-
Notifications
You must be signed in to change notification settings - Fork 606
Shall we change rule 1000 regex's ? #337
Comments
If you look here at the types of MySQL exploits found in web apps. Example : (select+1+from+(select+count(*),+concat((select+(select+concat( I think there is allot of variations of methods they can use to try and bypass it spacing between words etc. I also think its a rule that would need testing for the best outcome as a core rule before being changed. As the original rule currently sits it is blocking very well and users can insert this. I am also curious about this rule with libsql enabled.
Its not necessary for those who enable libsql? |
The modified rule |
According to debuggex, the rule shall match, |
Seems like a great improvement, this rule matches a lot of data usually. |
Yes, I'm thinking of at least adding the new rule in 0.56, and we'll see later if we can safely remove the "old" one :) |
|
Good old |
hello,
to limit the amount of false positive on core rule 1000 :
Shall we change the regex to something like :
It will greatly reduce false positives on words such as "selection" etc. but it might be bypass-prone ?
The text was updated successfully, but these errors were encountered: