spip-contrib-extensions/waf | 2 commits
Par Urs Riggenbach, le 7 mai 2026 à 11h38min :
Merge branch ‹ feat/sql-injection-patterns › into ‹ main ›
feat: add SQL injection detection patterns
See merge request spip-contrib-extensions/waf!29
Modifié
waf_fonctions.php
==============================
Par pierretux, le 6 mai 2026 à 14h28min :
feat: add SQL injection detection patterns
Extend waf_malicious_payload_patterns() with UNION SELECT, OR/AND
injection, stacked queries (DROP/ALTER/…), information_schema
enumeration, time-based blind (SLEEP/BENCHMARK), and MySQL file
exfiltration (LOAD_FILE / INTO OUTFILE). Word-boundary anchors and
structural requirements keep false-positive risk low.
Modifié
waf_fonctions.php