Hi folks, I just joined the lists one day ago. And would like to seek the opinions of dealing with a SQLI pattern verdict-ed differently between regex rules and libinjection. http://test.com?id=select a from table b. I did not make SQLI "select a from table b" as URL encoded for easier discussion here. Basically, libinjection does not consider this string as SQLI although its SQLI pattern is so obvious. Libinjection considers the SQL injections are typically in the context of select * from table where id =%input with or without injection%
>From libinjection point of view, the input of "select a from table b" is >unable to join the above statement with correct SQL syntax. But if we just use >regex rules, this input is so easy to marked as SQLI. I would like to seek the >opinion in this group. Do you think the request as "http://test.com?id=select >a from table b." would cause really SQL injection successful in SQL syntax in >any site? ThanksRichard
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
