appstore-1panel/apps/openresty/1.21.4.3-3-1-focal/1pwaf/data/rules/args.json

157 lines
3.7 KiB
JSON
Raw Normal View History

{
"rules": [
{
"state": "on",
"name": "sqlInject1",
"rule": "select.+(from|limit)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject2",
"rule": "(?:(union(.*?)select))",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject3",
"rule": "having|rongjitest",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject4",
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject5",
"rule": "benchmark\\((.*)\\,(.*)\\)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject6",
"rule": "group\\s+by.+\\(",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject7",
"rule": "(?:from\\W+information_schema\\W)",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject8",
"rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject9",
"rule": "into(\\s+)+(?:dump|out)file\\s*",
"type": "sqlInject"
},
{
"state": "on",
"name": "sqlInject10",
"rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
"type": "sqlInject"
},
{
"state": "on",
"name": "args1",
"rule": "xwork.MethodAccessor",
"type": "args",
"description": "Struts 恶意参数过滤"
},
{
"state": "on",
"name": "args2",
"rule": "xwork\\.MethodAccessor",
"type": "args",
"description": "Struts 恶意参数过滤"
},
{
"state": "on",
"name": "oneWordTrojan1",
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
"type": "oneWordTrojan"
},
{
"state": "on",
"name": "oneWordTrojan2",
"rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
"type": "oneWordTrojan"
},
{
"state": "on",
"name": "protocolFilter1",
"rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
"type": "protocolFilter",
"description": "协议过滤"
},
{
"state": "on",
"name": "dirFilter1",
"rule": "(?:etc\\/\\W*passwd)",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter2",
"rule": "java\\.lang",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter3",
"rule": "(?:etc\\/\\W*shadow)",
"type": "dirFilter"
},
{
"state": "on",
"name": "dirFilter4",
"rule": "(?:bin\\/\\W*sh)",
"type": "dirFilter"
},
{
"state": "on",
"name": "xss1",
"rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
"type": "xss"
},
{
"state": "on",
"name": "xss2",
"rule": "(onmouseover|onerror|onload)\\=",
"type": "xss"
},
{
"state": "on",
"name": "xss3",
"rule": "base64_decode\\(",
"type": "xss"
},
{
"state": "on",
"name": "webshell1",
"rule": "/shell?cd+/tmp;\\s*rm+-rf\\+\\*;\\s*wget",
"type": "webshell"
},
{
"state": "on",
"name": "phpExec1",
"rule": "/systembc/password.php",
"type": "phpExec"
},
{
"state": "on",
"name": "scannerFilter1",
"rule": "(Acunetix-Aspect|Acunetix-Aspect-Password|Acunetix-Aspect-Queries|X-WIPP|X-RequestManager-Memo|X-Request-Memo|X-Scan-Memo)",
"type": "scannerFilter"
}
]
}