-
Notifications
You must be signed in to change notification settings - Fork 1
/
custom_filter.json
88 lines (87 loc) · 1.98 KB
/
custom_filter.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
{
"filters":{
"filter": [
{
"id": "79",
"rule": "(?:script>[^<]*alert\\()",
"description": "Detects HTML injection test",
"tags": {
"tag": [
"injection"
]
},
"impact": "3"
},
{
"id": "80",
"rule": "(?:^[^\\(]*\\))",
"description": "Detects parentheses mismatch common with SQL injection",
"tags": {
"tag": [
"injection"
]
},
"impact": "3"
},
{
"id": "81",
"rule": "(?:('|`))",
"description": "Detects single quote",
"tags": {
"tag": [
"injection"
]
},
"impact": "4"
},
{
"id": "82",
"rule": "(?:(\\s+(and|or)\\s+|;|=|]-|\\+)(|not\\s+)(\\(|exp|json_keys|extractvalue|updatexml|row|select|\\d+=\\d+\\W))",
"description": "Detects logic manipulation",
"tags": {
"tag": [
"injection"
]
},
"impact": "4"
},
{
"id": "83",
"rule": "waitfor delay",
"description": "Detects WAITFOR DELAY",
"tags": {
"tag": [
"injection"
]
},
"impact": "2"
},
{
"id": "84",
"rule": "(?:(#|--|\\/\\*.*\\*\\/))",
"description": "Detects common comment types",
"tags": {
"tag": [
"xss",
"csrf",
"id"
]
},
"impact": "3"
},
{
"id": "85",
"rule": "(?:(\\$\\{\\S*j\\S*n\\S*d*\\S(i|\\u0131)\\S*:\\S*l\\S*d\\S*a\\S*p\\S*:\\S*\\/\\S*\\/))",
"description": "Detects possible log4j2 exploit",
"tags": {
"tag": [
"CVE-2021-44228",
"injection",
"log4j"
]
},
"impact": "3"
}
]
}
}