From 0dc3adbaa4be371b6d81e1dd847b54a9748603ec Mon Sep 17 00:00:00 2001 From: tkb-github <130416721+tkb-github@users.noreply.github.com> Date: Thu, 26 Sep 2024 11:44:35 +0800 Subject: [PATCH] Update staging --- staging | 44 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/staging b/staging index b57c0a0..3c3b287 100644 --- a/staging +++ b/staging @@ -1,3 +1,41 @@ -eval.*(?:\(|%28) -(?:<|%3c).*embed -union.*select +^(?:%2d|-)[^=]+$ +(?:/|%2f)(?::|%3a)(?:/|%2f) +etc/(?:hosts|motd|shadow) +order(?:\s|%20)by(?:\s|%20)1-- +(?:/|%2f)(?:\*|%2a)(?:\*|%2a)(?:/|%2f) +`|<|>|\^|\|\\\\|0x00|%00|%0d%0a +f?ckfinder|f?ckeditor|fullclick +header:|set-cookie:.*= +localhost|127(?:\.|%2e)0(?:\.|%2e)0(?:\.|%2e)1 +(?:cmd|command)(?:=|%3d)(?:chdir|mkdir).*x20 +(?:globals|mosconfig[a-z_]{1,22}|request)(?:=|\[) +(?:/|%2f)(?:wp-)?config(?:(?:\.|%2e)inc)?(?:\.|%2e)php +(?:thumbs?(?:_editor|open)?|tim(?:thumbs?)?)(?:\.|%2e)php +(?:absolute_|base|root_)(?:dir|path)(?:=|%3d)(?:ftp|https?) +(?:s)?(?:ftp|inurl|php)(?:s)?:(?:/|%2f|%u2215)(?:/|%2f|%u2215) +(?:\.|20)(?:get|the)(?:_|%5f)(?:permalink|posts_page_url)(?:\(|%28) +(?:boot|win)(?:\.|%2e)ini|etc(?:/|%2f)passwd|self(?:/|%2f)environ +(?:/|%2f){3,3}|(?:\.|%2e){3,3}|(?:\.|%2e){2,2}(?:/|%2f|%u2215) +(?:benchmark|char|exec|fopen|function|html).*(?:\(|%28) +php[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} +eval.*(?:\(|%28) +(?:/|%2f)(?:=|%3d|$&|_mm|cgi(?:\.|-)|inurl(?::|%3a)(?:/|%2f)|(?:mod|path)(?:=|%3d)(?:\.|%2e)) +(?:<|%3c).*embed +(?:<|%3c).*iframe +(?:<|%3c).*object +(?:<|%3c).*script +(?:\+|%2b|%20)delete(?:\+|%2b|%20) +(?:\+|%2b|%20)insert(?:\+|%2b|%20) +(?:\+|%2b|%20)select(?:\+|%2b|%20) +(?:\+|%2b|%20)update(?:\+|%2b|%20) +\\\\x00|(?:\"|%22|\'|%27)?0(?:\"|%22|\'|%27)?(?:=|%3d)(?:\"|%22|\'|%27)?0|cast(?:\(|%28)0x|or%201(?:=|%3d)1 +globals(?:=|\[|%[0-9A-Z]{0,2}) +_request(?:=|\[|%[0-9A-Z]{2,}) +javascript(?::|%3a).*(?:;|%3b|\)|%29) +base64_(?:en|de)code.*\) +@copy|\$_(?:files|get|post)|allow_url_(?:fopen|include)|auto_prepend_file|blexbot|browsersploit|call_user_func_array|(?:php|web)shell|curl(?:_exec|test)|disable_functions?|document_root +elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|ghost|grablogin|hmei7|hubs_post-cta|input_file|invokefunction|\bload_file|open_basedir|outfile|p3dlite +pass(?:=|%3d)shell|passthru|phpshells|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site.{0,2}copier|sp_executesql|sux0r|trojan|udtudt|user_func_array|wget|wp_insert_user|xertive +(?:\+|%2b)(?:concat|delete|get|select|union)(?:\+|%2b) +union.*select +(?:concat|eval).*(?:\(|%28)