=========================================================== .___ __ __ _________________ __ __ __| _/|__|/ |_ / ___\_` __ \__ \ | | \/ __ | | \\_ __\ / /_/ > | \// __ \| | / /_/ | | || | \___ /|__| (____ /____/\____ | |__||__| /_____/ \/ \/ grep rough audit - static analysis tool v2.8 written by @Wireghoul =================================[justanotherhacker.com]=== modsecurity-crs-3.3.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example-32-# can affect the per transaction context they generally remain fixed during the modsecurity-crs-3.3.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example:33:# execution of ModSecurity. modsecurity-crs-3.3.0/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example-34-# ############################################## modsecurity-crs-3.3.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf-614-# modsecurity-crs-3.3.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf:615:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx ([*?`\\'][^/\n]+/|\$[({\[#a-zA-Z0-9]|/[^/]+?[*?`\\'])" \ modsecurity-crs-3.3.0/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf-616- "id:932200,\ ############################################## modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-637-# modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:638:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:[\"'`](?:\s*?(?:(?:between|x?or|and|div)[\w\s-]+\s*?[+<>=(),-]\s*?[\d\"'`]|like(?:[\w\s-]+\s*?[+<>=(),-]\s*?[\d\"'`]|\W+[\w\"'`(])|[!=|](?:[\d\s!=+-]+.*?[\"'`(].*?|[\d\s!=]+.*?\d+)$|[^\w\s]?=\s*?[\"'`])|(?:\W*?[+=]+\W*?|[<>~]+)[\"'`])|(?:/\*)+[\"'`]+\s?(?:\/\*|--|\{|#)?|\d[\"'`]\s+[\"'`]\s+\d|where\s[\s\w\.,-]+\s=|^admin\s*?[\"'`]|\sis\s*?0\W)" \ modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-639- "id:942180,\ ############################################## modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-825-# modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:826:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?i:(?:^(?:[\"'`\\\\]*?(?:[^\"'`]+[\"'`]|[\d\"'`]+)\s*?(?:n(?:and|ot)|(?:x?x)?or|between|\|\||like|and|div|&&)\s*?[\w\"'`][+&!@(),.-]|.?[\"'`]$)|\@(?:[\w-]+\s(?:between|like|x?or|and|div)\s*?[^\w\s]|\w+\s+(?:between|like|x?or|and|div)\s*?[\"'`\d]+)|[\"'`]\s*?(?:between|like|x?or|and|div)\s*?[\"'`]?\d|[^\w\s:]\s*?\d\W+[^\w\s]\s*?[\"'`].|[^\w\s]\w+\s*?[|-]\s*?[\"'`]\s*?\w|\Winformation_schema|\\\\x(?:23|27|3d)|table_name\W))" \ modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-827- "id:942330,\ ############################################## modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1143- modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1144:SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){12})" \ modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1145- "id:942430,\ ############################################## modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1364- modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1365:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){8})" \ modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1366- "id:942420,\ ############################################## modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1393- modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1394:SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){6})" \ modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1395- "id:942431,\ ############################################## modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1540- modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1541:SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|REQUEST_COOKIES_NAMES "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){3})" \ modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1542- "id:942421,\ ############################################## modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1569- modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf:1570:SecRule ARGS_NAMES|ARGS|XML:/* "@rx ((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'´’‘`<>]*?){2})" \ modsecurity-crs-3.3.0/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf-1571- "id:942432,\ ############################################## modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml-45- input: modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml:46: data: eval($foo) modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-933-APPLICATION-ATTACK-PHP/933160.yaml-47- dest_addr: 127.0.0.1 ############################################## modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml-139- uri: "/" modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml:140: data: "var=0.84622338492032948`echo${IFS}crs312``echo${IFS}34test`" modsecurity-crs-3.3.0/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942260.yaml-141- version: HTTP/1.0 ############################################## modsecurity-crs-3.3.0/util/av-scanning/runav.pl-20-$cmd = "$CLAMSCAN --stdout --disable-summary $FILE"; modsecurity-crs-3.3.0/util/av-scanning/runav.pl:21:$input = `$cmd`; modsecurity-crs-3.3.0/util/av-scanning/runav.pl-22-$input =~ m/^(.+)/;