Skip to content
This repository has been archived by the owner on May 14, 2020. It is now read-only.

V3.0.0 dev add allowed file types var #212

Closed
wants to merge 59 commits into from
Closed

V3.0.0 dev add allowed file types var #212

wants to merge 59 commits into from

Conversation

csanders-git
Copy link
Contributor

No description provided.

rcbarnett and others added 30 commits June 5, 2013 05:22
@rcbarnett
Merge pull request #41 from SpiderLabs/master
75dbef2 
Moving v3.0.0 updates to TRUNK branch
@rcbarnett
Merge pull request #42 from SpiderLabs/master
a0fe314 
Send 3.0.0 Updates to Trunk
Fixed brute force URL @Within errors
4702bf6
Updates for v3.0.0
0984b41
Added new attack files
581ebe1
Updated the XSS filters
406cc76
Fixed a typo in the XSS msg
d1b206f
Added NoScript XSS Fitlers
070cdc9
Updates for v3.0.0
19dc085
Added new Exception files
886ca8d
Updated LFI rules.
13f4b50
Added new file names
56d3f0c
Removed old files
058c42c
Updated files.
065084f
Adding new regression testing scripts
1dc282a
Added more "Risk Groups" for anomaly scoring
8633c0b
Removed old Snort sigs
d743fd2
Updating Risk Groups, LFI/SQLi Rules and Anomaly Scoring
85d96d1
Added more RCE and PHP rules
e4f5168
Added PHP Error Leakage Updates
46075e7
Added HTTP Request Smuggling and Response Splitting rules
bcff5a6
Added Session Fixation Rules
dd162e8
@jamuse
Update scanners-user-agents.txt
3a24683 
shorted zmeu UA string to match all varients of this scanner
Added SQL Leakage Updates
5aa3964
Modified SQLi Leakage Regex for Greediness
a609ddc
Removed empty line in sql-errors.txt
c1c2ec6
Added @detectXSS rule from libinjection
592dfa1
Updates to XSS rules
9ed549a
Updates to error leakage rules
d07e1a9
@rcbarnett
Merge pull request #169 from jamuse/v3.0.0-dev
b9c6de6 
Update scanners-user-agents.txt
Ryan Barnett and others added 28 commits March 6, 2014 17:13
Merge branch 'v3.0.0-dev' of https://github.com/SpiderLabs/owasp-mods…
d09f97c 
…ecurity-crs into v3.0.0-dev

Conflicts:
	base_rules/scanners-user-agents.txt
Added "allow_html" check to XSS rule
4fd5b07
Updated SQLi rules
f2212a9
Added Qualys WAS scanner UA
deedc78
Updated SQLI filter
aba6437
Fixed missing \
79c55c2 
Fixed threshold macro expansion
Updates to SQLi rules
a57839f
Severity and Phase updates
2c1837d
Fixed outbound threshold variable macro expansion
e423b0e
* Added new XSS whitelisting feature to allow certain URLs that conta…
d7e7b67 
…in HTML

  #184

Bug Fixes:
* Fixed false positive on "style" XSS rule by adding word boundary checks
  #186
* Fixed false positive on "xor" SQLi rule by adding word boundary checks
  #185
Fixed setvar tx rule.id bug
ce92640
Added Accept headers to regression testing scripts
653f2e6
Updates to RCE rules
f45f7cc
Added WinHttp.WinHttpRequest.5 Scraper User-Agent string to the black…
c9af3a7 
…list
Fixed missing backslash in 50 PHP rule.
5af757b
Fixed missing backslash in 80 Correlation file.
45918e1
Added RCE threshold score.
3431064
Added session fixation threshold
5d6d3e0
Modified rules
afa917b
- Added DOS ruleset
c058d53 
- Fixed TX:REAL_IP
- Fixed SQLI Rules
- Fixed Outbound Threshold Check
- Updated XSS Regex for style/src attributes
1359c6e
- Fixed Issue 202
302c394 
  #202
fixed duplicates in data files as reported by @emphazer
b6c862e
Merge pull request #207 from csanders-git/v3.0.0-dev
bdaf4fa 
fixed duplicates in data files as reported by @emphazer
@frozenSolid
Update scanners-headers.txt
c5c2dd6 
Scans in the wild containing: 
X-Scanner: Netsparker 
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 Netsparker

https://www.netsparker.com/web-vulnerability-scanner/
@frozenSolid
Update scanners-user-agents.txt
04e860b 
Using results from my webapp honey pot, these were user-agent strings that conducted scans or exploit attempts over the last year. 

masscan/1.0 (https://github.com/robertdavidgraham/masscan)
https://github.com/robertdavidgraham/masscan/search?utf8=%E2%9C%93&q=user-agent

LWP::Simple/6.00 libwww-perl/6.07 - with Shellshock exploit attempts
Python-urllib - with Shellshock exploit attempts
python-requests - with Shellshock exploit attempts
libwww-perl - with Shellshock exploit attempts
Merge pull request #210 from frozenSolid/patch-2
cee7b18 
Update scanners-user-agents.txt
Merge pull request #209 from frozenSolid/patch-1
3a18c0a 
Update scanners-headers.txt
@CRS-migration-bot CRS-migration-bot mentioned this pull request May 13, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@csanders-git @rcbarnett @jamuse @frozenSolid