args.rule
1.17 KB
\.\./
\:\$
\$\{
select.+(from|limit)
(?:(union(.*?)select))
sleep\((\s*)(\d*)(\s*)\)
group\s+by.+\(
(?:from\W+information_schema\W)
(?:(?:current_)user|database|version|schema|connection_id)\s*\(
;{0,1}'{0,1}\){0,1}(\+| )*\b(and|or)\b(\+| )+.*(=|<|>).*
\b(create|drop|backup)\b(\+| )+\bdatabase\b(\+| )+\w*
\b(drop|truncate|create)\b(\+| )+\btable\b(\+| )+\w*
\bdelete\b(\+| )+\bfrom\b(\+| )+.*
\binsert\b(\+| )+(\binto\b){0,1}(\+| )+.*\bvalues\b.*
\bupdate\b(\+| )+.*(\+| )+\bset\b(\+| )+.*=.*
order\s+by\s+.*--$
benchmark\((.*)\,(.*)\)
base64_decode\(
(?:etc\/\W*passwd)
into(\s+)+(?:dump|out)file\s*
xwork.MethodAccessor
(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(
\<(iframe|script|body|layer|meta|style|base|object|input)
(onmouseover|onmousemove|onerror|onload)\=
javascript:
\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)
(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv).*\|\|
(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/
java\.lang
\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[