|
|
@ -0,0 +1,63 @@
|
|
|
|
|
|
|
|
--[[
|
|
|
|
|
|
|
|
规则名称: SQl注入
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
过滤阶段: 请求阶段
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
危险等级: 严重
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
规则描述: 对sql注入防护进行补充,增加FIELD()、position()等函数构造布尔盲注和基于时间的盲注进行防护
|
|
|
|
|
|
|
|
--]]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
local kvFilter = waf.kvFilter
|
|
|
|
|
|
|
|
local rgx = waf.rgxMatch
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
local function sMatch(v)
|
|
|
|
|
|
|
|
local m = rgx(v, "\\((?:(?:#|--).*?\\n|/\\*.*?\\*/|\\s|\\xa0|\\()*select\\b", "joi")
|
|
|
|
|
|
|
|
if m then
|
|
|
|
|
|
|
|
return m, v
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
m = rgx(v, "union(?:(?:#|--).*?\\n|/\\*.*?\\*/|\\s|\\xa0|\\()+(?:select\\b|all\\b|distinct)", "joi")
|
|
|
|
|
|
|
|
if m then
|
|
|
|
|
|
|
|
return m, v
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
m = rgx(v, "(?i:\\b(?:c(?:o(?:n(?:v(?:ert(?:_tz)?)?|cat(?:_ws)?|nection_id)|(?:mpres)?s|ercibility|(?:un)?t|alesce)|ur(?:rent_(?:time(?:stamp)?|date|user)|(?:dat|tim)e)|h(?:ar(?:(?:acter)?_length|set)?|r)|iel(?:ing)?|ast|r32)|s(?:t(?:d(?:dev(?:_(?:sam|po)p)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(?:_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha[12]?|oundex|chema|ig?n|leep|pace|qrt)|i(?:s(?:_(?:ipv(?:4(?:_(?:compat|mapped))?|6)|n(?:ot(?:_null)?|ull)|(?:free|used)_lock)|null)?|n(?:et(?:6_(?:aton|ntoa)|_(?:aton|ntoa))|s(?:ert|tr)|terval)?|f(?:null)?)|d(?:a(?:t(?:e(?:_(?:format|add|sub)|diff)?|abase)|y(?:of(?:month|week|year)|name)?)|e(?:(?:s_(?:de|en)cryp|faul)t|grees|code)|count|ump)|l(?:o(?:ca(?:l(?:timestamp)?|te)|g(?:10|2)?|ad_file|wer)|ast(?:_(?:insert_id|day))?|e(?:(?:as|f)t|ngth)|case|trim|pad|n)|u(?:n(?:compress(?:ed_length)?|ix_timestamp|hex)|tc_(?:time(?:stamp)?|date)|p(?:datexml|per)|uid(?:_short)?|case|ser)|r(?:a(?:wto(?:nhex(?:toraw)?|hex)|dians|nd)|e(?:p(?:lace|eat)|lease_lock|verse)|o(?:w_count|und)|ight|trim|pad)|t(?:ime(?:_(?:format|to_sec)|stamp(?:diff|add)?|diff)?|o_(?:(?:second|day)s|base64|n?char)|r(?:uncate|im)|an)|m(?:a(?:ke(?:_set|date)|ster_pos_wait|x)|i(?:(?:crosecon)?d|n(?:ute)?)|o(?:nth(?:name)?|d)|d5)|f(?:i(?:eld(?:_in_set)?|nd_in_set)|rom_(?:unixtime|base64|days)|o(?:und_rows|rmat)|loor)|p(?:o(?:w(?:er)?|sition)|eriod_(?:diff|add)|rocedure_analyse|assword|g_sleep|i)|a(?:s(?:cii(?:str)?|in)|es_(?:de|en)crypt|dd(?:dat|tim)e|(?:co|b)s|tan2?|vg)|b(?:i(?:t_(?:length|count|x?or|and)|n(?:_to_num)?)|enchmark)|e(?:x(?:tract(?:value)?|p(?:ort_set)?)|nc(?:rypt|ode)|lt)|g(?:r(?:oup_conca|eates)t|et_(?:format|lock))|v(?:a(?:r(?:_(?:sam|po)p|iance)|lues)|ersion)|o(?:(?:ld_passwo)?rd|ct(?:et_length)?)|we(?:ek(?:ofyear|day)?|ight_string)|n(?:o(?:t_in|w)|ame_const|ullif)|h(?:ex(?:toraw)?|our)|qu(?:arter|ote)|year(?:week)?|xmltype)\\W*?\\()", "jos")
|
|
|
|
|
|
|
|
if m then
|
|
|
|
|
|
|
|
return m, v
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
m = rgx(v, "(?i:(?:;\\s*?shutdown\\s*?(?:[#;]|\\/\\*|--|\\{)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?sleep))", "jos")
|
|
|
|
|
|
|
|
if m then
|
|
|
|
|
|
|
|
return m, v
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
local form = waf.form
|
|
|
|
|
|
|
|
if form then
|
|
|
|
|
|
|
|
local m, d = kvFilter(form["FORM"], sMatch)
|
|
|
|
|
|
|
|
if m then
|
|
|
|
|
|
|
|
return m, d, true
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
local queryString = waf.queryString
|
|
|
|
|
|
|
|
if queryString then
|
|
|
|
|
|
|
|
local m, d = kvFilter(queryString, sMatch)
|
|
|
|
|
|
|
|
if m then
|
|
|
|
|
|
|
|
return m, d, true
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
local cookies = waf.cookies
|
|
|
|
|
|
|
|
if cookies then
|
|
|
|
|
|
|
|
local m, d = kvFilter(cookies, sMatch)
|
|
|
|
|
|
|
|
if m then
|
|
|
|
|
|
|
|
return m, d, true
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
local m, d = kvFilter(waf.reqHeaders, sMatch)
|
|
|
|
|
|
|
|
if m then
|
|
|
|
|
|
|
|
return m, d, true
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
return false
|