Felipe Zipitría

@fionera Shall we merge, or do you want to check anything more?

Just so we leave it somewhere, ModSecurity has moved to a new stewardship below OWASP. See https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trustwave-transfers-modsecurity-custodianship-to-the-open-worldwide-application-security-project/

> TL; DR: I think this is not going to work. Initially, my thoughts are: what are we testing here? If we are trying to test the _support_ for different...

Yeah, I wanted some time ago to use the same concept as nuclei-templates, with golang templating. So adding a templated test, with `data: {{ payload }}` and a way to...

It is just to prevent ReDOS for engines by adding just a `+`. The values are just an heuristic, and as you said, sometimes they are not documented. I remember...

I'm taking a look at 942390 specifically.

Ok, so that rule comes mostly unchanges since v2.2.9 😱 See: https://github.com/coreruleset/coreruleset/blob/0475e9270b513c2e2db9f04b2099724c070c18e6/base_rules/modsecurity_crs_41_sql_injection_attacks.conf#L132 Then @franbuehler did decompile that regexp and with some extra tweaks we have the .ra now. Will do...

References in the original file: ``` # References: # # SQL Injection Pocket Reference (via @LightOS) - # https://docs.google.com/Doc?docid=0AZNlBave77hiZGNjanptbV84Z25yaHJmMjk # # SQLi Filter Evasion Cheat Sheet - # http://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/ #...

Most of the links above are long gone. I'm trying to make sense of the `{1,10}`. It doesn't. Easy to bypass. Useless, honestly.

Well... `%0a` is a linefeed. You probably don't want to accept that.