Gecko [ www.finalhopeacademy.com ]

Name	Size	Permission
00_Init_Initialization.conf	3.27 KB	-rw-r--r--
01_Init_AppsInitialization.con...	1.84 KB	-rw-r--r--
02_Global_Generic.conf	23.78 KB	-rw-r--r--
03_Global_Agents.conf	5.15 KB	-rw-r--r--
04_Global_Domains.conf	3.3 KB	-rw-r--r--
05_Global_Incoming.conf	1.42 KB	-rw-r--r--
06_Global_Backdoor.conf	2.2 KB	-rw-r--r--
07_XSS_XSS.conf	36.21 KB	-rw-r--r--
08_Global_Other.conf	7.44 KB	-rw-r--r--
09_Bruteforce_Bruteforce.conf	5.98 KB	-rw-r--r--
10_HTTP_HTTP.conf	4.11 KB	-rw-r--r--
11_HTTP_HTTPDoS.conf	3.95 KB	-rw-r--r--
12_HTTP_Protocol.conf	12.1 KB	-rw-r--r--
13_HTTP_Request.conf	2.42 KB	-rw-r--r--
14_Outgoing_FilterGen.conf	5.35 KB	-rw-r--r--
15_Outgoing_FilterASP.conf	1.75 KB	-rw-r--r--
16_Outgoing_FilterPHP.conf	2.54 KB	-rw-r--r--
17_Outgoing_FilterSQL.conf	11.83 KB	-rw-r--r--
18_Outgoing_FilterOther.conf	3.57 KB	-rw-r--r--
19_Outgoing_FilterInFrame.conf	1.86 KB	-rw-r--r--
20_Outgoing_FiltersEnd.conf	2.49 KB	-rw-r--r--
21_PHP_PHPGen.conf	1.59 KB	-rw-r--r--
22_SQL_SQLi.conf	13.72 KB	-rw-r--r--
23_ROR_RORGen.conf	2.97 KB	-rw-r--r--
24_Apps_Joomla.conf	7.85 KB	-rw-r--r--
25_Apps_JComponent.conf	42.66 KB	-rw-r--r--
26_Apps_WordPress.conf	10.96 KB	-rw-r--r--
27_Apps_WPPlugin.conf	414.97 KB	-rw-r--r--
28_Apps_WHMCS.conf	967 B	-rw-r--r--
29_Apps_Drupal.conf	83.09 KB	-rw-r--r--
30_Apps_OtherApps.conf	484.08 KB	-rw-r--r--
LICENSE.txt	11.09 KB	-rw-r--r--
bl_IPs	0 B	-rw-r--r--
bl_URLs	714 B	-rw-r--r--
bl_agents	1.92 KB	-rw-r--r--
bl_domains	134.24 KB	-rw-r--r--
bl_input	3.84 KB	-rw-r--r--
bl_os_files	29.46 KB	-rw-r--r--
bl_output	2.17 KB	-rw-r--r--
bl_output_java	240 B	-rw-r--r--
bl_output_php	8.88 KB	-rw-r--r--
bl_output_sql	1.77 KB	-rw-r--r--
bl_php_functions	589 B	-rw-r--r--
bl_scanners	539 B	-rw-r--r--
bl_scanners_headers	216 B	-rw-r--r--
bl_scanners_urls	418 B	-rw-r--r--
categories.conf	262.29 KB	-rw-r--r--
cwatch_managed_domains	0 B	-rw-r--r--
cwatch_protected_domains	0 B	-rw-r--r--
rules.conf.main	975 B	-rw-r--r--
rules.dat	5 B	-rw-r--r--
userdata_bl_IPs	50 B	-rw-r--r--
userdata_bl_URLs	109 B	-rw-r--r--
userdata_bl_agents	37 B	-rw-r--r--
userdata_bl_cookies	34 B	-rw-r--r--
userdata_bl_domains	34 B	-rw-r--r--
userdata_bl_extensions	375 B	-rw-r--r--
userdata_bl_headers	98 B	-rw-r--r--
userdata_bl_referers	35 B	-rw-r--r--
userdata_login_pages	149 B	-rw-r--r--
userdata_wl_IPs	125 B	-rw-r--r--
userdata_wl_URLs	48 B	-rw-r--r--
userdata_wl_agents	37 B	-rw-r--r--
userdata_wl_content_type	193 B	-rw-r--r--
userdata_wl_domains	34 B	-rw-r--r--
userdata_wl_extensions	54 B	-rw-r--r--
userdata_wl_methods	30 B	-rw-r--r--

Code Editor : 22_SQL_SQLi.conf

# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule &REQUEST_COOKIES:/^WHMCS/|&REQUEST_COOKIES:phpMyAdmin|TX:CWAF_modsec "!@eq 0" \
	"id:211500,msg:'COMODO WAF: Ignore WHMCS, phpMyAdmin and CWAF from base SQLi Attack Detection||%{tx.domain}|%{tx.mode}|2',phase:2,pass,nolog,skipAfter:'IGNORE_CRS_SQLi',rev:2,severity:2,tag:'CWAF',tag:'SQLi'"

SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:customized|!ARGS_NAMES:dynamic_object[object_type]|!ARGS:desc|!ARGS:/description/|!ARGS:/message/|!ARGS_NAMES:object_id|!ARGS_POST:object_id|!ARGS:/password/|!ARGS_NAMES:/password/|!ARGS_NAMES:/product_main_image_data\[\d+]\[object_id]/|!ARGS:Post|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query|!ARGS_NAMES:column_name|!ARGS_NAMES:object_type "(?i:\b(?:t(?:able_name\b|extpos[^a-zA-Z0-9_]{1,}\()|(?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing){0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|object|(?:process|tabl)e)s))|user_(?:group|password|(?:ind_column|tab(?:_column|le)|user|(?:constrain|objec)t)s)|xtype[^a-zA-Z0-9_]{1,}\bchar)\b)|(?:\b(?:(?:instr|locate)[^a-zA-Z0-9_]{1,}\(|(?:attnotnull|c(?:harindex|onstraint_type)|m(?:sys(?:column|object|relationship|(?:ac|queri)e)s|ysql\.(db|user))|s(?:elect\b.{0,40}\b(?:ascii|substring|users{0,1})|ys\.(?:all_tables|tab|user_(?:c(?:atalog|onstraints)|(?:object|t(?:ab(?:_column|le)|rigger)|view)s)))|waitfor\b[^a-zA-Z0-9_]{0,}?\bdelay)\b)|@@spid\b))" \
	"id:211540,chain,msg:'COMODO WAF: Blind SQL Injection Attack||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,t:urlDecodeUni,rev:14,severity:2,tag:'CWAF',tag:'SQLi'"
SecRule REQUEST_URI "!@contains /wp-json/yoast/" \
	"t:none,t:normalizePath"

SecRule REQUEST_URI|ARGS_POST|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|XML:/*|!REQUEST_COOKIES:/__utm/ "@rx \s(sleep|benchmark|if)\s?\(" \
	"id:211630,chain,msg:'COMODO WAF: Detects blind sqli tests using sleep() or benchmark().||%{tx.domain}|%{tx.mode}|2',phase:2,block,logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,rev:5,severity:2,tag:'CWAF',tag:'SQLi'"
SecRule MATCHED_VAR "@rx (?:(?:select|;)?(?:benchmark|if|sleep)\(.)" \
	"setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeComments,t:removeWhitespace,t:lowercase"

SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:emailMsg|!ARGS:/message/|!ARGS:/tx_lang_tools_langlanguage/|!ARGS:Post|!ARGS:desc|!ARGS:nav-menu-data|!ARGS:selectedItemsJson|!ARGS:text|!ARGS:accommodations|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query|!ARGS:/^et_pb_contact_email_fields_/|!ARGS:tm_pb_contact_email_fields_0|!ARGS:search "@pm exec user database schema connection_id select union having iif into" \
	"id:211650,chain,msg:'COMODO WAF: Detects MSSQL code execution and information gathering attempts||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,t:urlDecodeUni,rev:12,severity:2,tag:'CWAF',tag:'SQLi'"
SecRule MATCHED_VAR "@rx (?i:(?:[\x22'`](?:;? ?\b(?:having|select|union)\b ?[^\s]| ?! ?[\x22'`\w])|\b(?:c(?:onnection_id|urrent_user)|database)\b ?\(|\bunion\b[\w(\s]*?select\b|\buser ?\(|\bschema ?\(|\bselect.{0,399}?\w?\buser ?\(|\binto[\s+]+(?:dump|out)file ?[\x22'`]|\bexec(?:ute)?.{0,399}?\Wxp_cmdshell\b|\bfrom\W+information_schema\W|exec(?:ute)? ?master\.|\wiif ?\())" \
	"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeComments,t:removeNulls,t:compressWhitespace"

SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:desc|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query "(?i:(?:^(-0000023456|-2147483648|-2147483649|0000012345|0000023456|1e309|2147483648|2147483647|2.2.90738585072007e-308|4294967295|4294967296)$))" \
	"id:211680,msg:'COMODO WAF: Looking for integer overflow attacks||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,t:urlDecodeUni,rev:2,severity:2,tag:'CWAF',tag:'SQLi'"

SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:commentText|!ARGS:desc|!ARGS:/description/|!ARGS:/input/|!ARGS:/message/|!ARGS:Post|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query|!ARGS:keyword|!ARGS:fiets "@pm case like if" \
	"id:211700,chain,msg:'COMODO WAF: Detects conditional SQL injection attempts||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,t:removeComments,t:removeNulls,rev:10,severity:2,tag:'CWAF',tag:'SQLi'"
SecRule MATCHED_VAR "@rx (?i:[ ()]case ?$|$ ?like ?\(|\bhaving ?[^\s]+ ?[^\w ]|\bif ?\([\d\w] ?[=<>~])" \
	"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeComments,t:removeNulls,t:compressWhitespace"

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pm alter waitfor goto" \
	"id:211710,chain,msg:'COMODO WAF: Detects MySQL charset switch and MSSQL DoS attempts||%{tx.domain}|%{tx.mode}|2',phase:2,block,setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',t:none,rev:6,severity:2,tag:'CWAF',tag:'SQLi'"
SecRule MATCHED_VAR "@rx (?i:(?:[\x22'`](?:;*? ?waitfor (?:delay|time) [\x22'`]|;.{0,399}?: ?goto)|\balter ?\w+.{0,399}?\bcha(?:racte)?r set \w+))" \
	"setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeComments,t:removeNulls,t:compressWhitespace"

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pm merge execute match" \
	"id:211720,chain,msg:'COMODO WAF: Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE injections||%{tx.domain}|%{tx.mode}|2',phase:2,block,logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',t:none,rev:6,severity:2,tag:'CWAF',tag:'SQLi'"
SecRule MATCHED_VAR "@rx (?i:(?:merge.{0,256}?using\s*?\()|(execute\s*?immediate\s*?[\x22'`])|(?:match\s*?[\w(),+-]+\s*?against\s*?\())" \
	"setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',t:none,t:urlDecodeUni"

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@pm select waitfor shutdown" \
	"id:211750,chain,msg:'COMODO WAF: Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts||%{tx.domain}|%{tx.mode}|2',phase:2,block,logdata:'Matched Data: %{MATCHED_VAR} found within %{MATCHED_VAR_NAME}',t:none,rev:4,severity:2,tag:'CWAF',tag:'SQLi'"
SecRule MATCHED_VAR "@rx (?i:(?:select\s*?pg_sleep)|(?:waitfor\s*?delay\s?[\x22'`]+\s?\d)|(?:;\s*?shutdown\s*?(?:;|--|#|\/\*|{)))" \
	"setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+1',t:none,t:urlDecodeUni"

SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:desc|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query "@rx (?i:(?:\[\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and)\]))" \
	"id:211760,msg:'COMODO WAF: Finds basic MongoDB SQL injection attempts||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeComments,t:removeNulls,t:removeWhitespace,rev:4,severity:2,tag:'CWAF',tag:'SQLi'"

SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:desc|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query "@pm procedure function declare open exec" \
	"id:211790,chain,msg:'COMODO WAF: Detects MySQL and PostgreSQL stored procedure/function injections||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,rev:3,severity:2,tag:'CWAF',tag:'SQLi'"
SecRule MATCHED_VAR "@rx (?i:(?:create (?:procedure|function) ?\w+ ?$ ?$ ?-|; ?(?:declare|open) [\w-]+|procedure analyse ?\(|declare[^\w]+[@#] ?\w+|exec ?\( ?\@))" \
	"t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeComments,t:removeNulls,t:compressWhitespace"

SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:commentText|!ARGS:desc|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query "@rx (?i:(?:; ?(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load) ?[\[(]?\b\w{2,}|\bcreate function .+ returns\b))" \
	"id:211820,msg:'COMODO WAF: Detects MySQL UDF injection and other data/structure manipulation attempts||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.sqli_points=+1',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeComments,t:removeNulls,t:compressWhitespace,rev:4,severity:2,tag:'CWAF',tag:'SQLi'"

SecRule REQUEST_URI|ARGS_POST|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:/description/|!ARGS:/fl_builder_data\[node_preview\]\[text\]/|!ARGS:/message/|!ARGS:Post|!ARGS:desc|!ARGS:text|!ARGS:text_message|!ARGS:yoast_wpseo_keywordsynonyms|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query|!ARGS:site_coordenacao|!REQUEST_COOKIES:sbjs_current "@rx [\[\]\x22',()\.]{10}$|\b(?:union\sall\sselect\s(?:(?:null|\d+),?)+|order\sby\s\d{1,4}|(?:and|or)\s\d{4}=\d{4}|waitfor\sdelay\s'\d+:\d+:\d+'|(?:select|and|or)\s(?:(?:pg_)?sleep$\d+$|\d+\s?=\s?(?:dbms_pipe\.receive_message$(?:chr\(\d+$(?:\s?\|\|\s?)?)*,\d+\)|$select\s\d+\sfrom\spg_sleep\(\d+$\))))(?:\s?\b(?:and|or)\s$?(?:(\d{4})=\1|'(\w{4})'='\2|'%'=')|--\s?\w*|#)$|\(select\s?\(case\swhen\s?\(\d+\s?=\s?\d+$\sthen\s\d+\selse\s(?:0x[\0-9a-h]+|\d+)\send\)\)|(?:(?:\b(?:and|or)|&&|\|\|)\W+$?'?(?:\w{1,4}|%)'?$?(?:!?(?:=|<|>))$?'?\w{0,4}'?$?|\border\W+by\s\d+)(?:#|--\s?\w{0,4})?$|(\'\s?(?:or|and)\squarter$null$\s?is\snull;)" \
	"id:218500,msg:'COMODO WAF: SQLmap attack detected||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.sqli_points=+%{tx.points_limit4}',setvar:'tx.points=+%{tx.points_limit4}',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:normalizePath,t:compressWhiteSpace,t:lowercase,rev:18,severity:2,tag:'CWAF',tag:'SQLi'"

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/*|!ARGS:db "(?i:\b(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\.\.sysdatabases|ysql\.db)\b|s(?:ys(?:\.database_name|aux)\b|chema(?:\W*\(|_name\b)|qlite(_temp)?_master\b)|d(?:atabas|b_nam)e\W*\(|information_schema\b|pg_(catalog|toast)\b|northwind\b|tempdb\b))" \
	"id:218530,msg:'COMODO WAF: SQL Injection Attack: Common DB Names Detected||%{tx.domain}|%{tx.mode}|2',phase:2,capture,block,setvar:'tx.points=+%{tx.points_limit4}',setvar:'tx.sqli_points=+1',logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',ctl:auditLogParts=+E,t:none,t:urlDecodeUni,rev:3,severity:2,tag:'CWAF',tag:'SQLi'"

SecMarker IGNORE_CRS_SQLi
SecRule REQUEST_URI|ARGS_POST|ARGS_NAMES|REQUEST_HEADERS:User-Agent|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|XML:/*|!ARGS:/body/|!ARGS:/content/|!ARGS:commentText|!ARGS:desc|!ARGS:/description/|!ARGS:/message/|!ARGS:Post|!ARGS:text|!REQUEST_COOKIES:/__utm/|!REQUEST_COOKIES:/_pk_ref/|!ARGS:sql_query|!ARGS:keyword "@rx '(?:AND|OR)\d+?(?:\*\d+?){0,4}=\d+?(?:AND|OR)(\d+?)=\1" \
	"id:218570,msg:'COMODO WAF: SQLi vulnerability||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:removeWhitespace,rev:3,severity:2,tag:'CWAF',tag:'SQLi'"

${this.title}

Code Editor : 22_SQL_SQLi.conf