⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 sqlinjection.rules

📁 关于网络渗透技术的详细讲解
💻 RULES
字号:
🔍 
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符1 UNION+SELECT";flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%75)|u|U|(\%55))((\%6E)|n|N|(\%4E))((\%69)|i|I|(\%49))((\%6F)|o|O|(\%4F))((\%6E)|n|n|(\%4E)).+((\%73)|s|S|(\%53))((\%65)|e|E|(\%45))((\%6C)|l|L|(\%4C))((\%65)|e|E|(\%45))((\%63)|c|C|(\%43))((\%74)|t|T|(\%54))/ix";nocase;sid:10114;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符2 select+load_file()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%75)|u|U|(\%55))((\%6E)|n|N|(\%4E))((\%69)|i|I|(\%49))((\%6F)|o|O|(\%4F))((\%6E)|n|n|(\%4E)).+((\%6c)|l|L|(\%4c))((\%6F)|o|O|(\%4F))((\%61)|a|A|(\%41))((\%64)|d|D|(\%44))((\%5F)|(_))((\%66)|f|F|(\%46))((\%69)|i|I|(\%49))((\%6c)|l|L|(\%4c))((\%65)|e|E|(\%45))((\%28)|\()/ix";nocase;sid:10115;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符3 min()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%6D)|m|M|(\%4D))((\%69)|i|I|(\%49))((\%6E)|n|N|(\%4E))((\%28)|\()/ix";nocase;sid:10116;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符4 length()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%6C)|l|L|(\%4C))((\%65)|e|E|(\%45))((\%6E)|n|N|(\%4E))((\%67)|g|G|(\%57))((\%74)|t|T|(\%54))((\%68)|h|H|(\%48))((\%28)|\()/ix";nocase;sid:10117;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符5 Char()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%63)|c|C|(\%43))((\%68)|h|H|(\%48))((\%61)|a|A|(\%41))((\%72)|r|R|(\%52))((\%28)|\()/ix";nocase;sid:10119;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符6 str()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%73)|s|S|(\%53))((\%74)|t|T|(\%54))((\%72)|r|R|(\%52))((\%28)|\()/ix";nocase; sid:10120; rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符7 ASCII()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%61)|a|A|(\%41))((\%73)|s|S|(\%53))((\%63)|c|C|(\%43))((\%69)|i|I|(\%49))((\%69)|i|I|(\%49))((\%28)|\()/ix";nocase;sid:10121;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符8 substr()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%73)|s|S|(\%53))((\%75)|u|U|(\%55))((\%62)|b|B|(\%42))((\%73)|s|S|(\%53))((\%74)|t|T|(\%54))((\%72)|r|R|(\%52))((\%28)|\()/ix";nocase;sid:10122;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符9 unicode()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%75)|u|U|(\%55))((\%6E)|n|N|(\%4E))((\%69)|i|I|(\%49))((\%63)|c|C|(\%43))((\%6F)|o|O|(\%4F))((\%64)|d|D|(\%44))((\%65)|e|E|(\%45))((\%28)|\()/ix";nocase;sid:10123;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符10 asc()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%61)|a|A|(\%41))((\%73)|s|S|(\%53))((\%63)|c|C|(\%43))((\%28)|\()/ix";nocase;sid:10124;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符11 chr()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%63)|c|C|(\%43))((\%68)|h|H|(\%48))((\%72)|r|R|(\%52))((\%28)|\()/ix";nocase;sid:10125;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符12 nchar()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%6E)|n|N|(\%4E))((\%63)|c|C|(\%43))((\%68)|h|H|(\%48))((\%61)|a|A|(\%41))((\%72)|r|R|(\%52))((\%28)|\()/ix";nocase;sid:10126;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符13 substring()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%73)|s|S|(\%53))((\%75)|u|U|(\%55))((\%62)|b|B|(\%42))((\%73)|s|S|(\%53))((\%74)|t|T|(\%54))((\%72)|r|R|(\%52))((\%69)|i|I|(\%49))((\%6E)|n|N|(\%4E))((\%67)|g|G|(\%47))((\%28)|\()/ix";nocase;sid:10127;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符14 abc()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%61)|a|A|(\%41))((\%62)|b|B|(\%42))((\%63)|c|C|(\%43))((\%28)|\()/ix";nocase;sid:10128;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符15 abs()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%61)|a|A|(\%41))((\%62)|b|B|(\%42))((\%73)|s|S|(\%53))((\%28)|\()/ix";nocase;sid:10129;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符16 drop table"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%64)|d|D|(\%44))((\%72)|r|R|(\%52))((\%6F)|o|O|(\%4F))((\%70)|p|P|(\%50)).+((\%74)|t|T|(\%54))((\%61)|a|A|(\%61))((\%62)|b|B|(\%42))((\%6C)|l|L|(\%4C))((\%65)|e|E|(\%45))/ix";nocase;sid:10130;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符17 truccate"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%74)|t|T|(\%54))((\%72)|r|R|(\%52))((\%75)|u|U|(\%55))((\%6E)|c|C|(\%4E))((\%63)|c|C|(\%43))((\%61)|a|A|(\%61))((\%74)|t|T|(\%54))((\%66)|e|E|(\%45))/ix";nocase;sid:10131;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符18 between and"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%62)|b|B|(\%42))((\%65)|e|E|(\%45))((\%74)|t|T|(\%54))((\%77)|w|W|(\%57))((\%65)|e|E|(\%65))((\%65)|e|E|(\%65))((\%6E)|n|N|(\%4E)).+((\%61)|a|A|(\%41))((\%6E)|n|N|(\%4E))((\%64)|d|D|(\%44))/ix";nocase;sid:10132;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符19 net use"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%6E)|n|N|(\%6e))((\%65)|e|E|(\%45))((\%74)|t|T|(\%54)).+((\%75)|u|U|(\%55))((\%73)|s|S|(\%53))((\%65)|e|E|(\%45))/ix";nocase;sid:10133;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符20 exec()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%65)|e|E|(\%45))((\%78)|x|X|(\%58))((\%65)|e|E|(\%45))((\%63)|c|C|(\%43))((\%28)|\()/ix";nocase;sid:10134;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符21 user>0|<0|=0"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%75)|u|U|(\%55))((\%73)|s|S|(\%53))((\%65)|e|E|(\%45))((\%72)|r|R|(\%52))((\%3E)|>|<|(\%3C)|=|(\%3D))(0)/ix";nocase;sid:10135;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符22 user_name()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%75)|u|U|(\%55))((\%73)|s|S|(\%53))((\%65)|e|E|(\%45))((\%72)|r|R|(\%52))((\%5F)|(_))((\%6E)|n|N|(\%4E))((\%61)|a|A|(\%41))((\%6D)|m|M|(\%4D))((\%65)|e|E|(\%45))((\%28)|\()/ix";nocase;sid:10136;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符23 db_name()"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%64)|d|D|(\%44))((\%62)|b|B|(\%42))((\%5F)|(_))((\%6E)|n|N|(\%4E))((\%61)|a|A|(\%41))((\%6D)|m|M|(\%4D))((\%65)|e|E|(\%45))((\%28)|\()/ix";nocase;sid:10137;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符24 insert into + <%|<?"; flow:to_server,established;content:"?"; pcre:"/(\%3D|=).+((\%69)|i|I|(\%49))((\%6E)|n|N|(\%4E))((\%73)|s|S|(\%53))((\%65)|e|E|(\%45))((\%72)|r|R|(\%52))((\%74)|t|T|(\%54)).+((\%69)|i|I|(\%49))((\%6E)|n|N|(\%4E))((\%74)|t|T|(\%54))((\%6F)|o|O|(\%4F)).+((\%3c)|<).*((\%25)|(%)|(\?)|(\%3f))/ix";nocase;sid:10138;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符25 ‘ “ # -- ;"; flow:to_server,established;content:"?";content:"=";pcre:"/((\')|(\%27))|((")|(\%22))|((\#)|(\%23))|((--)|(%2d%2d)|((\;)|(\%3B)))/ix";nocase;sid:10139;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符26 1=1 或1’=’1 或 1=2 或 1’=’2 或 1<>1 或 a=a 或 a’=’a 或 a<>a 或 a’<>’a"; flow:to_server,established;content:"?";content:"="; pcre:"/(1=1)|(1'='1)|(1=2)|(1<>1)|(a<>a)|(a=a)|(1'='2)|(1'<>'1)|(a'<>'a)|(a'='a)/ix";nocase;sid:10140;rev:1;)
#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符27 or"; flow:to_server,established;content:"?"; pcre:"/([=]+)\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix";nocase;sid:10141;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符28 EXEC sp|xp"; flow:to_server,established;content:"?"; pcre:"/exec.+(s|x)p\w+/ix";nocase;sid:10142;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符29 跨站脚本攻击css"; flow:to_server,established;content:"?"; pcre:"/((\%3C)|<)((\%2F)|\/)*[a-z0-9\%].+((\%3E)|>)/ix";nocase;sid:10143;rev:1;)
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 8081 (msg:"检测到SQL注入攻击特征字符30 <img src" CSS 攻击"; flow:to_server,established;content:"?"; pcre:"/((\%3C)|<)((\%69)|i|I|(\%49))((\%6D)|m|M|(\%4D))((\%67)|g|G|(\%47))[^\n].+((\%3E)|>)/i";nocase;sid:10144;rev:1;)
#alert tcp any any -> any any (msg:" 攻击1";content:"viewnews";sid:1;)

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -