source-git / mod_security

Clone
Source Code
GIT

Blame tests/regression/misc/25-libinjection.t

c8 c8s master
  1.   384592efa1429cbfb4d7f37e97830055f99c6751
  2.   tests
  3.   regression
  4.   misc
  5.   25-libinjection.t
Blob History Raw
Packit Service 384592 
### libinjection.
Packit Service 384592
Packit Service 384592 
{
Packit Service 384592 
	type => "misc",
Packit Service 384592 
	comment => "libinjection SQLi - with SQLi",
Packit Service 384592 
	conf => qq(
Packit Service 384592 
		SecRuleEngine On
Packit Service 384592 
		SecDebugLog $ENV{DEBUG_LOG}
Packit Service 384592 
		SecDebugLogLevel 9
Packit Service 384592 
                SecRequestBodyAccess On
Packit Service 384592
Packit Service 384592 
		SecRule REQUEST_BODY "\@detectSQLi" "id:192372,log,deny"
Packit Service 384592 
	),
Packit Service 384592 
	match_log => {
Packit Service 384592 
		error => [ qr/detected SQLi using libinjection/, 1],
Packit Service 384592 
		debug => [ qr/detected SQLi using libinjection/, 1 ],
Packit Service 384592 
	},
Packit Service 384592 
	match_response => {
Packit Service 384592 
		status => qr/^403$/,
Packit Service 384592 
	},
Packit Service 384592 
	request => new HTTP::Request(
Packit Service 384592 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
Packit Service 384592 
		[
Packit Service 384592 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit Service 384592 
		],
Packit Service 384592 
		#  Args
Packit Service 384592 
		"some_variable=-1' and 1=1 union/* foo */select load_file('/etc/passwd')--"
Packit Service 384592 
	),
Packit Service 384592 
},
Packit Service 384592 
{
Packit Service 384592 
	type => "misc",
Packit Service 384592 
	comment => "libinjection SQLi - without SQLi",
Packit Service 384592 
	conf => qq(
Packit Service 384592 
		SecRuleEngine On
Packit Service 384592 
		SecDebugLog $ENV{DEBUG_LOG}
Packit Service 384592 
		SecDebugLogLevel 9
Packit Service 384592 
                SecRequestBodyAccess On
Packit Service 384592
Packit Service 384592 
		SecRule REQUEST_BODY "\@detectSQLi" "id:192372,log,deny"
Packit Service 384592 
	),
Packit Service 384592 
	match_log => {
Packit Service 384592 
		-error => [ qr/detected SQLi using libinjection/, 1],
Packit Service 384592 
		-debug => [ qr/detected SQLi using libinjection/, 1 ],
Packit Service 384592 
	},
Packit Service 384592 
	match_response => {
Packit Service 384592 
		status => qr/^200$/,
Packit Service 384592 
	},
Packit Service 384592 
	request => new HTTP::Request(
Packit Service 384592 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
Packit Service 384592 
		[
Packit Service 384592 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit Service 384592 
		],
Packit Service 384592 
		#  Args
Packit Service 384592 
		"some_variable=hello cruel world"
Packit Service 384592 
	),
Packit Service 384592 
},
Packit Service 384592 
{
Packit Service 384592 
	type => "misc",
Packit Service 384592 
	comment => "libinjection XSS - with XSS",
Packit Service 384592 
	conf => qq(
Packit Service 384592 
		SecRuleEngine On
Packit Service 384592 
		SecDebugLog $ENV{DEBUG_LOG}
Packit Service 384592 
		SecDebugLogLevel 9
Packit Service 384592 
                SecRequestBodyAccess On
Packit Service 384592
Packit Service 384592 
		SecRule REQUEST_BODY "\@detectXSS" "id:192372,log,deny"
Packit Service 384592 
	),
Packit Service 384592 
	match_log => {
Packit Service 384592 
		error => [ qr/detected XSS using libinjection/, 1],
Packit Service 384592 
		debug => [ qr/detected XSS using libinjection/, 1 ],
Packit Service 384592 
	},
Packit Service 384592 
	match_response => {
Packit Service 384592 
		status => qr/^403$/,
Packit Service 384592 
	},
Packit Service 384592 
	request => new HTTP::Request(
Packit Service 384592 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
Packit Service 384592 
		[
Packit Service 384592 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit Service 384592 
		],
Packit Service 384592 
		#  Args
Packit Service 384592 
		"some_variable="
Packit Service 384592 
	),
Packit Service 384592 
},
Packit Service 384592 
{
Packit Service 384592 
	type => "misc",
Packit Service 384592 
	comment => "libinjection XSS - without XSS",
Packit Service 384592 
	conf => qq(
Packit Service 384592 
		SecRuleEngine On
Packit Service 384592 
		SecDebugLog $ENV{DEBUG_LOG}
Packit Service 384592 
		SecDebugLogLevel 9
Packit Service 384592 
                SecRequestBodyAccess On
Packit Service 384592
Packit Service 384592 
		SecRule REQUEST_BODY "\@detectXSS" "id:192372,log,deny"
Packit Service 384592 
	),
Packit Service 384592 
	match_log => {
Packit Service 384592 
		-error => [ qr/detected XSS using libinjection/, 1],
Packit Service 384592 
		-debug => [ qr/detected XSS using libinjection/, 1 ],
Packit Service 384592 
	},
Packit Service 384592 
	match_response => {
Packit Service 384592 
		status => qr/^200$/,
Packit Service 384592 
	},
Packit Service 384592 
	request => new HTTP::Request(
Packit Service 384592 
		POST => "http://$ENV{SERVER_NAME}:$ENV{SERVER_PORT}/index.html",
Packit Service 384592 
		[
Packit Service 384592 
			"Content-Type" => "application/x-www-form-urlencoded",
Packit Service 384592 
		],
Packit Service 384592 
		#  Args
Packit Service 384592 
		"some_variable=hello cruel world"
Packit Service 384592 
	),
Packit Service 384592 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation