Add initial CRS v2.0, reorganizing the rules a bit (MODSEC-79).

rules/base_rules/modsecurity_40_generic_attacks.data

@@ -0,0 +1,277 @@
+set-cookie
+.cookie
+expiressys.user_objects
+sys.user_triggers
+@@spid
+msysaces
+instr
+sys.user_views
+sys.tab
+charindex
+locate
+sys.user_catalog
+constraint_type
+msysobjects
+attnotnull
+select
+sys.user_tables
+sys.user_constraints
+sys.user_tab_columns
+waitfor
+mysql.user
+sys.all_tables
+msysrelationships
+msyscolumns
+msysqueriessubstr
+xtype
+textpos
+all_objects
+rownum
+sysfilegroups
+sysprocesses
+user_group
+sysobjects
+systables
+user_tables
+pg_attribute
+column_id
+user_password
+user_users
+attrelid
+user_tab_columns
+table_name
+pg_class
+user_constraints
+user_objects
+object_type
+sysconstraints
+mb_users
+column_name
+atttypid
+substring
+object_id
+syscat
+sysibm
+user_ind_columns
+syscolumns
+sysdba
+object_namexp_enumdsn
+insert
+infile
+autonomous_transaction
+nvarchar
+openrowset
+print
+data_type
+outfile
+castb
+shutdown
+inner
+tbcreator
+xp_filelist
+@@version
+sql_longvarchar
+sp_prepare
+xp_regenumkeys
+xp_dirtree
+xp_loginconfig
+ifnull
+sp_addextendedproc
+xp_regaddmultistring
+delete
+sp_sqlexec
+sp_oacreate
+sp_execute
+xp_ntsec
+xp_regdeletekey
+drop
+xp_execresultset
+varchar
+to_number
+dba_users
+having
+xp_regenumvalues
+utl_file
+xp_terminate
+xp_availablemedia
+xp_regdeletevalue
+sql_variant
+dumpfile
+isnull
+'sa'
+select
+xp_regremovemultistring
+xp_makecab
+xp_cmdshell
+'msdasql'
+sp_executesql
+openquery
+'sqloledb'
+'dbo'
+sp_makewebtask
+utl_http
+dbms_java
+benchmark
+xp_regread
+xp_regwritejscript
+onsubmit
+copyparentfolder
+javascript
+meta
+onchange
+onmove
+onkeydown
+onkeyup
+activexobject
+onerror
+onmouseup
+ecmascript
+bexpression
+onmouseover
+vbscript:
+<![cdata[
+http:
+.innerhtml
+settimeout
+shell:
+onabort
+asfunction:
+onkeypress
+onmousedown
+onclick
+.fromcharcode
+background-image:
+.cookie
+x-javascript
+ondragdrop
+onblur
+mocha:
+javascript:
+onfocus
+lowsrc
+getparentfolder
+onresize
+@import
+alert
+script
+onselect
+onmouseout
+application
+onmousemove
+background
+.execscript
+livescript:
+vbscript
+getspecialfolder
+.addimport
+iframe
+onunload
+createtextrange
+<input
+onload.www_acl
+.htpasswd
+.htaccess
+httpd.conf
+boot.ini
+/etc/
+.htgroup
+global.asa
+.wwwaclnet.exe
+cmd.exe
+cmd
+telnet.exe
+wguest.exe
+ftp.exe
+nmap.exe
+wsh.exe
+rcmd.exe
+nc.exe
+cmd32.exechgrp
+cmd32
+uname
+kill
+localgroup
+wguest.exe
+nasm
+rcmd.exe
+nc.exe
+id
+nc
+tclsh
+finger
+tftp
+cmd
+chown
+chsh
+ping
+nmap.exe
+ps
+net.exe
+telnet.exe
+ls
+tclsh8
+ftp.exe
+ftp
+lsof
+xterm
+mail
+echo
+tracert
+nmap
+cmd.exe
+rm
+python
+cd
+traceroute
+chmod
+perl
+passwd
+wsh.exe
+cpp
+telnet
+gcc
+g++chgrp
+cmd32
+uname
+kill
+localgroup
+wguest.exe
+nasm
+rcmd.exe
+nc.exe
+id
+nc
+tclsh
+finger
+tftp
+cmd
+chown
+chsh
+ping
+nmap.exe
+ps
+net.exe
+telnet.exe
+ls
+tclsh8
+ftp.exe
+ftp
+lsof
+xterm
+mail
+echo
+tracert
+nmap
+cmd.exe
+rm
+python
+cd
+traceroute
+chmod
+perl
+passwd
+wsh.exe
+cpp
+telnet
+gcc
+g++<?