Skip to content
This repository was archived by the owner on Nov 8, 2023. It is now read-only.

Update core rules #450

Merged
wargio merged 3 commits into from
Oct 26, 2020
Merged

Update core rules #450

wargio merged 3 commits into from
Oct 26, 2020

Conversation

@kkadosh
Copy link
Contributor

@kkadosh kkadosh commented Dec 6, 2018
edited
Loading

Hello,

Here is an update of some core rules such as:

  • Adding more sql keyword that are not prone to FP
  • Adding wrappers (zip://, expect:// , input)
  • Adding directory traversal bypass (cf. this presentation)
  • Adding .jsp extension for file upload

TODO: Test \b(select|union|update|delete|insert|table|from|ascii|hex|unhex|drop)\b from #337

buixor
buixor reviewed Dec 6, 2018
View reviewed changes
@kkadosh kkadosh changed the title Update core rules [WIP] Update core rules Dec 6, 2018
maddingue added a commit to oscaro/naxsi that referenced this pull request Sep 28, 2020
@maddingue
adapt changes from nbs-system#450
57b85ef 
+ add more SQL keywords
+ add wrappers for `zip://`, `expect://`, `input://`
+ add `.jsp` extension for file upload
maddingue added a commit to oscaro/naxsi that referenced this pull request Oct 9, 2020
@maddingue
adapt changes from nbs-system#450
e9ee17a 
+ add more SQL keywords
+ add wrappers for `zip://`, `expect://`, `input://`
+ add `.jsp` extension for file upload
@wargio wargio changed the title [WIP] Update core rules Update core rules Oct 26, 2020
wargio
wargio approved these changes Oct 26, 2020
View reviewed changes
Copy link
Contributor

@wargio wargio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. no need to wait for this

@wargio wargio merged commit e6fbcd6 into master Oct 26, 2020
@wargio wargio deleted the update_core_rules branch October 26, 2020 19:57
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@buixor buixor buixor left review comments

@jvoisin jvoisin jvoisin approved these changes

@wargio wargio wargio approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@kkadosh @jvoisin @wargio @buixor