removed deprecated header syntax with latest one
parent
e008ea232b
commit
c90fa30096
|
@ -31,7 +31,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(tolower(all_headers), "text/html")'
|
- 'contains(tolower(header), "text/html")'
|
||||||
- 'contains(set_cookie, "_icl_current_admin_language")'
|
- 'contains(set_cookie, "_icl_current_admin_language")'
|
||||||
- 'contains(body, "\"><script>alert(0);</script>")'
|
- 'contains(body, "\"><script>alert(0);</script>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_3 == 200'
|
- 'status_code_3 == 200'
|
||||||
- 'contains(all_headers_3, "text/html")'
|
- 'contains(header_3, "text/html")'
|
||||||
- "contains(body_3, '><script>alert(document.domain)</script></a>')"
|
- "contains(body_3, '><script>alert(document.domain)</script></a>')"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_3 == 200'
|
- 'status_code_3 == 200'
|
||||||
- 'contains(all_headers_3, "text/html")'
|
- 'contains(header_3, "text/html")'
|
||||||
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_3 == 200'
|
- 'status_code_3 == 200'
|
||||||
- 'contains(all_headers_3, "text/html")'
|
- 'contains(header_3, "text/html")'
|
||||||
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_3 == 200'
|
- 'status_code_3 == 200'
|
||||||
- 'contains(all_headers_3, "text/html")'
|
- 'contains(header_3, "text/html")'
|
||||||
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_3 == 200'
|
- 'status_code_3 == 200'
|
||||||
- 'contains(all_headers_3, "text/html")'
|
- 'contains(header_3, "text/html")'
|
||||||
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_3 == 200'
|
- 'status_code_3 == 200'
|
||||||
- 'contains(all_headers_3, "text/html")'
|
- 'contains(header_3, "text/html")'
|
||||||
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -48,6 +48,6 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers_2), 'text/html')"
|
- "contains(tolower(header_2), 'text/html')"
|
||||||
|
|
||||||
# Enhanced by mp on 2022/08/11
|
# Enhanced by mp on 2022/08/11
|
||||||
|
|
|
@ -41,7 +41,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers, "text/html")'
|
- 'contains(header, "text/html")'
|
||||||
- 'status_code_3 == 200'
|
- 'status_code_3 == 200'
|
||||||
- 'contains(body_1, "<title>Citrix SD-WAN</title>")'
|
- 'contains(body_1, "<title>Citrix SD-WAN</title>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -42,7 +42,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
|
- 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
|
||||||
- 'contains(body_2, "DomainMOD")'
|
- 'contains(body_2, "DomainMOD")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -64,7 +64,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(body_4, "operator":"BashOperator")'
|
- 'contains(body_4, "operator":"BashOperator")'
|
||||||
- 'contains(all_headers_4, "application/json")'
|
- 'contains(header_4, "application/json")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
# Enhanced by mp on 2022/07/13
|
# Enhanced by mp on 2022/07/13
|
||||||
|
|
|
@ -46,7 +46,7 @@ http:
|
||||||
- 'contains(body,"password")'
|
- 'contains(body,"password")'
|
||||||
- 'contains(body,"password_reset_hash")'
|
- 'contains(body,"password_reset_hash")'
|
||||||
- 'status_code==200'
|
- 'status_code==200'
|
||||||
- 'contains(all_headers,"text/html")'
|
- 'contains(header,"text/html")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
# Enhanced by md on 2023/04/04
|
# Enhanced by md on 2023/04/04
|
||||||
|
|
|
@ -44,7 +44,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "value=\"\"/><script>alert(document.domain)</script>")'
|
- 'contains(body_2, "value=\"\"/><script>alert(document.domain)</script>")'
|
||||||
- 'contains(body_2, "DomainMOD")'
|
- 'contains(body_2, "DomainMOD")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -53,7 +53,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers_4, "text/html")'
|
- 'contains(header_4, "text/html")'
|
||||||
- 'status_code_4 == 200'
|
- 'status_code_4 == 200'
|
||||||
- 'contains(body_4, "><script>alert(document.domain)</script>") && contains(body_4, "Monstra")'
|
- 'contains(body_4, "><script>alert(document.domain)</script>") && contains(body_4, "Monstra")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -52,7 +52,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_4, 'text/html')"
|
- "contains(header_4, 'text/html')"
|
||||||
- "status_code_4 == 200"
|
- "status_code_4 == 200"
|
||||||
- "contains(body_4, 'wpCentral Connection Key')"
|
- "contains(body_4, 'wpCentral Connection Key')"
|
||||||
- contains(body_4, "pagenow = \'dashboard\'")
|
- contains(body_4, "pagenow = \'dashboard\'")
|
||||||
|
|
|
@ -61,7 +61,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_3, "text/html")
|
- contains(header_3, "text/html")
|
||||||
- status_code_3 == 200
|
- status_code_3 == 200
|
||||||
- contains(body_3, 'CVE-2021-24145')
|
- contains(body_3, 'CVE-2021-24145')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -66,7 +66,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_4, "text/html")
|
- contains(header_4, "text/html")
|
||||||
- status_code_4 == 200
|
- status_code_4 == 200
|
||||||
- contains(body_3, '{\"success\":1}')
|
- contains(body_3, '{\"success\":1}')
|
||||||
- contains(body_4, 'CVE-2021-24155')
|
- contains(body_4, 'CVE-2021-24155')
|
||||||
|
|
|
@ -43,7 +43,7 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_1 == 302'
|
- 'status_code_1 == 302'
|
||||||
- 'status_code_2 == 302'
|
- 'status_code_2 == 302'
|
||||||
- "contains(all_headers_2, 'Location: https://interact.sh?client_id=1')"
|
- "contains(header_2, 'Location: https://interact.sh?client_id=1')"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
# Enhanced by md on 2022/10/14
|
# Enhanced by md on 2022/10/14
|
||||||
|
|
|
@ -88,7 +88,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_4, "text/html")
|
- contains(header_4, "text/html")
|
||||||
- status_code_4 == 200
|
- status_code_4 == 200
|
||||||
- contains(body_4, "CVE-2021-24347")
|
- contains(body_4, "CVE-2021-24347")
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -43,7 +43,7 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- status_code_2 == 200
|
- status_code_2 == 200
|
||||||
- contains(body_2, '><script>alert(document.domain)</script>&action=view')
|
- contains(body_2, '><script>alert(document.domain)</script>&action=view')
|
||||||
- contains(all_headers_2, "text/html")
|
- contains(header_2, "text/html")
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
# Enhanced by md on 2023/03/28
|
# Enhanced by md on 2023/03/28
|
||||||
|
|
|
@ -42,7 +42,7 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- status_code_2 == 200
|
- status_code_2 == 200
|
||||||
- contains(body_2, 'extensions/\'-alert(document.domain)-\'') && contains(body_2, 'w3-total-cache')
|
- contains(body_2, 'extensions/\'-alert(document.domain)-\'') && contains(body_2, 'w3-total-cache')
|
||||||
- contains(all_headers_2, "text/html")
|
- contains(header_2, "text/html")
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
# Enhanced by md on 2023/03/28
|
# Enhanced by md on 2023/03/28
|
||||||
|
|
|
@ -40,7 +40,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_2, "text/html")
|
- contains(header_2, "text/html")
|
||||||
- status_code_2 == 200
|
- status_code_2 == 200
|
||||||
- contains(body_2, 'accesskey=X onclick=alert(1) test=')
|
- contains(body_2, 'accesskey=X onclick=alert(1) test=')
|
||||||
- contains(body_2, 'woocommerce_persian_translate')
|
- contains(body_2, 'woocommerce_persian_translate')
|
||||||
|
|
|
@ -38,7 +38,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200 && status_code_3 == 200'
|
- 'status_code_2 == 200 && status_code_3 == 200'
|
||||||
- 'contains(all_headers_3, "text/html")'
|
- 'contains(header_3, "text/html")'
|
||||||
- 'contains(body_3, "<img src onerror=alert(document.domain)>")'
|
- 'contains(body_3, "<img src onerror=alert(document.domain)>")'
|
||||||
- 'contains(body_3, "Affiliates Manager Click Tracking")'
|
- 'contains(body_3, "Affiliates Manager Click Tracking")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -38,7 +38,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- duration_1>=6
|
- duration_1>=6
|
||||||
- contains(all_headers_1, "application/json")
|
- contains(header_1, "application/json")
|
||||||
- status_code == 200
|
- status_code == 200
|
||||||
- contains(body_2, 'other_discount_code_')
|
- contains(body_2, 'other_discount_code_')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -45,7 +45,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_3, 'text/html')"
|
- "contains(header_3, 'text/html')"
|
||||||
- "status_code_3 == 200"
|
- "status_code_3 == 200"
|
||||||
- 'contains(body_3, "iframe src=\"javascript:alert(document.domain)") && contains(body_3, "SSH Terminal")'
|
- 'contains(body_3, "iframe src=\"javascript:alert(document.domain)") && contains(body_3, "SSH Terminal")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -53,7 +53,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_4 == 200'
|
- 'status_code_4 == 200'
|
||||||
- 'contains(all_headers_4, "text/html")'
|
- 'contains(header_4, "text/html")'
|
||||||
- 'contains(body_4, "Go to <script>alert(document.domain)</script>")'
|
- 'contains(body_4, "Go to <script>alert(document.domain)</script>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -38,7 +38,7 @@ http:
|
||||||
- "status_code_1 == 200"
|
- "status_code_1 == 200"
|
||||||
- "status_code_2 == 404"
|
- "status_code_2 == 404"
|
||||||
- 'contains(body_1, "prestashop")'
|
- 'contains(body_1, "prestashop")'
|
||||||
- "contains(tolower(all_headers_2), 'index.php?controller=404')"
|
- "contains(tolower(header_2), 'index.php?controller=404')"
|
||||||
- "len(body_2) == 0"
|
- "len(body_2) == 0"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_4, "text/html")
|
- contains(header_4, "text/html")
|
||||||
- status_code_4 == 200
|
- status_code_4 == 200
|
||||||
- contains(body_4, 'blockcountry_blockmessage\">test</textarea><script>alert(document.domain)</script>')
|
- contains(body_4, 'blockcountry_blockmessage\">test</textarea><script>alert(document.domain)</script>')
|
||||||
- contains(body_4, '<h3>Block type</h3>')
|
- contains(body_4, '<h3>Block type</h3>')
|
||||||
|
|
|
@ -41,6 +41,6 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "!contains(tolower(all_headers), 'x-xss-protection')"
|
- "!contains(tolower(header), 'x-xss-protection')"
|
||||||
|
|
||||||
# Enhanced by mp on 2022/08/28
|
# Enhanced by mp on 2022/08/28
|
||||||
|
|
|
@ -67,7 +67,7 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(body_1, "Sign In")'
|
- 'contains(body_1, "Sign In")'
|
||||||
- 'status_code_2 == 302'
|
- 'status_code_2 == 302'
|
||||||
- 'contains(all_headers_2, "session=.")'
|
- 'contains(header_2, "session=.")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
|
|
|
@ -65,7 +65,7 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(body_4, '<p><script>alert(document.cookie)</script></p>')"
|
- "contains(body_4, '<p><script>alert(document.cookie)</script></p>')"
|
||||||
- "contains(body_4, 'FlatPress')"
|
- "contains(body_4, 'FlatPress')"
|
||||||
- "contains(all_headers_4, 'text/html')"
|
- "contains(header_4, 'text/html')"
|
||||||
- "status_code_4 == 200"
|
- "status_code_4 == 200"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers_1, "text/html")'
|
- 'contains(header_1, "text/html")'
|
||||||
- 'status_code_1 == 200'
|
- 'status_code_1 == 200'
|
||||||
- 'contains(body_1, "{\"status\":\"success\"}")'
|
- 'contains(body_1, "{\"status\":\"success\"}")'
|
||||||
- 'contains(body_2, "Welcome to Simple Client")'
|
- 'contains(body_2, "Welcome to Simple Client")'
|
||||||
|
|
|
@ -50,7 +50,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_3, 'text/html')"
|
- "contains(header_3, 'text/html')"
|
||||||
- "status_code_3 == 200"
|
- "status_code_3 == 200"
|
||||||
- 'contains(body_3, "Administrator\"><script>alert(document.domain)</script> Admin")'
|
- 'contains(body_3, "Administrator\"><script>alert(document.domain)</script> Admin")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -51,7 +51,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_3, 'text/html')"
|
- "contains(header_3, 'text/html')"
|
||||||
- "status_code_3 == 200"
|
- "status_code_3 == 200"
|
||||||
- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
|
- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -51,7 +51,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_3, 'text/html')"
|
- "contains(header_3, 'text/html')"
|
||||||
- "status_code_3 == 200"
|
- "status_code_3 == 200"
|
||||||
- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
|
- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -50,7 +50,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_3, 'text/html')"
|
- "contains(header_3, 'text/html')"
|
||||||
- "status_code_3 == 200"
|
- "status_code_3 == 200"
|
||||||
- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
|
- 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -51,7 +51,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_3, 'text/html')"
|
- "contains(header_3, 'text/html')"
|
||||||
- "status_code_3 == 200"
|
- "status_code_3 == 200"
|
||||||
- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
|
- 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -41,7 +41,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "onanimationstart=alert(document.domain)")'
|
- 'contains(body_2, "onanimationstart=alert(document.domain)")'
|
||||||
- 'contains(body_2, "newstatpress_page")'
|
- 'contains(body_2, "newstatpress_page")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -40,7 +40,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_2, 'text/html')"
|
- "contains(header_2, 'text/html')"
|
||||||
- "status_code_2 == 200"
|
- "status_code_2 == 200"
|
||||||
- "contains(body_2, '<body onload=alert(document.domain)>') && contains(body_2, '/wp-content/plugins/')"
|
- "contains(body_2, '<body onload=alert(document.domain)>') && contains(body_2, '/wp-content/plugins/')"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -54,7 +54,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(body_4, 'placeholder=\"Developer IPs\" ></textarea><svg/onload=alert(document.domain)>')
|
- contains(body_4, 'placeholder=\"Developer IPs\" ></textarea><svg/onload=alert(document.domain)>')
|
||||||
- contains(all_headers_4, "text/html")
|
- contains(header_4, "text/html")
|
||||||
- status_code_4 == 200
|
- status_code_4 == 200
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -46,7 +46,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
# Enhanced by md on 2022/09/08
|
# Enhanced by md on 2022/09/08
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
- contains(body_2,'QueryException')
|
- contains(body_2,'QueryException')
|
||||||
- contains(body_2,'SQLSTATE')
|
- contains(body_2,'SQLSTATE')
|
||||||
- contains(body_2,'runQueryCallback')
|
- contains(body_2,'runQueryCallback')
|
||||||
- 'contains(all_headers_2,"text/html")'
|
- 'contains(header_2,"text/html")'
|
||||||
- 'status_code_2==500'
|
- 'status_code_2==500'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(body_3,"<img src=x onerror=alert(document.domain)></td>")'
|
- 'contains(body_3,"<img src=x onerror=alert(document.domain)></td>")'
|
||||||
- 'contains(all_headers_3,"text/html")'
|
- 'contains(header_3,"text/html")'
|
||||||
- 'status_code_2 == 200 && status_code_3 == 200'
|
- 'status_code_2 == 200 && status_code_3 == 200'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers, "application/json")'
|
- 'contains(header, "application/json")'
|
||||||
- "status_code == 200"
|
- "status_code == 200"
|
||||||
- "contains(body_1, 'users_can_register')"
|
- "contains(body_1, 'users_can_register')"
|
||||||
- "contains(body_2, 'default_role')"
|
- "contains(body_2, 'default_role')"
|
||||||
|
|
|
@ -55,7 +55,7 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(body_2,"true")'
|
- 'contains(body_2,"true")'
|
||||||
- contains(body_3,'\"><img src=\"x\" onerror=\"alert(document.domain);\">\" placeholder=\"Use default')
|
- contains(body_3,'\"><img src=\"x\" onerror=\"alert(document.domain);\">\" placeholder=\"Use default')
|
||||||
- 'contains(all_headers_3,"text/html")'
|
- 'contains(header_3,"text/html")'
|
||||||
- 'status_code_3==200'
|
- 'status_code_3==200'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- contains(body_3,'\"first_name\":\"{{payload}}\"')
|
- contains(body_3,'\"first_name\":\"{{payload}}\"')
|
||||||
- 'status_code_3==200'
|
- 'status_code_3==200'
|
||||||
- 'contains(all_headers_3,"application/json")'
|
- 'contains(header_3,"application/json")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
|
|
|
@ -43,7 +43,7 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(body_2, '<script>alert(document.domain)</script>')"
|
- "contains(body_2, '<script>alert(document.domain)</script>')"
|
||||||
- "contains(body_2, 'advanced-booking-calendar')"
|
- "contains(body_2, 'advanced-booking-calendar')"
|
||||||
- "contains(all_headers_2, 'text/html')"
|
- "contains(header_2, 'text/html')"
|
||||||
- "status_code_2 == 200"
|
- "status_code_2 == 200"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -39,7 +39,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- contains(body_2, 'colspan=\"2\"><script>alert(document.domain)</script></th>')
|
- contains(body_2, 'colspan=\"2\"><script>alert(document.domain)</script></th>')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -63,7 +63,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_3, "text/html")
|
- contains(header_3, "text/html")
|
||||||
- status_code_3 == 200
|
- status_code_3 == 200
|
||||||
- contains(body_1, 'success\":true')
|
- contains(body_1, 'success\":true')
|
||||||
- contains(body_3, 'e0d7fcf2c9f63143b6278a3e40f6bea9')
|
- contains(body_3, 'e0d7fcf2c9f63143b6278a3e40f6bea9')
|
||||||
|
|
|
@ -44,8 +44,8 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers, "text/xml")'
|
- 'contains(header, "text/xml")'
|
||||||
- 'contains(all_headers, "application/xml")'
|
- 'contains(header, "application/xml")'
|
||||||
condition: or
|
condition: or
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
|
|
|
@ -34,7 +34,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "script%3Ealert%28document.domain%29%3C%2Fscript%3")'
|
- 'contains(body_2, "script%3Ealert%28document.domain%29%3C%2Fscript%3")'
|
||||||
- 'contains(body_2, "Unyson")'
|
- 'contains(body_2, "Unyson")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -51,7 +51,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(body), 'administration')" # confirms 1st path
|
- "contains(tolower(body), 'administration')" # confirms 1st path
|
||||||
- "contains(tolower(all_headers), 'content-type: image/png')" # confirms 2nd path
|
- "contains(tolower(header), 'content-type: image/png')" # confirms 2nd path
|
||||||
condition: or
|
condition: or
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
|
|
|
@ -42,6 +42,6 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), 'location: zabbix.php?action=dashboard.view')"
|
- "contains(tolower(header), 'location: zabbix.php?action=dashboard.view')"
|
||||||
|
|
||||||
# Enhanced by mp on 2022/03/08
|
# Enhanced by mp on 2022/03/08
|
||||||
|
|
|
@ -45,7 +45,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_3, "text/html")
|
- contains(header_3, "text/html")
|
||||||
- status_code_3 == 200
|
- status_code_3 == 200
|
||||||
- contains(body_3, '{\"new_value\":[\"XSSPAYLOAD<svg onload=alert(document.domain)>')
|
- contains(body_3, '{\"new_value\":[\"XSSPAYLOAD<svg onload=alert(document.domain)>')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -35,7 +35,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(to_lower(all_headers_1), "x-cmd-response:")'
|
- 'contains(to_lower(header_1), "x-cmd-response:")'
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
|
|
|
@ -48,7 +48,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers_3, "text/html")'
|
- 'contains(header_3, "text/html")'
|
||||||
- 'status_code_3 == 200'
|
- 'status_code_3 == 200'
|
||||||
- contains(body_3, 'admin-name\">nuclei<script>alert(document.domain);</script>')
|
- contains(body_3, 'admin-name\">nuclei<script>alert(document.domain);</script>')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -38,7 +38,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "ee-simple-file-list")'
|
- 'contains(body_2, "ee-simple-file-list")'
|
||||||
- 'contains(body_2, "onanimationstart=alert(document.domain)//")'
|
- 'contains(body_2, "onanimationstart=alert(document.domain)//")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -34,7 +34,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- duration>=7
|
- duration>=7
|
||||||
- contains(all_headers, "text/html")
|
- contains(header, "text/html")
|
||||||
- status_code == 200
|
- status_code == 200
|
||||||
- contains(body, '{\"CardNo\":false')
|
- contains(body, '{\"CardNo\":false')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -34,7 +34,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers, "text/html")'
|
- 'contains(header, "text/html")'
|
||||||
- 'status_code == 200'
|
- 'status_code == 200'
|
||||||
- contains(body,'<script>alert(document.domain)</script><\"?cmd=')
|
- contains(body,'<script>alert(document.domain)</script><\"?cmd=')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -52,7 +52,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(all_headers_4, 'text/html')"
|
- "contains(header_4, 'text/html')"
|
||||||
- "status_code_4 == 200"
|
- "status_code_4 == 200"
|
||||||
- 'contains(body_4, "value=\"\" autofocus onfocus=alert(document.domain)>")'
|
- 'contains(body_4, "value=\"\" autofocus onfocus=alert(document.domain)>")'
|
||||||
- "contains(body_4, 'The amount of automatically')"
|
- "contains(body_4, 'The amount of automatically')"
|
||||||
|
|
|
@ -40,7 +40,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(body_2, "Extension Options")'
|
- 'contains(body_2, "Extension Options")'
|
||||||
- 'contains(body_2, "<script>alert(document.domain)</script>&tab")'
|
- 'contains(body_2, "<script>alert(document.domain)</script>&tab")'
|
||||||
|
|
|
@ -41,7 +41,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "><script>alert(document.domain)</script>")'
|
- 'contains(body_2, "><script>alert(document.domain)</script>")'
|
||||||
- 'contains(body_2, "ere_property_gallery")'
|
- 'contains(body_2, "ere_property_gallery")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -77,7 +77,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_3, "text/html")
|
- contains(header_3, "text/html")
|
||||||
- status_code_3 == 200
|
- status_code_3 == 200
|
||||||
- contains(body_3, 'e1bb1e04b786e90b07ebc4f7a2bff37d')
|
- contains(body_3, 'e1bb1e04b786e90b07ebc4f7a2bff37d')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -53,7 +53,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "status_code_5 == 200"
|
- "status_code_5 == 200"
|
||||||
- "contains(all_headers_5, 'text/html')"
|
- "contains(header_5, 'text/html')"
|
||||||
- 'contains(body_5, "<img src=\"x\" onerror=\"alert(document.domain)\" />")'
|
- 'contains(body_5, "<img src=\"x\" onerror=\"alert(document.domain)\" />")'
|
||||||
- "contains(body_5, 'Backdrop CMS')"
|
- "contains(body_5, 'Backdrop CMS')"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -41,7 +41,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "<script>alert(`document.domain`)</script>")'
|
- 'contains(body_2, "<script>alert(`document.domain`)</script>")'
|
||||||
- 'contains(body_2, "Post Status Notifier Lite")'
|
- 'contains(body_2, "Post Status Notifier Lite")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -42,7 +42,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "/onmouseover=alert(document.domain)//")'
|
- 'contains(body_2, "/onmouseover=alert(document.domain)//")'
|
||||||
- 'contains(body_2, "Watu Quizzes")'
|
- 'contains(body_2, "Watu Quizzes")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -42,7 +42,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- 'contains(body_2, "/ onmouseover=alert(document.domain);//")'
|
- 'contains(body_2, "/ onmouseover=alert(document.domain);//")'
|
||||||
- 'contains(body_2, "GN Publisher")'
|
- 'contains(body_2, "GN Publisher")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -29,6 +29,6 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "status_code_1 == 200"
|
- "status_code_1 == 200"
|
||||||
- "!regex('X-Frame-Options', all_headers)"
|
- "!regex('X-Frame-Options', header)"
|
||||||
- "contains(body, 'BUM</b>Sys</a>')"
|
- "contains(body, 'BUM</b>Sys</a>')"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -54,7 +54,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(body_1, "Sign In - Airflow")'
|
- 'contains(body_1, "Sign In - Airflow")'
|
||||||
- 'contains(all_headers_2, "session=.")'
|
- 'contains(header_2, "session=.")'
|
||||||
- 'status_code_2 == 302'
|
- 'status_code_2 == 302'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "status_code_1 == 302 && status_code_2 == 200"
|
- "status_code_1 == 302 && status_code_2 == 200"
|
||||||
- "contains(tolower(all_headers_2), 'application/json')"
|
- "contains(tolower(header_2), 'application/json')"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
# Enhanced by mp on 2022/03/22
|
# Enhanced by mp on 2022/03/22
|
||||||
|
|
|
@ -60,8 +60,8 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(body_1), 'welcome to hue')
|
- contains(tolower(body_1), 'welcome to hue')
|
||||||
- contains(tolower(all_headers_2), 'csrftoken=')
|
- contains(tolower(header_2), 'csrftoken=')
|
||||||
- contains(tolower(all_headers_2), 'sessionid=')
|
- contains(tolower(header_2), 'sessionid=')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
|
|
|
@ -39,9 +39,9 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(all_headers), 'text/html')
|
- contains(tolower(header), 'text/html')
|
||||||
- contains(tolower(all_headers), 'phpsessid')
|
- contains(tolower(header), 'phpsessid')
|
||||||
- contains(tolower(all_headers), 'showcameraid')
|
- contains(tolower(header), 'showcameraid')
|
||||||
|
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -48,9 +48,9 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "!contains(tolower(all_headers), 'location: /login')"
|
- "!contains(tolower(header), 'location: /login')"
|
||||||
- "contains(tolower(all_headers), 'location: /')"
|
- "contains(tolower(header), 'location: /')"
|
||||||
- "contains(tolower(all_headers), 'gophish')"
|
- "contains(tolower(header), 'gophish')"
|
||||||
- "status_code==302"
|
- "status_code==302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -38,8 +38,8 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(all_headers), 'jupyterhub-session-id=')
|
- contains(tolower(header), 'jupyterhub-session-id=')
|
||||||
- contains(tolower(all_headers), 'jupyterhub-hub-login=')
|
- contains(tolower(header), 'jupyterhub-hub-login=')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
|
|
|
@ -36,8 +36,8 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(all_headers), 'mantis_secure_session')
|
- contains(tolower(header), 'mantis_secure_session')
|
||||||
- contains(tolower(all_headers), 'mantis_string_cookie')
|
- contains(tolower(header), 'mantis_string_cookie')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
|
|
|
@ -46,7 +46,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers_1, "/user/main/")'
|
- 'contains(header_1, "/user/main/")'
|
||||||
- 'status_code_1 == 302'
|
- 'status_code_1 == 302'
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
- contains(body_2, "var loguser = \'ns25000")
|
- contains(body_2, "var loguser = \'ns25000")
|
||||||
|
|
|
@ -71,9 +71,9 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(all_headers_2, "phpMyAdmin=") && contains(all_headers_2, "pmaUser-1=")
|
- contains(header_2, "phpMyAdmin=") && contains(header_2, "pmaUser-1=")
|
||||||
- status_code_2 == 302
|
- status_code_2 == 302
|
||||||
- contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
|
- contains(header_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(header_2, '/index.php?route=/&route=%2F')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
# Enhanced by md on 2023/01/09
|
# Enhanced by md on 2023/01/09
|
||||||
|
|
|
@ -43,7 +43,7 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(all_headers), 'sdbsessionid')
|
- contains(tolower(header), 'sdbsessionid')
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
part: body
|
part: body
|
||||||
|
|
|
@ -43,14 +43,14 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code_2 == 302'
|
- 'status_code_2 == 302'
|
||||||
- "contains(tolower(all_headers_2), 'jsessionid')"
|
- "contains(tolower(header_2), 'jsessionid')"
|
||||||
- "contains(tolower(all_headers_2), 'location: /versa/index.html')"
|
- "contains(tolower(header_2), 'location: /versa/index.html')"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers_2), '/login?error=true')"
|
- "contains(tolower(header_2), '/login?error=true')"
|
||||||
- "contains(tolower(all_headers_2), '/login?tokenmissingerror=true')"
|
- "contains(tolower(header_2), '/login?tokenmissingerror=true')"
|
||||||
negative: true
|
negative: true
|
||||||
|
|
||||||
# Enhanced by mp on 2022/04/06
|
# Enhanced by mp on 2022/04/06
|
||||||
|
|
|
@ -39,6 +39,6 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), 'ms_session_id')"
|
- "contains(tolower(header), 'ms_session_id')"
|
||||||
|
|
||||||
# Enhanced by md on 2022/11/28
|
# Enhanced by md on 2022/11/28
|
||||||
|
|
|
@ -28,7 +28,7 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), '/certsrv')"
|
- "contains(tolower(header), '/certsrv')"
|
||||||
|
|
||||||
extractors:
|
extractors:
|
||||||
- type: kval
|
- type: kval
|
||||||
|
|
|
@ -26,11 +26,11 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: composer.lock
|
name: composer.lock
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"
|
- "contains(body, 'packages') && contains(tolower(header), 'application/octet-stream') && status_code == 200"
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: composer.json
|
name: composer.json
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(body, 'require') && contains(tolower(all_headers), 'application/json') && status_code == 200"
|
- "contains(body, 'require') && contains(tolower(header), 'application/json') && status_code == 200"
|
||||||
|
|
||||||
# Enhanced by mp on 2023/02/05
|
# Enhanced by mp on 2023/02/05
|
||||||
|
|
|
@ -28,7 +28,7 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), 'content-type: application/javascript')"
|
- "contains(tolower(header), 'content-type: application/javascript')"
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
part: body
|
part: body
|
||||||
|
|
|
@ -34,7 +34,7 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), 'application/yaml')"
|
- "contains(tolower(header), 'application/yaml')"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
|
@ -72,7 +72,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), 'www-authenticate: ntlm')"
|
- "contains(tolower(header), 'www-authenticate: ntlm')"
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
|
|
|
@ -22,76 +22,76 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: strict-transport-security
|
name: strict-transport-security
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)strict-transport-security', all_headers)"
|
- "!regex('(?i)strict-transport-security', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: content-security-policy
|
name: content-security-policy
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)content-security-policy', all_headers)"
|
- "!regex('(?i)content-security-policy', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: permissions-policy
|
name: permissions-policy
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)permissions-policy', all_headers)"
|
- "!regex('(?i)permissions-policy', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: x-frame-options
|
name: x-frame-options
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)x-frame-options', all_headers)"
|
- "!regex('(?i)x-frame-options', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: x-content-type-options
|
name: x-content-type-options
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)x-content-type-options', all_headers)"
|
- "!regex('(?i)x-content-type-options', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: x-permitted-cross-domain-policies
|
name: x-permitted-cross-domain-policies
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)x-permitted-cross-domain-policies', all_headers)"
|
- "!regex('(?i)x-permitted-cross-domain-policies', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: referrer-policy
|
name: referrer-policy
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)referrer-policy', all_headers)"
|
- "!regex('(?i)referrer-policy', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: clear-site-data
|
name: clear-site-data
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)clear-site-data', all_headers)"
|
- "!regex('(?i)clear-site-data', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: cross-origin-embedder-policy
|
name: cross-origin-embedder-policy
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)cross-origin-embedder-policy', all_headers)"
|
- "!regex('(?i)cross-origin-embedder-policy', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: cross-origin-opener-policy
|
name: cross-origin-opener-policy
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)cross-origin-opener-policy', all_headers)"
|
- "!regex('(?i)cross-origin-opener-policy', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: cross-origin-resource-policy
|
name: cross-origin-resource-policy
|
||||||
dsl:
|
dsl:
|
||||||
- "!regex('(?i)cross-origin-resource-policy', all_headers)"
|
- "!regex('(?i)cross-origin-resource-policy', header)"
|
||||||
- "status_code != 301 && status_code != 302"
|
- "status_code != 301 && status_code != 302"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -27,7 +27,7 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(all_headers), 'x-guploader-uploadid')
|
- contains(tolower(header), 'x-guploader-uploadid')
|
||||||
negative: true
|
negative: true
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
|
|
|
@ -22,7 +22,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(tolower(all_headers), "tomcat")'
|
- 'contains(tolower(header), "tomcat")'
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
|
|
|
@ -17,13 +17,13 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(all_headers), 'x-amz-bucket')
|
- contains(tolower(header), 'x-amz-bucket')
|
||||||
- contains(tolower(all_headers), 'x-amz-request')
|
- contains(tolower(header), 'x-amz-request')
|
||||||
- contains(tolower(all_headers), 'x-amz-id')
|
- contains(tolower(header), 'x-amz-id')
|
||||||
- contains(tolower(all_headers), 'amazons3')
|
- contains(tolower(header), 'amazons3')
|
||||||
condition: or
|
condition: or
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(all_headers), 'x-guploader-uploadid')
|
- contains(tolower(header), 'x-guploader-uploadid')
|
||||||
negative: true
|
negative: true
|
||||||
|
|
|
@ -18,7 +18,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
condition: or
|
condition: or
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), 'x-cache: hit from cloudfront')"
|
- "contains(tolower(header), 'x-cache: hit from cloudfront')"
|
||||||
- "contains(tolower(all_headers), 'x-cache: refreshhit from cloudfront')"
|
- "contains(tolower(header), 'x-cache: refreshhit from cloudfront')"
|
||||||
- "contains(tolower(all_headers), 'x-cache: miss from cloudfront')"
|
- "contains(tolower(header), 'x-cache: miss from cloudfront')"
|
||||||
- "contains(tolower(all_headers), 'x-cache: error from cloudfront')"
|
- "contains(tolower(header), 'x-cache: error from cloudfront')"
|
||||||
|
|
|
@ -27,4 +27,4 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers, "X-Vcap-Request-Id:") || contains(all_headers, "X-Cf-Routererror:")'
|
- 'contains(header, "X-Vcap-Request-Id:") || contains(header, "X-Cf-Routererror:")'
|
||||||
|
|
|
@ -16,11 +16,11 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- contains(tolower(all_headers), 'x-goog-component-count')
|
- contains(tolower(header), 'x-goog-component-count')
|
||||||
- contains(tolower(all_headers), 'x-goog-expiration')
|
- contains(tolower(header), 'x-goog-expiration')
|
||||||
- contains(tolower(all_headers), 'x-goog-generation')
|
- contains(tolower(header), 'x-goog-generation')
|
||||||
- contains(tolower(all_headers), 'x-goog-metageneration')
|
- contains(tolower(header), 'x-goog-metageneration')
|
||||||
- contains(tolower(all_headers), 'x-goog-stored-content-encoding')
|
- contains(tolower(header), 'x-goog-stored-content-encoding')
|
||||||
- contains(tolower(all_headers), 'x-goog-stored-content-length')
|
- contains(tolower(header), 'x-goog-stored-content-length')
|
||||||
- contains(tolower(all_headers), 'x-guploader-uploadid')
|
- contains(tolower(header), 'x-guploader-uploadid')
|
||||||
condition: or
|
condition: or
|
||||||
|
|
|
@ -26,7 +26,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(tolower(all_headers), "x-magento")'
|
- 'contains(tolower(header), "x-magento")'
|
||||||
- 'status_code == 200'
|
- 'status_code == 200'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'status_code == 200'
|
- 'status_code == 200'
|
||||||
- 'contains(all_headers, "application/json")'
|
- 'contains(header, "application/json")'
|
||||||
- 'contains(body, "OpenEthereum")'
|
- 'contains(body, "OpenEthereum")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
|
|
@ -23,4 +23,4 @@ http:
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), 'x-spinnaker-priority')"
|
- "contains(tolower(header), 'x-spinnaker-priority')"
|
|
@ -39,6 +39,6 @@ http:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
name: arbitrary-origin
|
name: arbitrary-origin
|
||||||
dsl:
|
dsl:
|
||||||
- "contains(tolower(all_headers), 'access-control-allow-origin: {{cors_origin}}')"
|
- "contains(tolower(header), 'access-control-allow-origin: {{cors_origin}}')"
|
||||||
- "contains(tolower(all_headers), 'access-control-allow-credentials: true')"
|
- "contains(tolower(header), 'access-control-allow-credentials: true')"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -26,14 +26,14 @@ http:
|
||||||
- 'contains(body, "searchCriteria")'
|
- 'contains(body, "searchCriteria")'
|
||||||
- 'contains(body, "parameters")'
|
- 'contains(body, "parameters")'
|
||||||
- 'contains(body, "message")'
|
- 'contains(body, "message")'
|
||||||
- 'contains(tolower(all_headers), "application/json")'
|
- 'contains(tolower(header), "application/json")'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(body, "secure_base_link_url")'
|
- 'contains(body, "secure_base_link_url")'
|
||||||
- 'contains(body, "timezone")'
|
- 'contains(body, "timezone")'
|
||||||
- 'contains(tolower(all_headers), "application/json")'
|
- 'contains(tolower(header), "application/json")'
|
||||||
- 'status_code == 200'
|
- 'status_code == 200'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
@ -41,6 +41,6 @@ http:
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(body, "name")'
|
- 'contains(body, "name")'
|
||||||
- 'contains(body, "website_id")'
|
- 'contains(body, "website_id")'
|
||||||
- 'contains(tolower(all_headers), "application/json")'
|
- 'contains(tolower(header), "application/json")'
|
||||||
- 'status_code == 200'
|
- 'status_code == 200'
|
||||||
condition: and
|
condition: and
|
|
@ -26,7 +26,7 @@ http:
|
||||||
- 'contains(body, "Magento")'
|
- 'contains(body, "Magento")'
|
||||||
- 'contains(body, "replace xmlns:xsi=")'
|
- 'contains(body, "replace xmlns:xsi=")'
|
||||||
- 'contains(body, "<field path=")'
|
- 'contains(body, "<field path=")'
|
||||||
- 'contains(tolower(all_headers), "application/xml") || contains(tolower(all_headers), "application/octet-stream")'
|
- 'contains(tolower(header), "application/xml") || contains(tolower(header), "application/octet-stream")'
|
||||||
- 'status_code == 200'
|
- 'status_code == 200'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
@ -36,6 +36,6 @@ http:
|
||||||
- 'contains(body, "config xmlns:xsi")'
|
- 'contains(body, "config xmlns:xsi")'
|
||||||
- 'contains(body, "<application>")'
|
- 'contains(body, "<application>")'
|
||||||
- 'contains(body, "<install>")'
|
- 'contains(body, "<install>")'
|
||||||
- 'contains(tolower(all_headers), "application/xml") || contains(tolower(all_headers), "application/octet-stream")'
|
- 'contains(tolower(header), "application/xml") || contains(tolower(header), "application/octet-stream")'
|
||||||
- 'status_code == 200'
|
- 'status_code == 200'
|
||||||
condition: and
|
condition: and
|
|
@ -40,7 +40,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- "status_code_2 == 200"
|
- "status_code_2 == 200"
|
||||||
- contains(body_2, 'Result against \"<script>alert(document.domain)</script>\" keyword')
|
- contains(body_2, 'Result against \"<script>alert(document.domain)</script>\" keyword')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
|
@ -40,7 +40,7 @@ http:
|
||||||
matchers:
|
matchers:
|
||||||
- type: dsl
|
- type: dsl
|
||||||
dsl:
|
dsl:
|
||||||
- 'contains(all_headers_2, "text/html")'
|
- 'contains(header_2, "text/html")'
|
||||||
- "status_code_2 == 200"
|
- "status_code_2 == 200"
|
||||||
- contains(body_2, 'Result against \"<script>alert(document.domain)</script>\" keyword')
|
- contains(body_2, 'Result against \"<script>alert(document.domain)</script>\" keyword')
|
||||||
condition: and
|
condition: and
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue