{ "rules": [ { "state": "on", "name": "sqlInject1", "rule": "select.+(from|limit)", "type": "sqlInject" }, { "state": "on", "name": "sqlInject2", "rule": "(?:(union(.*?)select))", "type": "sqlInject" }, { "state": "on", "name": "sqlInject3", "rule": "having|rongjitest", "type": "sqlInject" }, { "state": "on", "name": "sqlInject4", "rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)", "type": "sqlInject" }, { "state": "on", "name": "sqlInject5", "rule": "benchmark\\((.*)\\,(.*)\\)", "type": "sqlInject" }, { "state": "on", "name": "sqlInject6", "rule": "group\\s+by.+\\(", "type": "sqlInject" }, { "state": "on", "name": "sqlInject7", "rule": "(?:from\\W+information_schema\\W)", "type": "sqlInject" }, { "state": "on", "name": "sqlInject8", "rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(", "type": "sqlInject" }, { "state": "on", "name": "sqlInject9", "rule": "into(\\s+)+(?:dump|out)file\\s*", "type": "sqlInject" }, { "state": "on", "name": "sqlInject10", "rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")", "type": "sqlInject" }, { "state": "on", "name": "args1", "rule": "xwork.MethodAccessor", "type": "args", "description": "Struts 恶意参数过滤" }, { "state": "on", "name": "args2", "rule": "xwork\\.MethodAccessor", "type": "args", "description": "Struts 恶意参数过滤" }, { "state": "on", "name": "oneWordTrojan1", "rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(", "type": "oneWordTrojan" }, { "state": "on", "name": "oneWordTrojan2", "rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[", "type": "oneWordTrojan" }, { "state": "on", "name": "protocolFilter1", "rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/", "type": "protocolFilter", "description": "协议过滤" }, { "state": "on", "name": "dirFilter1", "rule": "(?:etc\\/\\W*passwd)", "type": "dirFilter" }, { "state": "on", "name": "dirFilter2", "rule": "java\\.lang", "type": "dirFilter" }, { "state": "on", "name": "dirFilter3", "rule": "(?:etc\\/\\W*shadow)", "type": "dirFilter" }, { "state": "on", "name": "dirFilter4", "rule": "(?:bin\\/\\W*sh)", "type": "dirFilter" }, { "state": "on", "name": "xss1", "rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)", "type": "xss" }, { "state": "on", "name": "xss2", "rule": "(onmouseover|onerror|onload)\\=", "type": "xss" }, { "state": "on", "name": "xss3", "rule": "base64_decode\\(", "type": "xss" }, { "state": "on", "name": "webshell1", "rule": "/shell?cd+/tmp;\\s*rm+-rf\\+\\*;\\s*wget", "type": "webshell" }, { "state": "on", "name": "phpExec1", "rule": "/systembc/password.php", "type": "phpExec" }, { "state": "on", "name": "scannerFilter1", "rule": "(Acunetix-Aspect|Acunetix-Aspect-Password|Acunetix-Aspect-Queries|X-WIPP|X-RequestManager-Memo|X-Request-Memo|X-Scan-Memo)", "type": "scannerFilter" } ] }