Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 00:58:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek

Browse source 
* 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek:
  account for spaces encoding to plus signs in sqli regex detection

(cherry picked from commit 5200b84fb3)
This commit is contained in:
Arne Welzel 2024-10-29 14:05:54 +01:00 committed by Tim Wojtulewicz
parent 887d92e26c
commit 43ab74b70f
8 changed files with 26 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek
View file

@ -37,6 +37,8 @@ event zeek_init()
add positive_matches["/index.php?id=22 /*!49999 and 1=2*/-- and 1=1"];
add positive_matches["/index.php?ID=59 and (select count(table_name) from user_tables)>0 and 1=1"];
add positive_matches["/index.php?ID=60 and exists (select * from [news])"];
add positive_matches["?id=1'+OR+'1'='1"];
add positive_matches["?id=1'+UNION+SELECT+NULL,+version()+#"];
# These are not detected currently.
#add positive_matches["/index.asp?ARF_ID=(1/(1-(asc(mid(now(),18,1))\(2^7) mod 2)))"];