Public Pastes
Guest

Urlscan SQL Inject rules

By: a guest on Mar 31st, 2011  |  syntax: VisualBasic  |  size: 0.80 KB  |  hits: 339  |  expires: Never
download  |  raw  |  embed  |  report abuse
Copied
  1. RuleList=SQL Injection
  2.  
  3. [SQL Injection]
  4. AppliesTo=.asp,.aspx
  5. DenyDataSection=SQL Injection Strings
  6. ScanUrl=0
  7. ScanAllRaw=0
  8. ScanQueryString=1
  9. ScanHeaders=SQL Injection Headers
  10.  
  11.  
  12.  
  13. [SQL Injection Strings]
  14. --
  15. %3b ; a semicolon
  16. /*
  17. @ ; also catches @@
  18. char ; also catches nchar and varchar
  19. alter
  20. begin
  21. cast
  22. convert
  23. cursor
  24. declare
  25. delete
  26. drop
  27. end
  28. exec ; also catches execute
  29. fetch
  30. kill
  31. open
  32. select
  33. sys ; also catches sysobjects and syscolumns
  34. table
  35.  
  36.  
  37.  
  38. [SQL Injection Headers]
  39.  
  40. AppliesTo=.asp,.aspx
  41. DenyDataSection=SQL Injection Headers Strings
  42. ScanUrl=0
  43. ScanAllRaw=0
  44. ScanQueryString=0
  45. ScanHeaders=Cookie:
  46.  
  47.  
  48.  
  49. [SQL Injection Headers Strings]
  50. --
  51. @ ; also catches @@
  52. alter
  53. cast
  54. convert
  55. declare
  56. delete
  57. drop
  58. exec ; also catches execute
  59. fetch
  60. insert
  61. kill
  62. select
create a new version of this paste RAW Paste Data