Jump to content
  • 0

Appfirewall XML SQL INJECTION rules


Namitha

Question

3 answers to this question

Recommended Posts

we can't enable learn feature for XML SQL INJECTION. This option is disabled. Hence the query.

We alreday have  following relaxation rules but none of them worked.

bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection and -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "and Joint Clinic [WDFAG7ZJ];2~|Cross Cancer Institute [WDF(;)" -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "and.*" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "and Joint.*" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "And.*" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection ".*and Joint.*" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection ".*(and|And|AND|join|Join|JOIN).*" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection ".*join.*" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection ".*Join.*" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection ".*Joint.*?;" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "Joint.*?;" -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "and Joint Centre \\[WDFAGBOY\\]\\(\\;\\)" -isRegex REGEX -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "..and Joint Clinic [WDFAG7ZJ];2~|Cross Cancer Institute [WDF(;)" -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "..and Joint Centre [WDFAGBOY](;)" -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection "and Joint Centre [WDFAGBOY](;)" -location ATTRIBUTE
bind appfw profile appfw_basic_webtestuatprofile -XMLSQLInjection ".*and.*" -location ATTRIBUTE

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...