source-git / mod_security

Clone
Source Code
GIT

Blame tests/regression/misc/25-libinjection.t

c8 c8s master
  1.   284210d3a0013253e784e9edcda42e36870a884f
  2.   tests
  3.   regression
  4.   misc
  5.   25-libinjection.t
Blob History Raw
Packit 284210 
### libinjection.
Packit 284210
Packit 284210 
{
Packit 284210 
	type => "misc",
Packit 284210 
	comment => "libinjection SQLi - with SQLi",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
                SecRequestBodyAccess On
Packit 284210
Packit 284210 
		SecRule REQUEST_BODY "\@detectSQLi" "id:192372,log,deny"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/detected SQLi using libinjection/, 1],
Packit 284210 
		debug => [ qr/detected SQLi using libinjection/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		#  Args
Packit 284210 
		"some_variable=-1' and 1=1 union/* foo */select load_file('/etc/passwd')--"
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "misc",
Packit 284210 
	comment => "libinjection SQLi - without SQLi",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
                SecRequestBodyAccess On
Packit 284210
Packit 284210 
		SecRule REQUEST_BODY "\@detectSQLi" "id:192372,log,deny"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/detected SQLi using libinjection/, 1],
Packit 284210 
		-debug => [ qr/detected SQLi using libinjection/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		#  Args
Packit 284210 
		"some_variable=hello cruel world"
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "misc",
Packit 284210 
	comment => "libinjection XSS - with XSS",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
                SecRequestBodyAccess On
Packit 284210
Packit 284210 
		SecRule REQUEST_BODY "\@detectXSS" "id:192372,log,deny"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		error => [ qr/detected XSS using libinjection/, 1],
Packit 284210 
		debug => [ qr/detected XSS using libinjection/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^403$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		#  Args
Packit 284210 
		"some_variable="
Packit 284210 
	),
Packit 284210 
},
Packit 284210 
{
Packit 284210 
	type => "misc",
Packit 284210 
	comment => "libinjection XSS - without XSS",
Packit 284210 
	conf => qq(
Packit 284210 
		SecRuleEngine On
Packit 284210 
		SecDebugLog $ENV{DEBUG_LOG}
Packit 284210 
		SecDebugLogLevel 9
Packit 284210 
                SecRequestBodyAccess On
Packit 284210
Packit 284210 
		SecRule REQUEST_BODY "\@detectXSS" "id:192372,log,deny"
Packit 284210 
	),
Packit 284210 
	match_log => {
Packit 284210 
		-error => [ qr/detected XSS using libinjection/, 1],
Packit 284210 
		-debug => [ qr/detected XSS using libinjection/, 1 ],
Packit 284210 
	},
Packit 284210 
	match_response => {
Packit 284210 
		status => qr/^200$/,
Packit 284210 
	},
Packit 284210 
	request => new HTTP::Request(
Packit 284210 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
Packit 284210 
		[
Packit 284210 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit 284210 
		],
Packit 284210 
		#  Args
Packit 284210 
		"some_variable=hello cruel world"
Packit 284210 
	),
Packit 284210 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation