mirror of
https://github.com/QYG2297248353/appstore-1panel.git
synced 2024-11-29 14:46:13 +08:00
157 lines
3.7 KiB
JSON
157 lines
3.7 KiB
JSON
|
{
|
||
|
"rules": [
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject1",
|
||
|
"rule": "select.+(from|limit)",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject2",
|
||
|
"rule": "(?:(union(.*?)select))",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject3",
|
||
|
"rule": "having|rongjitest",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject4",
|
||
|
"rule": "sleep\\((\\s*)(\\d*)(\\s*)\\)",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject5",
|
||
|
"rule": "benchmark\\((.*)\\,(.*)\\)",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject6",
|
||
|
"rule": "group\\s+by.+\\(",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject7",
|
||
|
"rule": "(?:from\\W+information_schema\\W)",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject8",
|
||
|
"rule": "(?:(?:current_)user|database|schema|connection_id)\\s*\\(",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject9",
|
||
|
"rule": "into(\\s+)+(?:dump|out)file\\s*",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "sqlInject10",
|
||
|
"rule": "\\s+(or|xor|and)\\s+.*(=|<|>|'|\")",
|
||
|
"type": "sqlInject"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "args1",
|
||
|
"rule": "xwork.MethodAccessor",
|
||
|
"type": "args",
|
||
|
"description": "Struts 恶意参数过滤"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "args2",
|
||
|
"rule": "xwork\\.MethodAccessor",
|
||
|
"type": "args",
|
||
|
"description": "Struts 恶意参数过滤"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "oneWordTrojan1",
|
||
|
"rule": "(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\\(",
|
||
|
"type": "oneWordTrojan"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "oneWordTrojan2",
|
||
|
"rule": "\\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\\[",
|
||
|
"type": "oneWordTrojan"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "protocolFilter1",
|
||
|
"rule": "(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\\:\\/",
|
||
|
"type": "protocolFilter",
|
||
|
"description": "协议过滤"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "dirFilter1",
|
||
|
"rule": "(?:etc\\/\\W*passwd)",
|
||
|
"type": "dirFilter"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "dirFilter2",
|
||
|
"rule": "java\\.lang",
|
||
|
"type": "dirFilter"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "dirFilter3",
|
||
|
"rule": "(?:etc\\/\\W*shadow)",
|
||
|
"type": "dirFilter"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "dirFilter4",
|
||
|
"rule": "(?:bin\\/\\W*sh)",
|
||
|
"type": "dirFilter"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "xss1",
|
||
|
"rule": "\\<(iframe|script|body|img|layer|div|meta|style|base|object|input)",
|
||
|
"type": "xss"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "xss2",
|
||
|
"rule": "(onmouseover|onerror|onload)\\=",
|
||
|
"type": "xss"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "xss3",
|
||
|
"rule": "base64_decode\\(",
|
||
|
"type": "xss"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "webshell1",
|
||
|
"rule": "/shell?cd+/tmp;\\s*rm+-rf\\+\\*;\\s*wget",
|
||
|
"type": "webshell"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "phpExec1",
|
||
|
"rule": "/systembc/password.php",
|
||
|
"type": "phpExec"
|
||
|
},
|
||
|
{
|
||
|
"state": "on",
|
||
|
"name": "scannerFilter1",
|
||
|
"rule": "(Acunetix-Aspect|Acunetix-Aspect-Password|Acunetix-Aspect-Queries|X-WIPP|X-RequestManager-Memo|X-Request-Memo|X-Scan-Memo)",
|
||
|
"type": "scannerFilter"
|
||
|
}
|
||
|
]
|
||
|
}
|