External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-29 16:15:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update: [Wed Jan 8 00:26:52 UTC 2025]

Browse Source
This commit is contained in:
github-actions[bot]
2025-01-08 00:26:52 +00:00
parent fe5f92f6ed
commit ed5a5bc855
40 changed files with 2586 additions and 2586 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
waf_patterns/nginx/sql.conf
View File

@@ -2,15 +2,23 @@
location / {
set $attack_detected 0;
if ($request_uri ~* "(?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)") {
if ($request_uri ~* "(?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)Exception (?:condition )?d+. Transaction rollback.") {
if ($request_uri ~* "(?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)") {
if ($request_uri ~* "(?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)") {
set $attack_detected 1;
}
@@ -26,15 +34,11 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:[DM_QUERY_E_SYNTAX]|has occurred in the vicinity of:)") {
if ($request_uri ~* "(?i:<b>Warning</b>: ibase_|Unexpected end of command in statement)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:An illegal character has been found in the statement|com.informix.jdbc|Exception.*Informix)") {
if ($request_uri ~* "(?i:SQL error.*POS[0-9]+.*|Warning.*maxdb.*)") {
set $attack_detected 1;
}
@@ -42,15 +46,11 @@ location / {
set $attack_detected 1;
}
if ($request_uri ~* "(?i:Warning.*ingres_|Ingres SQLSTATE|IngresW.*Driver)") {
if ($request_uri ~* "(?i)Exception (?:condition )?d+. Transaction rollback.") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:System.Data.OleDb.OleDbException|[Microsoft][ODBC SQL Server Driver]|[Macromedia][SQLServer JDBC Driver]|[SqlException|System.Data.SqlClient.SqlException|Unclosed quotation mark after the character string|'80040e14'|mssql_query()|Microsoft OLE DB Provider for ODBC Drivers|Microsoft OLE DB Provider for SQL Server|Incorrect syntax near|Sintaxis incorrecta cerca de|Syntax error in string in query expression|Procedure or function .* expects parameter|Unclosed quotation mark before the character string|Syntax error .* in query expression|Data type mismatch in criteria expression.|ADODB.Field (0x800A0BCD)|the used select statements have different number of columns|OLE DB.*SQL Server|Warning.*mssql_.*|Driver.*SQL[ _-]*Server|SQL Server.*Driver|SQL Server.*[0-9a-fA-F]{8}|Exception.*WSystem.Data.SqlClient.|Conversion failed when converting the varchar value .*? to data type int.)") {
set $attack_detected 1;
}
if ($request_uri ~* "(?i)(?:Warning.*sqlite_.*|Warning.*SQLite3::|SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException)") {
if ($request_uri ~* "(?i:JET Database Engine|Access Database Engine|[Microsoft][ODBC Microsoft Access Driver])") {
set $attack_detected 1;
}