.12.31", |
192 | 191 | "port": 123 |
|
225 | 224 | }, |
226 | 225 | "rules": [ |
227 | 226 | "SecRuleEngine On", |
228 | | - "SecRule ARGS \"@detectXSS\" \"id:4,phase:2,capture,pass,t:trim\"" |
| 227 | + "SecRule ARGS \"@detectSQLi\" \"id:4,phase:2,capture,pass,t:trim\"" |
229 | 228 | ] |
230 | 229 | } |
231 | 230 | ] |
0 commit comments