order(.*)by(.*)\d (?:alter\s*\w+.*character\s+set\s+\w+)|(";\s*waitfor\s+time\s+") (?:%c0%ae\/) \<\!ENTITY(.*)SYSTEM(.*)\> (?:\Wselect.+\W*from)|((?:select|create|rename|truncate|alter|delete|update|insert|desc)\s*\(\s*space\s*\() (?:(?:select|create|rename|truncate|alter|delete|update|insert|desc)\s+(?:(?:group_)concat|char|load_file)\s?\(?)|(?:end\s*\);)|("\s+regexp\W)|(?:[\s(]load_file\s*\() (?i:(\%SYSTEMROOT\%)) (?:merge.*using\s*\()|(execute\s*immediate\s*")|(?:\W+\d*\s*having\s*[^\s\-])|(?:match\s*[\w(),+-]+\s*against\s*\() (?:\)|(?:) (?:procedure\s+analyse\s*\()|(?:create\s+(procedure|function)\s*\w+\s*\(\s*\)\s*-)|(?:declare[^\w]+[@#]\s*\w+)|(exec\s*\(\s*@) (?:[\s()]case\s*\()|(?:\)\s*like\s*\()|(?:having\s*[^\s]+\s*[^\w\s])|(?:if\s?\([\d\w]\s*[=<>~]) (?:(select|;)\s+(?:benchmark|if|sleep)\s*?\(\s*\(?\s*\w+) (?:select\s*pg_sleep)|(?:waitfor\s*delay\s?"+\s?\d)|(?:;\s*shutdown\s*(?:;|--|#|\/\*|{)) (?:\sexec\s+xp_cmdshell)|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*\([^\)]*)|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*select)|(?:select.*\w?user\()|(?:into[\s+]+(?:dump|out)file\s*") (?:(sleep\((\s*)(\d*)(\s*)\)|benchmark\((.*)\,(.*)\))) (?:@.+=\s*\(\s*select)|(?:\d\s+group\s+by.+\()|(?:(?:;|#|--)\s*(?:drop|alter))|(?:(?:;|#|--)\s*(?:update|insert)\s*\w{2,}) (?:\\u00[a-f0-9]{2})|(?:\\x0*[a-f0-9]{2})|(?:\\\d{2,3}) (?:\w\.exe\??\s)|(?:\d\.\dx\|)|(?:%(?:c0\.|af\.|5c\.))|(?:\/(?:%2e){2}) (?:%u(?:ff|00|e\d)\w\w) (?:(union(.*)select(.*))) (?:\wscript:|@import[^\w]|;base64|base64,)|(?:\w\s*\([\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+,[\w\s]+\)) \.\.\/ substr\( [\s\"'`;\/0-9\=]+on\w+\s*= background\b\W*?:\W*?url|background-image\b\W*?:|behavior\b\W*?:\W*?url|-moz-binding\b|@import\b|expression\b\W*?\( (fromcharcode|alert|eval)\s*\( ((?:=|U\s*R\s*L\s*\()\s*[^>]*\s*S\s*C\s*R\s*I\s*P\s*T\s*:|:|[\s\S]allowscriptaccess[\s\S]|[\s\S]data:text\/html[\s\S]|[\s\S]xlink:href[\s\S]|]*>[\s\S]*?|[\s\S]@import[\s\S]|]*>[\s\S]*?|]*>[\s\S]*?|]*>[\s\S]*?) \<(iframe|script|body|img|layer) (?i:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+ (?i:(\!\=|\&\&|\|\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\s+between\s+0\s+and)|(?:is\s+null)|(like\s+null)|(?:(?:^|\W)in[+\s]*\([\s\d\"]+[^()]*\))|(?:xor|<>|rlike(?:\s+binary)?)|(?:regexp\s+binary)) (?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\.\.sysdatabases|ysql\.db)|s(?:ys(?:\.database_name|aux)|chema(?:\W*\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_nam)e\W*\(|information_schema|pg_(catalog|toast)|northwind|tempdb)) (%0d|%0a) phpinfo\( (?:\((?:\W*?(?:objectc(?:ategory|lass)|homedirectory|[gu]idnumber|cn)\b\W*?=|[^\w\x80-\xFF]*?[\!\&\|][^\w\x80-\xFF]*?\()|\)[^\w\x80-\xFF]*?\([^\w\x80-\xFF]*?[\!\&\|]) \<\!\-\-\W*?#\W*?(?:e(?:cho|xec)|printenv|include|cmd) (?i:(\binclude\s*\([^)]*|mosConfig_absolute_path|_CONF\[path\]|_SERVER\[DOCUMENT_ROOT\]|GALLERY_BASEDIR|path\[docroot\]|appserv_root|config\[root_dir\])=(ht|f)tps?:\/\/) (?:\b(?:\.(?:ht(?:access|passwd|group)|www_?acl)|global\.asa|httpd\.conf|boot\.ini)\b|\/etc\/)