D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
proc
/
self
/
root
/
opt
/
bitninja-waf
/
etc
/
BitNinja
/
Filename :
410-OTHER-BN.conf
back
Copy
SecRule REQUEST_FILENAME "@pm vendor/htmlawed/htmlawed/htmLawedTest.php" \ "id:410001,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:urlDecodeUni,t:normalizePath,t:lowercase,\ logdata:'htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. (CVE-2022-35914)',\ msg:'htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. (CVE-2022-35914)'" SecRule ARGS_NAMES "^hhook$" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@rx POST" \ "id:410002,\ chain,\ rev:'1',\ severity:critical,\ phase:2,\ t:none,\ logdata:'SQLi to file upload vulnerability in SQL manager for PrestaShop (CVE-2023-39526)',\ msg:'SQLi to file upload vulnerability in SQL manager for PrestaShop (CVE-2023-39526)'" SecRule REQUEST_URI "@rx admin[^\/]+\/index\.php" "chain,t:none,t:normalizePath" SecRule ARGS:controller "@streq AdminRequestSql" "chain,t:none" SecRule ARGS:sql "@pm outfile dumpfile" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@rx ^POST$" \ "id:410003,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'RCE vulnerability in Laravel < 8.4.2 ignition module (CVE-2021-3129)',\ logdata:'RCE vulnerability in Laravel < 8.4.2 ignition module (CVE-2021-3129)'" SecRule REQUEST_URI "@endsWith ignition/execute-solution" "chain,t:none,t:normalizePath" SecRule ARGS:viewFile "!@endsWith .blade.php" "chain,t:none" SecRule ARGS:viewFile "!@rx ^(\/|\.\/)" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410004,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in Solidres 2.5.1 component for Joomla (CVE-2018-5980)',\ logdata:'SQL injection vulnerability in Solidres 2.5.1 component for Joomla (CVE-2018-5980)'" SecRule ARGS:option "@streq com_solidres" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:direction "!@within desc asc" "t:none,t:urlDecodeUni,t:lowercase,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410005,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in Zh YandexMap 6.2.1.0 Zh BaiduMap 3.0.0.1 and Zh GoogleMap 8.4.0.0 for Joomla (CVE-2018-6582 CVE-2018-6604 CVE-2018-6605)',\ logdata:'SQL injection vulnerability in Zh YandexMap 6.2.1.0 Zh BaiduMap 3.0.0.1 and Zh GoogleMap 8.4.0.0 for Joomla (CVE-2018-6582 CVE-2018-6604 CVE-2018-6605)'" SecRule ARGS:option "@rx ^com_zh(?:baidu|yandex|google)map$" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:id "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410006,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in the Gallery WD 1.3.6 component for Joomla! (CVE-2018-5981)',\ logdata:'SQL injection vulnerability in the Gallery WD 1.3.6 component for Joomla! (CVE-2018-5981)'" SecRule ARGS:option "@streq com_gallery_wd" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:tag_id|ARGS:gallery_id "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410007,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in DT Register 3.2.7 component for Joomla (CVE-2018-6584)',\ logdata:'SQL injection vulnerability in DT Register 3.2.7 component for Joomla (CVE-2018-6584)'" SecRule ARGS:option "@streq com_dtregister" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:controller "@streq category" "chain,t:none,t:lowercase" SecRule ARGS:id "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410008,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in JomEstate PRO through 3.7 component for Joomla (CVE-2018-6368)',\ logdata:'SQL injection vulnerability in JomEstate PRO through 3.7 component for Joomla (CVE-2018-6368)'" SecRule ARGS:option "@streq com_jomestate" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:id "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410009,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in Fastball 2.5 component for Joomla (CVE-2018-6373)',\ logdata:'SQL injection vulnerability in Fastball 2.5 component for Joomla (CVE-2018-6373)'" SecRule ARGS:option "@streq com_fastball" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:season "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410010,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in OS Property Real Estate 3.12.7 component for Joomla (CVE-2018-7319)',\ logdata:'SQL injection vulnerability in OS Property Real Estate 3.12.7 component for Joomla (CVE-2018-7319)'" SecRule ARGS:option "@streq com_osproperty" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:cooling_system1|ARGS:heating_system1|ARGS:laundry "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410011,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in Swap Factory 2.2.1 Raffle Factory 3.5.2 Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379 CVE-2018-17378 CVE-2018-17384)',\ logdata:'SQL injection vulnerability in Swap Factory 2.2.1 Raffle Factory 3.5.2 Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379 CVE-2018-17378 CVE-2018-17384)'" SecRule ARGS:option "@within com_rafflefactory com_pennyfactory com_swapfactory" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:filter_order "!@rx ^[\w\-\.]+?$" "t:none,t:urlDecodeUni,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410012,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in Zap Calendar Lite 4.3.4 component for Joomla',\ logdata:'SQL injection vulnerability in Zap Calendar Lite 4.3.4 component for Joomla'" SecRule ARGS:option "@streq com_zcalendar" "chain,t:none,t:urlDecodeUni" SecRule ARGS:eid "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410013,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in Pinterest Clone Social Pinboard 2.0 component for Joomla (CVE-2018-5987)',\ logdata:'SQL injection vulnerability in Pinterest Clone Social Pinboard 2.0 component for Joomla (CVE-2018-5987)'" SecRule ARGS:option "@streq com_socialpinboard" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:pin_id|ARGS:user_id|ARGS:ends|ARGS:uid "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410014,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL Injection vulnerability in ccNewsletter 2.x component for Joomla (CVE-2018-5989)',\ logdata:'SQL Injection vulnerability in ccNewsletter 2.x component for Joomla (CVE-2018-5989)'" SecRule ARGS:option "@streq com_ccnewsletter" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:task "@streq removesubscriber" "chain,t:none,t:lowercase" SecRule ARGS:id "@contains '" "t:none,t:urlDecodeUni,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410015,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL Injection vulnerability in AllVideos Reloaded 1.2.x component for Joomla (CVE-2018-5990)',\ logdata:'SQL Injection vulnerability in AllVideos Reloaded 1.2.x component for Joomla (CVE-2018-5990)'" SecRule ARGS:option "@streq com_avreloaded" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:view "@streq popup" "chain,t:none,t:lowercase" SecRule ARGS:divid "@contains '" "t:none,t:urlDecodeUni,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410016,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'SQL injection vulnerability in the iJoomla com_adagency plugin 6.0.9 for Joomla! (CVE-2018-5696)',\ logdata:'SQL injection vulnerability in the iJoomla com_adagency plugin 6.0.9 for Joomla! (CVE-2018-5696)'" SecRule ARGS:option|ARGS:controller "@pm com_adagency adagencyadvertisers" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:advertiser_status|ARGS:status_select "@contains '" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410017,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'XSS vulnerability in Joomla! before 3.8.12 (CVE-2018-15880)',\ logdata:'XSS vulnerability in Joomla! before 3.8.12 (CVE-2018-15880)'" SecRule ARGS:option "@streq com_users" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:jform[name] "@contains <" "t:none,t:urlDecodeUni,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410018,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'Arbitrary File Download vulnerability in Jtag Members Directory 5.3.7 component for Joomla (CVE-2018-6008)',\ logdata:'Arbitrary File Download vulnerability in Jtag Members Directory 5.3.7 component for Joomla (CVE-2018-6008)'" SecRule ARGS:option "@streq com_jtagmembersdirectory" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:download_file "@contains .." "t:none,t:urlDecodeUni,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410019,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'Directory traversal vulnerability in K2 component 2.8.0 for Joomla (CVE-2018-7482)',\ logdata:'Directory traversal vulnerability in K2 component 2.8.0 for Joomla (CVE-2018-7482)'" SecRule ARGS:option "@streq com_k2" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:target "@rx ^l1_(\w+)={0,2}$" "chain,capture,t:none" SecRule TX:1 "@contains .." "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule ARGS:view "@streq product" \ "id:410020,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:lowercase,\ msg:'SQLi vulnerability in J2Store plugin 3.x before 3.3.7 for Joomla! (CVE-2019-9184)',\ logdata:'SQLi vulnerability in J2Store plugin 3.x before 3.3.7 for Joomla! (CVE-2019-9184)'" SecRule ARGS:option "@streq com_j2store" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:/^product_option\[/ "@rx \D" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@pm GET POST" \ "id:410021,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'Directory Traversal vulnerability in Joomla before 3.9.5 (CVE-2019-10945)',\ logdata:'Directory Traversal vulnerability in Joomla before 3.9.5 (CVE-2019-10945)'" SecRule ARGS:option "@streq com_media" "chain,t:none,t:urlDecodeUni,t:lowercase" SecRule ARGS:folder "@contains .." "t:none,t:urlDecodeUni,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_FILENAME "@endsWith /administrator/index.php" \ "id:410022,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:normalizePath,\ msg:'Missing input validation within the template manager in Joomla! v3.2.0-v3.9.24 (CVE-2021-23131)',\ logdata:'Missing input validation within the template manager in Joomla! v3.2.0-v3.9.24 (CVE-2021-23131)'" SecRule ARGS:option "@streq com_templates" "chain,t:none" SecRule ARGS:task "@streq template.overrides" "chain,t:none" SecRule ARGS:folder "@pm ( <" "t:none,t:htmlEntityDecode,multiMatch,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_URI "@rx \/api\/index.php\/v1\/(?:config\/application|users)" \ "id:410023,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:normalizePath,\ msg:'Improper access check in webservice endpoints in Joomla! (CVE-2023-23752)',\ logdata:'Improper access check in webservice endpoints in Joomla! (CVE-2023-23752)'" SecRule ARGS:public "!@rx ^$" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule ARGS:action "@streq updateProductQuantity" \ "id:410024,\ chain,\ phase:2,\ rev:'1',\ log,\ auditlog,\ t:none,t:urlDecodeUni,\ severity:critical,\ logdata:'SQL injection vulnerability in Webkul Bundle Product 6.0.1 (CVE-2023-51210)',\ msg:'SQL injection vulnerability in Webkul Bundle Product 6.0.1 (CVE-2023-51210)'" SecRule ARGS:id_product "[^0-9]" "t:none,setvar:'tx.bn_inbound_found=+1'"