search

xx-life / download

aliyun-download-img
1 stars 4 forks source link

test111 #3

Open R4164 opened 4 years ago

R4164 commented 4 years ago 
SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:create\s+(?:procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-|;\s*?(?:declare|open)\s+[\w-]+|procedure\s+analyse\s*?\(|declare[^\w]+[@#]\s*?\w+|exec\s*?\(\s*?\@))" \
    "id:942320,\
    phase:2,\
    block,\
    capture,\
    t:none,t:urlDecodeUni,\
    msg:'Detects MySQL and PostgreSQL stored procedure/function injections',\
    tag:'application-multi',\
    tag:'attack-sqli',\
    tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',\
    tag:'OWASP_TOP_10/A1',\
    ver:'OWASP_CRS/3.2.0',\
    severity:'CRITICAL'"

alert http $HOME_NET any -> $EXTERNAL_NET any ( \
    'Detects MySQL and PostgreSQL stored procedure/function injections'; \
    flow:established, \
    content:(?i:(?:create\s+(?:procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-|;\s*?(?:declare|open)\s+[\w-]+|procedure\s+analyse\s*?\(|declare[^\w]+[@#]\s*?\w+|exec\s*?\(\s*?\@))"; pcre; http_raw_header;  \
    metadata: application-multi; reference:url,https://doxygen.openinfosecfoundation.org; classtype:owasp-crs; sid:942320; rev:4; metadata:created_at 2019_12_3, updated_at 2019_12_4;)