[ { "enabled":1, "version_min":300000, "resource":"libxml2", "title":"Testing SecXMLExternalEntity/XXE 1", "expected":{ "debug_log": "Target value: \" jo smith\"" }, "client":{ "ip":"200.249.12.31", "port":123 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", "Content-Type": "text/xml" }, "uri":"/?key=value&key=other_value", "method":"POST", "body": [ "", "", "", "]>", "", " &js;", "" ] }, "server":{ "ip":"200.249.12.31", "port":80 }, "rules":[ "SecRuleEngine On", "SecRequestBodyAccess On", "SecXMLExternalEntity Off", "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", "SecRule XML:/bookstore/book[text()] \".*\" \"id:500006,phase:3,t:none,t:lowercase,nolog,pass\"" ] }, { "enabled":1, "version_min":300000, "resource":"libxml2", "title":"Testing SecXMLExternalEntity/XXE 2", "expected":{ "debug_log": "XML: Failed to load DTD: test-cases/data/SoapEnvelope.dtd", "http_code": 403 }, "client":{ "ip":"200.249.12.31", "port":123 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", "Content-Type": "text/xml" }, "uri":"/?key=value&key=other_value", "method":"POST", "body": [ "", "", "", "]>", "", " &js;", "" ] }, "server":{ "ip":"200.249.12.31", "port":80 }, "rules":[ "SecRuleEngine On", "SecRequestBodyAccess On", "SecXMLExternalEntity Off", "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", "SecRule XML:/bookstore/book \".*\" \"id:500006,phase:3,t:none,t:lowercase,nolog,pass,xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'\"", "SecRule XML \"@validateDTD test-cases/data/SoapEnvelope.dtd\" \"id:500007,phase:3,deny\"" ] }, { "enabled":1, "version_min":300000, "resource":"libxml2", "title":"Testing SecXMLExternalEntity/XXE 3", "expected":{ "debug_log": "XML Error: No declaration for element bookstore", "http_code": 403 }, "client":{ "ip":"200.249.12.31", "port":123 }, "request":{ "headers":{ "Host":"localhost", "User-Agent":"curl/7.38.0", "Accept":"*/*", "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120", "Content-Type": "text/xml" }, "uri":"/?key=value&key=other_value", "method":"POST", "body": [ "", "", "", "]>", "", " &js;", "" ] }, "server":{ "ip":"200.249.12.31", "port":80 }, "rules":[ "SecRuleEngine On", "SecRequestBodyAccess On", "SecXMLExternalEntity On", "SecRule REQUEST_HEADERS:Content-Type \"^text/xml$\" \"id:500005,phase:1,t:none,t:lowercase,nolog,pass,ctl:requestBodyProcessor=XML\"", "SecRule XML:/bookstore/book \".*\" \"id:500006,phase:3,t:none,t:lowercase,nolog,pass,xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'\"", "SecRule XML \"@validateDTD test-cases/data/SoapEnvelope.dtd\" \"id:500007,phase:3,deny\"" ] } ]