diff --git a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf index 725e21847..8b7b7e10e 100644 --- a/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf +++ b/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf @@ -898,7 +898,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME # to the Regexp::Assemble output: # (?i:ASSEMBLE_OUTPUT) # -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:(?:(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+|(?:^[\"'`\\\\]*?[\d\"'`]+)+)\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s*?[\w\"'`][+&!@(),.-]|\@(?:[\w-]+\s(?:between|like|x?or|and|div)\s*?[^\w\s]|\w+\s+(?:between|like|x?or|and|div)\s*?[\"'`\d]+)|[\"'`]\s*?(?:between|like|x?or|and|div)\s*?[\"'`]?\d|[^\w\s:]\s*?\d\W+[^\w\s]\s*?[\"'`].|[^\w\s]\w+\s*?[|-]\s*?[\"'`]\s*?\w|\Winformation_schema|\\\\x(?:23|27|3d)|table_name\W|^.?[\"'`]$))" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:^(?:[\"'`\\\\]*?(?:[^\"'`]+[\"'`]|[\d\"'`]+)\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s*?[\w\"'`][+&!@(),.-]|.?[\"'`]$)|\@(?:[\w-]+\s(?:between|like|x?or|and|div)\s*?[^\w\s]|\w+\s+(?:between|like|x?or|and|div)\s*?[\"'`\d]+)|[\"'`]\s*?(?:between|like|x?or|and|div)\s*?[\"'`]?\d|[^\w\s:]\s*?\d\W+[^\w\s]\s*?[\"'`].|[^\w\s]\w+\s*?[|-]\s*?[\"'`]\s*?\w|\Winformation_schema|\\\\x(?:23|27|3d)|table_name\W))" \ "id:942330,\ phase:2,\ block,\ diff --git a/util/regexp-assemble/regexp-942330.data b/util/regexp-assemble/regexp-942330.data index 1e9498404..222ca2dd5 100644 --- a/util/regexp-assemble/regexp-942330.data +++ b/util/regexp-assemble/regexp-942330.data @@ -6,28 +6,28 @@ [\"'`]\s*?and\s*?[\"'`]?\d \\\\x(?:23|27|3d) ^.?[\"'`]$ -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?and\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?nand\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?or\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?xor\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?xxor\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?div\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?like\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?between\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?not\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?\|\|\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[\d\"'`]+)+\s*?\&\&\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?and\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?nand\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?or\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?xor\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?xxor\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?div\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?like\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?between\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?not\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?\|\|\s*?[\w\"'`][+&!@(),.-] -(?:^[\"'`\\\\]*?[^\"'`]+[\"'`])+\s*?\&\&\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?and\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?nand\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?or\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?xor\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?xxor\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?div\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?like\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?between\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?not\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?\|\|\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[\d\"'`]+\s*?\&\&\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?and\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?nand\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?or\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?xor\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?xxor\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?div\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?like\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?between\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?not\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?\|\|\s*?[\w\"'`][+&!@(),.-] +^[\"'`\\\\]*?[^\"'`]+[\"'`]\s*?\&\&\s*?[\w\"'`][+&!@(),.-] [^\w\s]\w+\s*?[|-]\s*?[\"'`]\s*?\w @\w+\s+and\s*?[\"'`\d]+ @\w+\s+or\s*?[\"'`\d]+