Fix mod exec false positives by reverting changes on execPayloads.ini…

… and add more specific payloads instead Signed-off-by: bretfourbe <gwendal@cyberwatch.fr>
wapiti-scanner · Jun 17, 2024 · 54c9095 · 54c9095
1 parent da9a12d
commit 54c9095
Showing 1 changed file with 49 additions and 26 deletions.
diff --git a/wapitiCore/data/attacks/execPayloads.ini b/wapitiCore/data/attacks/execPayloads.ini
@@ -8,92 +8,115 @@ type = pattern
 
 [no_escape]
 payload = id
-rules = uid
-    gid
+rules = uid=
+    gid=
+    groupes=
+description = Command execution
+status = vulnerability
+
+[no_escape_owasp_benchmark]
+payload = id
+rules = uid&#x3d;
+    gid&#x3d;
+    groupes&#x3d;
 description = Command execution
 status = vulnerability
 
 [semicolon_escape]
 payload = ;env;
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
+description = Command execution
+status = vulnerability
+
+[semicolon_escape_owasp_benchmark]
+payload = ;env;
+rules = PATH&#x3d;
+    PWD&#x3d;
 description = Command execution
 status = vulnerability
 
 [pipe_escape]
 payload = |env
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability
 
 [double_ampersand_escape]
 payload = &&env
-rules = PWD
-    PATH
+rules = PWD=
+    PATH=
 description = Command execution
 status = vulnerability
 
 [pipe_escape_known_prefix]
 payload = [VALUE]|env
-rules = PWD
-    PATH
+rules = PWD=
+    PATH=
+description = Command execution
+status = vulnerability
+
+[pipe_escape_known_prefix_owasp_benchmark]
+payload = [VALUE]|env
+rules = PWD&#x3d;
+    PATH&#x3d;
 description = Command execution
 status = vulnerability
 
 [semicolon_escape_prefix]
 payload = a;env;
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability
 
 [semicolon_escape_prefix_and_parenthesis]
 payload = a;env;
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability
 
 [dir_up_perl_exec]
 payload = ../../../../../../../../../../../../../../../usr/bin/env|
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability
 
 [semicolon_escape_known_prefix]
 payload = [VALUE];env;
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability
 
 [new_line_escape]
 payload = [VALUE][LF]env;
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability
 
 [ampersand_escape]
 payload = &set&
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability
 
 [simple_set_execution]
 payload = set
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability
 
 [simple_env_execution]
 payload = env
-rules = PATH
-    PWD
+rules = PATH=
+    PWD=
 description = Command execution
 status = vulnerability