Rule ID
|
Type
|
Signature
|
Tag
|
Score
|
Match zone
|
32 | 1 | RL | nwaftest | Other | 12 | BODY|URL|ARGS|HEADERS |
181 | 30 | RL | {{ | Injection | 2 | BODY |
138 | 31 | RLx | (\d+\s*,\s*){4,} | SQLi | 4 | BODY|URL|ARGS|HEADERS |
19 | 32 | RLx | \W&&\W | SQLi | 2 | BODY|URL|ARGS|HEADERS |
138 | 33 | RLx | \W@@\w | SQLi | 2 | BODY|URL|ARGS|HEADERS |
150 | 34 | RLx | \W\|\|\W | SQLi | 2 | BODY|URL|ARGS |
207 | 35 | RLx | \{\{.+\}\} | Injection | 8 | ARGS |
23 | 36 | RL | $( | Injection | 2 | BODY|URL|ARGS|HEADERS |
174 | 37 | RL | ${ | Injection | 2 | BODY|URL|ARGS|HEADERS |
43 | 39 | RL | /* | SQLi | 1 | BODY|URL|ARGS|Cookie|User-agent |
146 | 40 | RL | */ | SQLi | 1 | BODY|URL|ARGS|Cookie|User-agent |
55 | 51 | RL | ; | SQLi | 2 | URL|ARGS |
23 | 52 | RL | ' | SQLi | 2 | URL|ARGS|User-Agent |
142 | 53 | RL | ? | Evasion | 2 | URL|ARGS|User-agent |
212 | 54 | RL | ['# | RCE | 8 | URL |
59 | 55 | RL | \'% | SQLi | 2 | BODY|URL|ARGS |
234 | 56 | RL | %\' | SQLi | 2 | BODY|URL|ARGS |
88 | 57 | RLx | (\.)+(\\|\/)+(\.)+(\\|\/)+ | LFI | 8 | BODY|URL|ARGS|HEADERS |
68 | 58 | RL | =\" | SQLi | 2 | BODY|URL|ARGS |
141 | 59 | RL | =\' | SQLi | 2 | BODY|URL|ARGS |
112 | 60 | RL | *\' | SQLi | 4 | BODY|URL|ARGS |
130 | 61 | RL | != | SQLi | 6 | URL|ARGS |
50 | 66 | RL | \\ | Evasion | 2 | BODY|URL|ARGS |
149 | 67 | RL | ../ | Injection | 8 | BODY|URL|ARGS|HEADERS |
76 | 68 | RL | -- | SQLi | 2 | BODY|URL|ARGS|User-agent |
253 | 69 | RL | # | SQLi | 1 | BODY|URL|ARGS|Cookie|User-agent |
4 | 71 | RL | ..\..\ | LFI | 8 | BODY|URL|ARGS|HEADERS |
79 | 74 | RLx | \\x[0-9a-z]{2,2} | Evasion | 0 | BODY|URL|ARGS|HEADERS|MLA |
242 | 76 | RLx | (\\|%)u[0-9a-f]{4,4} | Evasion | 0 | BODY|URL|ARGS|HEADERS|MLA |
161 | 77 | RL | ././ | LFI | 8 | BODY|URL|ARGS|HEADERS |
231 | 98 | RLx | [&=<]\.0 | XSS | 6 | BODY|URL|ARGS |
235 | 99 | RLx | [\^<>]0\. | XSS | 6 | BODY|URL|ARGS |
189 | 100 | WLx | sitemap[\w\-\.]+\.gz$ | WL | 0 | URL |
12 | 101 | WLx | (\d+\s*,\s*){4,} | WL | 0 | Cookie|Referer |
216 | 104 | WLx | utm_referrer=https?://\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} | WL | 0 | ARGS |
51 | 105 | WLx | \-+\w | WL | 0 | Content-Type |
66 | 106 | WL | xn--p1ai | WL | 0 | BODY|URL|ARGS|HEADERS |
136 | 109 | WL | ?from= | WL | 0 | ARGS |
120 | 110 | WL | <?xml | WL | 0 | BODY |
253 | 111 | WLx | \{\{[a-z0-9.]+\}\} | WL | 0 | ARGS |
231 | 500 | RL | /.source | XSS | 12 | BODY|URL|ARGS|HEADERS |
107 | 502 | RLx | (\s|\.)src(\s|\+)*= | XSS | 2 | BODY|URL|ARGS|HEADERS |
121 | 504 | RLx | (^|\W)eval\(|@eval\W | XSS | 12 | BODY|URL|ARGS|HEADERS |
142 | 505 | RLx | <svg(\s|\+) | XSS | 4 | BODY|URL|ARGS|HEADERS |
230 | 508 | RLx | (^|\W)alert\/?(\.(source|call|apply|bind|valueof))?[\(\`\&\]] | XSS | 8 | BODY|URL|ARGS|HEADERS |
71 | 509 | RL | symbol.replace | XSS | 8 | BODY|URL|ARGS|HEADERS |
16 | 510 | RLx | array\.(map|from|prototype) | XSS | 8 | BODY|URL|ARGS|HEADERS |
227 | 511 | RLx | (^|\W)document(\.[a-z]+)+\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
161 | 512 | RL | </noscript | XSS | 4 | BODY|URL|ARGS|HEADERS |
117 | 513 | RL | </xmp | XSS | 4 | BODY|URL|ARGS|HEADERS |
241 | 514 | RL | </style | XSS | 4 | BODY|URL|ARGS|HEADERS |
24 | 515 | RL | </script | XSS | 12 | BODY|URL|ARGS|HEADERS |
59 | 516 | RLx | <img(\s|\+) | XSS | 2 | BODY|URL|ARGS|HEADERS |
178 | 517 | RLx | <base(\s|\+) | XSS | 4 | BODY|URL|ARGS|HEADERS |
91 | 518 | RLx | <i?frame\W | XSS | 6 | BODY|URL|ARGS|HEADERS |
223 | 528 | RLx | on(error|cut|begin|wheel|blur|change|input|reset|select|down|keypress|keyup|paste|copy|toggle)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
5 | 532 | RLx | onmouse(down|enter|leave|move|out|over|up|wheel)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
211 | 534 | RL | </title | XSS | 2 | BODY|URL|ARGS|HEADERS |
163 | 535 | RL | svg> | XSS | 4 | BODY|URL|ARGS|HEADERS |
79 | 536 | RL | << | XSS | 4 | URL|ARGS |
53 | 537 | RLx | <script(\s|\+|\/|\>) | XSS | 12 | BODY|URL|ARGS|HEADERS |
131 | 538 | RL | >> | XSS | 4 | URL|ARGS |
206 | 540 | RLx | on(aux|dbl)?click(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
16 | 542 | RLx | ontouchcancel(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
248 | 543 | RLx | (^|\W)set(Timeout|Interval|Immediate)\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
70 | 544 | RLx | (^|\W)execscript\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
146 | 545 | RL | crypto.generateCRMFRequest | XSS | 12 | BODY|URL|ARGS|HEADERS |
86 | 548 | RL | Range.createContextualFragment | XSS | 12 | BODY|URL|ARGS|HEADERS |
42 | 549 | RLx | window[?]?\.(location|alert|name) | XSS | 12 | BODY|URL|ARGS|HEADERS |
180 | 550 | RLx | document[.;](location|domain|cookie) | XSS | 8 | BODY|URL|ARGS|HEADERS |
193 | 551 | RLx | (^|\W)location\.(assign|reload|replace|tostring)\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
54 | 552 | RLx | (^|\W)history(\.[a-z]+)+\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
19 | 553 | RLx | (^|\W)(local|session)Storage\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
114 | 554 | RL | <svg/on | XSS | 12 | BODY|URL|ARGS|HEADERS |
13 | 555 | RLx | (^|\W)createElement\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
161 | 1000 | RLx | [^-:=\.\w\|]where[^-:=\.\w\|] | SQLi | 3 | BODY|URL|ARGS|HEADERS |
206 | 1001 | RLx | [^-:=\.\w\|]update[^-:=\.\w\|] | SQLi | 3 | BODY|URL|ARGS|HEADERS |
86 | 1002 | RLx | [^-:=\.\w\|]table[^-:=\.\w\|] | SQLi | 3 | BODY|URL|ARGS|HEADERS |
233 | 1003 | RLx | group[^-:=\.\w\|/]+by | SQLi | 2 | BODY|URL|ARGS|HEADERS |
160 | 1005 | RLx | order[^-:=\.\w\|]+by | SQLi | 3 | BODY|URL|ARGS|HEADERS |
246 | 1006 | RLx | [^-:=\.\w\|]limit[^-:=\.\w\|] | SQLi | 3 | BODY|URL|ARGS|HEADERS |
251 | 1007 | RLx | [^-:=\.\w\|]select[^-:=\.\w\|] | SQLi | 4 | BODY|URL|ARGS|HEADERS |
75 | 1008 | RLx | [^-:=\.\w\|]insert[^-:=\.\w\|] | SQLi | 3 | BODY|URL|ARGS|HEADERS |
197 | 1010 | RLx | [^-:=\.\w\|]truncate[^-:=\.\w\|] | SQLi | 3 | BODY|URL|ARGS|HEADERS |
175 | 1011 | RLx | (^|\W)benchmark\( | SQLi | 4 | BODY|URL|ARGS|HEADERS |
206 | 1012 | RLx | (^|\W)((var)?char|chr)\W*[(@]+[\d\s] | SQLi | 12 | BODY|URL|ARGS|HEADERS |
137 | 1016 | RLx | [^-:=\.\w\|]if[^-:=\.\w\|] | SQLi | 2 | BODY|URL|ARGS|HEADERS |
127 | 1021 | RLx | select[^-:=\.\w\|]{1,50}(.|\s){0,50}from | SQLi | 8 | BODY|URL|ARGS|HEADERS |
244 | 1023 | RL | extractvalue | SQLi | 4 | BODY|URL|ARGS|HEADERS |
227 | 1024 | RLx | (^|\W)concat\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
175 | 1025 | RL | updatexml | SQLi | 4 | BODY|URL|ARGS|HEADERS |
170 | 1026 | RLx | (^|\W)system\( | RCE | 8 | BODY|URL|ARGS|HEADERS |
87 | 1027 | RLx | (^|\W)extractvalue\( | SQLi | 6 | BODY|URL|ARGS|HEADERS |
39 | 1028 | RLx | (^|\W)elt\( | SQLi | 6 | BODY|URL|ARGS|HEADERS |
1 | 1031 | RLx | (encode|decode)\W*[\(\)] | SQLi | 12 | BODY|URL|ARGS|HEADERS |
55 | 1032 | RL | group_concat | SQLi | 4 | BODY|URL|ARGS|HEADERS |
129 | 1033 | RLx | \Wrlike\( | SQLi | 6 | BODY|URL|ARGS|HEADERS |
139 | 1034 | RLx | [^-:=\.\w\|]database[^-:=\.\w\|] | SQLi | 4 | BODY|URL|ARGS|HEADERS |
238 | 1035 | RL | system_user | SQLi | 6 | BODY|URL|ARGS|HEADERS |
236 | 1036 | RL | version() | SQLi | 8 | BODY|URL|ARGS|HEADERS |
4 | 1037 | RLx | (^|\W)not\W+in\( | SQLi | 6 | BODY|URL|ARGS|HEADERS |
209 | 1038 | RLx | json(_\w+){1,2}\( | SQLi | 6 | BODY|URL|ARGS|Cookie |
210 | 1039 | RLx | [^-:=\.\w\|]contains[^-:=\.\w\|] | SQLi | 4 | BODY|URL|ARGS|HEADERS |
85 | 1040 | RLx | [^-:=\.\w\|]sleep[^-:=\.\w\|] | SQLi | 6 | BODY|URL|ARGS|HEADERS |
72 | 1042 | RL | table_name | SQLi | 6 | BODY|URL|ARGS |
145 | 1043 | RLx | \`\`\s*\`\` | SQLi | 2 | BODY|URL|ARGS |
58 | 1044 | RL | table.name | SQLi | 6 | BODY|URL|ARGS |
167 | 1045 | RL | isnull | SQLi | 2 | BODY|URL|ARGS|HEADERS |
49 | 1046 | RLx | _(en|de)crypt\( | SQLi | 6 | BODY|URL|ARGS|HEADERS |
33 | 1049 | RL | create_digest | SQLi | 6 | BODY|URL|ARGS|HEADERS |
215 | 1050 | RLx | log\d+\W*(\(|\)) | SQLi | 8 | URL|ARGS |
241 | 1053 | RLx | /(bin|sbin)/ | Other | 4 | BODY|URL|ARGS|HEADERS |
197 | 1055 | RL | to_base64 | SQLi | 6 | BODY|URL|ARGS|HEADERS |
121 | 1056 | RLx | [^-:=\.\w\|]replace[^-:=\.\w\|] | SQLi | 4 | BODY|URL|ARGS|HEADERS |
82 | 1057 | RL | master_pos_wait | SQLi | 8 | URL|ARGS |
42 | 1059 | RL | str_replace | SQLi | 8 | BODY|ARGS |
35 | 1060 | RL | user_meta | SQLi | 8 | BODY|URL|ARGS |
65 | 1061 | RL | regexp | SQLi | 2 | BODY|ARGS |
29 | 1063 | RLx | \d+[\'\`] | SQLi | 8 | URL |
49 | 1064 | RL | wp_comment | SQLi | 8 | BODY|URL|ARGS |
107 | 1065 | RL | wp_usermeta | SQLi | 8 | BODY|URL|ARGS |
34 | 1066 | RL | wp_post | SQLi | 8 | BODY|URL|ARGS |
136 | 1067 | RL | wp_term | SQLi | 8 | BODY|URL|ARGS |
160 | 1068 | RL | wp_user | SQLi | 8 | BODY|ARGS |
225 | 1069 | RL | wp_options | SQLi | 8 | BODY|ARGS |
204 | 1072 | RLx | (^|\W)print(_r|ln)?\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
206 | 1075 | RLx | \d\'\s*\w+=(\d+|\') | SQLi | 12 | URL|ARGS |
105 | 1077 | RLx | =(\-\w+|\w+[\'\)\"])(.|\s){0,30}\s+where\s+(.|\s){0,30}\s+(OR|AND) | SQLi | 12 | BODY|URL|ARGS|HEADERS |
66 | 1078 | RLx | ctx=web\&cache_filename=.+\.php.+IMresizedData=\<\?php | SQLi | 12 | BODY |
187 | 1081 | RLx | \w+=\d+\'($|\s) | SQLi | 12 | URL|ARGS |
2 | 1085 | RLx | \d+[\'\`] | SQLi | 2 | BODY|ARGS|HEADERS |
28 | 1086 | RLx | (\b(m(s(ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\.\.sysdatabases|ysql\.db)\b|s(ys(\.database_name|aux)\b|chema(\W*\(|_name\b)|qlite(_temp)?_master\b)|d(atabas|b_nam)e\W*\(|information_schema\b|pg_(catalog|toast)\b|northwind\b|tempdb\b)) | SQLi | 8 | BODY|URL|ARGS|HEADERS |
10 | 1087 | RLx | sleep\((\s*?)(\d*?)(\s*?)\)|benchmark\((.{0,50}?),(.{0,50}?)\) | SQLi | 12 | BODY|URL|ARGS|HEADERS |
248 | 1088 | RLx | (((select|;)\s+(benchmark|if|sleep)\s*?\(\s*?\(?\s*?\w+)) | SQLi | 12 | BODY|URL|ARGS|HEADERS |
137 | 1090 | RLx | ((alter\s*?\w+.{0,50}?(character|char)\s+set\s+\w+)|([\"'`];*?\s*?waitfor\s+(time|delay)\s+[\"'`])|([\"'`];.{0,50}\s*?\Wgoto\W)) | SQLi | 8 | BODY|URL|ARGS|HEADERS |
16 | 1091 | RLx | (^|\W)union(.|\s){1,50}select(.|\s){1,50}from\W | SQLi | 12 | BODY|URL|ARGS|HEADERS |
8 | 1092 | RLx | ((select\s*?pg_sleep)|(waitfor\s*?delay\s?[\"'`]+\s?\d)|(;\s*?shutdown\s*?(;|--|#|/\*|{))) | SQLi | 8 | BODY|URL|ARGS|HEADERS |
30 | 1093 | RLx | ["\[]\$(ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and|where)["\]] | Injection | 12 | BODY|URL|ARGS|HEADERS |
6 | 1094 | RLx | ((procedure\s+analyse\s*?\()|(;\s*?(declare|open)\s+[\w-]+)|(create\s+(procedure|function)\s*?\w+\s*?\(\s*?\)\s*?-)|(declare[^\w]+[@#]\s*?\w+)|(exec\s*?\(\s*?@)) | SQLi | 8 | BODY|URL|ARGS|HEADERS |
132 | 1096 | RLx | xp_(servicecontrol|regread|regwrite|regdeletevalue|regdeletekey|fileexist|enumerrorlogs|readerrorlogs|enumdsn|enumgroups|ntsec_enumdomains) | SQLi | 12 | BODY|URL|ARGS|HEADERS |
197 | 1099 | RLx | (^|&)src=[^&]*?(http|ftp) | SQLi | 12 | URL |
219 | 1100 | RLx | [?&]home=[^&]*?(http|ftp) | Other | 12 | URL |
51 | 1102 | RLx | [?&]size=[^&]*?\x3b | SQLi | 12 | ARGS |
62 | 1104 | RL | action=getTopic | SQLi | 8 | BODY |
129 | 1105 | RLx | \[\#markup\]\=\S+\s+\S+ | RCE | 12 | BODY|URL|ARGS |
59 | 1107 | RL | found_rows | SQLi | 8 | URL|ARGS |
23 | 1108 | RL | tceles | SQLi | 4 | URL|ARGS|Cookie |
138 | 1109 | RLx | information(_|\.)schema | SQLi | 12 | BODY|URL|ARGS|HEADERS |
230 | 1110 | RLx | (\s|\+)(infile|outfile|dumpfile)(\s|\+) | SQLi | 8 | BODY|URL|ARGS|HEADERS |
71 | 1111 | RL | noinu | SQLi | 4 | URL|ARGS |
180 | 1112 | RL | substring% | SQLi | 8 | BODY|URL|ARGS|HEADERS |
191 | 1115 | RL | @@version | SQLi | 8 | BODY|URL|ARGS|HEADERS |
252 | 1116 | RL | schema | SQLi | 6 | URL|ARGS |
219 | 1117 | RL | datadir | SQLi | 8 | BODY|URL|ARGS|HEADERS |
76 | 1118 | RL | hostname | SQLi | 4 | BODY|URL|ARGS|HEADERS |
182 | 1119 | RL | rowcount | SQLi | 4 | BODY|URL|ARGS|HEADERS |
231 | 1120 | RLx | \s;\s | SQLi | 8 | URL|ARGS |
32 | 1121 | RL | coercibility | SQLi | 8 | URL|ARGS |
96 | 1123 | RL | COLLATION | SQLi | 8 | URL|ARGS |
117 | 1124 | RL | CONNECTION_ID | SQLi | 8 | URL|ARGS |
212 | 1125 | RL | current_user | SQLi | 4 | URL|ARGS |
215 | 1126 | RL | last_insert_id | SQLi | 8 | URL|ARGS |
232 | 1127 | RL | row_count | SQLi | 8 | URL|ARGS |
41 | 1128 | RL | session_user | SQLi | 8 | URL|ARGS |
245 | 1129 | RL | @user | SQLi | 8 | URL|ARGS |
34 | 1130 | RLx | /%?\*(.|\s){0,50}\*%?/ | SQLi | 6 | URL|ARGS |
2 | 1131 | RLx | /%?\*(.|\s){0,50}\*%?/ | SQLi | 2 | BODY |
210 | 1132 | RLx | ((/%?\*(.|\s){0,50}\*%?/)(.|\s){0,50}){3,} | SQLi | 12 | BODY|URL|ARGS|HEADERS |
200 | 1133 | RLx | name\[\d+.{20,}\] | SQLi | 12 | BODY |
134 | 1134 | RLx | admin(istrator)?'-- | SQLi | 12 | BODY|URL|ARGS|HEADERS |
185 | 1136 | RLx | ^(file|ftps?|https?)://(.{0,500})$ | SQLi | 8 | ARGS |
167 | 1137 | RLx | %0(.|\s){0,50}([a-z]%){3,} | SQLi | 12 | BODY|URL|ARGS|HEADERS |
152 | 1138 | RLx | (%\w%.{0,50}){5,} | SQLi | 8 | BODY|URL|ARGS|HEADERS |
67 | 1139 | RL | validate_password_strength | SQLi | 8 | URL|ARGS |
43 | 1141 | RL | libraryContent | SQLi | 8 | BODY |
6 | 1142 | RL | base64_decode | SQLi | 8 | BODY |
93 | 1143 | RL | globals[ | RCE | 8 | BODY|URL|ARGS |
81 | 1144 | RLx | (^|\W)response\.(write|flush|clear)\( | Injection | 12 | BODY|URL|ARGS|HEADERS |
151 | 1145 | RLx | \w=\/?\.{1,2}(\\|\/) | LFI | 8 | BODY|ARGS|Referer |
73 | 1311 | RL | <? | RCE | 4 | BODY |
253 | 1312 | RL | ?> | RCE | 4 | BODY |
229 | 1313 | RL | <?php | RCE | 12 | BODY|URL|ARGS|HEADERS |
198 | 1314 | RLx | \$_\w{1,15}\[ | Other | 12 | BODY|URL|ARGS|HEADERS |
73 | 1316 | RL | get_defined_functions | RCE | 12 | BODY|URL|ARGS|HEADERS |
25 | 1317 | RL | _PHPLIB[libdir] | Other | 8 | BODY|URL|ARGS|HEADERS |
144 | 1318 | RLx | auto_prepend_file|auto_append_file | RFI | 12 | URL|ARGS |
144 | 1322 | RL | burpcollaborator.net | Scanner | 12 | BODY|URL|ARGS|HEADERS |
205 | 1324 | RL | constructor.constructor | Other | 8 | BODY |
101 | 1352 | RL | XAttacker.php | Other | 12 | BODY|URL|ARGS |
229 | 1397 | RLx | include.?dir\x3D | Other | 12 | URL |
205 | 1398 | RLx | path=(https?|ftps?|php) | Other | 12 | URL |
48 | 1399 | RLx | php\?goto=(https?|ftps?|php) | RFI | 12 | URL |
123 | 1431 | RLx | /(admin/addcontent\.inc|images/psg)\.php | Other | 12 | URL |
88 | 1459 | RL | svg> | XSS | 3 | BODY |
201 | 1491 | RLx | [^-:\.\w\|]exec[^-:\.\w\|\/] | Injection | 8 | BODY|URL|ARGS|HEADERS |
139 | 1493 | RLx | (^|\W)die\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
74 | 1497 | RLx | (.{1,50}\(.{1,50}\)){3,} | Other | 12 | URL |
236 | 1500 | RLx | \.(.{0,250})~($|\s) | UWA | 12 | URL |
250 | 1501 | RLx | src=https?\x3a\x2f[^\x26\x20]*?(\x24\x28|%24%28) | UWA | 12 | URL|ARGS |
199 | 1502 | RL | .vscode | Other | 12 | URL |
30 | 1505 | RLx | \.(gemfile|gemfile|rb|irbrc)($|\s|\:) | UWA | 12 | URL |
239 | 1506 | RLx | \.(bzr|project|sublime(-workspace)?|md|svn|gitkeep|s3cfg|(git|hg|cvs)(ignore)?|subversion|csproj|(ftp)?config|cfg|atom|vb|vscode|circleci|npmrc)($|\s|\/|\:) | UWA | 12 | URL |
173 | 1512 | RLx | \.php[^3-7\/s][\w\-\_~]*(\.\w+)?$ | UWA | 12 | URL |
154 | 1513 | RLx | \.(py|pl|cgi)($|\s|\:) | UWA | 8 | URL |
35 | 1515 | RL | .ds_store | UWA | 12 | URL |
109 | 1516 | RLx | \.(jar|jsp|jspx|jspf|java|coffee|war|yml|cfm)($|\s|\:) | UWA | 12 | URL |
182 | 1517 | RLx | \.(conf|ssh|ini|inc|env|inc|viminfo|properties|dead\.letter|passwd|schema)($|\s|\:) | UWA | 8 | URL |
241 | 1518 | RLx | \.(phpinc|save|sav|swp|swo|lock|old|orig|log|tmp|temp|restore|suspected)($|\s|\:) | UWA | 12 | URL |
20 | 1519 | RLx | \.(bz2|gz|tar|xz|lzma)($|\s|\:) | UWA | 4 | URL |
20 | 1521 | RL | sftp-config.json | UWA | 12 | URL |
149 | 1522 | RL | .idea/ | UWA | 12 | URL |
89 | 1523 | RLx | ^/wp-content/plugins/($|\s) | UWA | 12 | URL |
16 | 1524 | RLx | /wp-content/plugins/.{1,50}/cache/ | UWA | 12 | URL |
173 | 1526 | RLx | \.(mdb|db|sqlite|sql)($|\s|\:) | UWA | 12 | URL |
69 | 1528 | RLx | id_(rsa|dsa)\.ppk($|\s|\:) | UWA | 12 | URL |
180 | 1559 | RLx | etc/(passwd|shadow) | UWA | 12 | BODY|URL|ARGS|HEADERS |
198 | 1560 | RLx | \W(win|system|php)\.ini | UWA | 8 | BODY|URL|ARGS|HEADERS |
44 | 1561 | RLx | \.(ksh|rsh|tcsh|csh|zsh|zshrc|bash|bash_profile|rksh|sh_history)($|\s|\:) | UWA | 12 | URL |
37 | 1562 | RLx | \.(bat|exe|dll|dat)($|\s|\:) | UWA | 12 | URL |
106 | 1808 | RL | composer.json | UWA | 8 | URL |
233 | 1811 | RLx | %psmodulepath%|%public%|%appdata%|%localappdata% | UWA | 12 | URL|ARGS |
150 | 1812 | RLx | %allusersprofile%|%userdata%|%username%|%userprofile% | UWA | 12 | URL|ARGS |
135 | 1813 | RLx | %homedrive%|%homepath% | UWA | 12 | URL|ARGS |
220 | 1814 | RLx | %homedrive%|%homepath% | UWA | 12 | URL|ARGS |
197 | 1816 | RLx | %systemdrive%|%systemroot%|%windir%|%comspec% | UWA | 12 | URL|ARGS |
13 | 1818 | RLx | %path%|%pathext% | UWA | 8 | URL|ARGS |
235 | 1819 | RLx | %computername%|%logonserver%|%prompt%|%userdomain% | UWA | 8 | URL|ARGS |
37 | 1820 | RL | db_details_importdocsql.php | UWA | 8 | URL |
1 | 1821 | RLx | /(global|dnewsweb|swsrv|ikonboard)\.cgi | UWA | 8 | URL |
96 | 1822 | RL | /math_sum.mscgi | UWA | 8 | URL|ARGS |
139 | 1823 | RLx | /(ksh|rsh|tcsh|csh|zsh|zshrc|bash|bash_profile|rksh)($|\s) | UWA | 12 | URL|ARGS |
8 | 1826 | RLx | \/(math_sum.mscgi|htsearch|printenv|db2www|document.d2w) | UWA | 12 | URL |
185 | 1827 | RL | /admentor/admin/admin.asp | UWA | 8 | URL |
23 | 1830 | RL | /timthumb.php | UWA | 4 | URL |
133 | 1831 | RL | /timthumbdir/cache | UWA | 4 | URL |
184 | 1832 | RL | /w3tc/dbcache | UWA | 8 | URL |
98 | 1834 | RL | php:// | UWA | 12 | BODY|URL|ARGS|HEADERS |
93 | 1835 | RL | ftp:// | UWA | 12 | BODY|ARGS |
87 | 1836 | RL | zlib:// | UWA | 12 | BODY|URL|ARGS|HEADERS |
149 | 1837 | RL | data:// | UWA | 12 | BODY|URL|ARGS|HEADERS |
66 | 1838 | RL | glob:// | UWA | 12 | BODY|URL|ARGS|HEADERS |
226 | 1839 | RL | phar:// | UWA | 12 | BODY|URL|ARGS|HEADERS |
105 | 1840 | RL | file:// | UWA | 12 | BODY|ARGS |
22 | 1841 | RL | /cfide/componentutils | UWA | 12 | URL |
88 | 1842 | RL | /mysqldumper | UWA | 12 | URL |
46 | 1843 | RLx | php(pg|my)admin | UWA | 12 | URL |
190 | 1845 | RL | /bin/sh | UWA | 12 | BODY|URL|ARGS|HEADERS |
32 | 1846 | RL | .htpasswd | UWA | 12 | URL|ARGS |
175 | 1847 | RL | .htaccess | UWA | 12 | URL|ARGS |
240 | 1848 | RL | whitelist.pac | UWA | 12 | URL |
10 | 1849 | RL | proxy.pac | UWA | 12 | URL |
81 | 1850 | RL | (?p=b)((?p=b)(?j:(?p<b>c)(?p<b>a(?p=b)))>wgxcredits) | UWA | 12 | BODY|ARGS|HEADERS |
242 | 1851 | RL | 0000::1 | UWA | 12 | X-Forward-For |
166 | 1852 | RL | 127.0.0 | UWA | 12 | X-Forward-For |
127 | 1853 | RL | (?j:(?|(:(?|(?'r')(\k'r')|((?'r')))h'rk'rf)|s(?'r')))) | UWA | 12 | HEADERS |
66 | 1854 | RL | /var/www/ | UWA | 12 | URL|ARGS |
30 | 1856 | RL | /philboard_admin.asp | UWA | 12 | URL|ARGS |
37 | 1857 | RL | /cgi-bin/ls | UWA | 8 | URL|ARGS |
24 | 1860 | RL | /wp-includes/rss-functions.php | UWA | 12 | URL |
198 | 1861 | RL | /wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php | UWA | 12 | BODY |
75 | 1866 | RLx | stdin|stdout|stderr | UWA | 4 | BODY|URL|ARGS|HEADERS |
48 | 1868 | RL | X-Pingback-Forwarded-For: | UWA | 8 | X-Forward-For |
135 | 1869 | RLx | /dev/(tcp|udp) | UWA | 12 | BODY|ARGS|HEADERS |
56 | 1870 | RL | /sqlite/main.php | UWA | 12 | URL|ARGS |
2 | 1871 | RLx | (^|\W)php(_uname|credits|info|version)\( | Injection | 12 | BODY|URL|ARGS|HEADERS |
92 | 1872 | RLx | /~(root|ftp|nobody) | UWA | 12 | BODY|URL|ARGS |
62 | 1873 | RL | /htmlscript | UWA | 12 | URL |
122 | 1876 | RL | /post-query | UWA | 8 | URL |
180 | 1879 | RLx | [^/]https?:/ | UWA | 8 | URL |
240 | 1882 | RLx | (^|\W)javascript: | XSS | 8 | BODY|URL|ARGS|HEADERS |
99 | 1883 | RL | /DatabaseFunctions.php | UWA | 8 | URL |
47 | 1884 | RL | /GlobalFunctions.php | UWA | 8 | URL |
225 | 1885 | RL | /UpdateClasses.php | UWA | 8 | URL |
15 | 1886 | RL | /scripts/setup.php | UWA | 12 | URL |
237 | 1887 | RLx | (phpinfo|phpsysinfo)\.php | UWA | 12 | URL |
209 | 1888 | RL | /server_sync.php | UWA | 12 | URL |
25 | 1891 | RL | PageServices | UWA | 8 | URL|ARGS |
114 | 1892 | RL | /htgrep | UWA | 8 | URL |
5 | 1893 | RL | /WEB-INF/ | UWA | 12 | URL |
135 | 1894 | RL | /proc/self/ | UWA | 12 | BODY|URL|ARGS |
149 | 1895 | RL | phpb8b5f2a0-3c92-11d3-a3a9-4c7b08c10000 | UWA | 4 | ARGS |
159 | 1896 | RLx | phpe9568f3(4|5|6)-d428-11d2-a769-00aa001acf42 | UWA | 4 | ARGS |
245 | 1897 | RLx | /_vti_(adm|bin)/ | UWA | 12 | URL |
220 | 1898 | RL | /_vti_rpc | UWA | 12 | URL |
253 | 1899 | RL | /server-status | UWA | 12 | URL |
125 | 1900 | RL | /balancer-manager | UWA | 12 | URL |
37 | 1901 | RL | /host-manager/ | UWA | 12 | URL |
153 | 1902 | RL | fx29shcook | UWA | 8 | URL |
242 | 1903 | RLx | act=\S+&(d|f)= | UWA | 12 | BODY|ARGS |
35 | 1904 | RLx | act=(fxmailselfremove|encoder|eval|sql|phpinfo) | UWA | 12 | BODY|ARGS |
112 | 1905 | RLx | _act=(execute|list\s+files|upload) | UWA | 12 | BODY|ARGS |
42 | 1906 | RL | cmd_txt=1 | UWA | 8 | ARGS |
24 | 1907 | RL | c99.php | UWA | 12 | URL |
14 | 1908 | RLx | (\s|\+|#)cmd= | UWA | 12 | BODY|URL|ARGS|HEADERS |
152 | 1909 | RLx | c999sh_surl|c999shvars | UWA | 12 | Cookie |
207 | 1910 | RL | webconfig.txt.php | UWA | 12 | URL |
85 | 1911 | RL | wpad.dat | UWA | 12 | URL |
247 | 1913 | RL | composer.phar | UWA | 8 | URL |
16 | 1914 | RLx | adminer.*\.php | UWA | 12 | URL |
174 | 1915 | RLx | (wso|r57|r57shell)\.php | UWA | 12 | URL |
101 | 1917 | RL | /admin/templates/header.php | UWA | 8 | URL |
115 | 1918 | RL | /soapcaller.bs | UWA | 12 | URL |
52 | 1919 | RL | /plugin_googlemap2_proxy.php | UWA | 12 | URL |
73 | 1920 | RL | /images/stories/story.php | UWA | 12 | URL |
236 | 1921 | RLx | /plugins/system/.{1,50}\.php | UWA | 12 | URL |
43 | 1922 | RL | /.ssh/ | UWA | 12 | URL |
227 | 1923 | RL | /known_hosts | UWA | 12 | URL |
238 | 1924 | RL | /authorized_keys | UWA | 12 | URL |
61 | 1925 | RLx | \.(key|pem|id_rsa|id_dsa)($|\s) | UWA | 12 | URL |
163 | 1926 | RLx | \.(sh|bash|nano|irb|psql|mysql)_history($|\s) | UWA | 12 | URL |
31 | 1927 | RLx | \.(bac|bak|bkp|bkf|bkp|back|backup|bakup)($|\s) | UWA | 12 | URL |
60 | 1928 | RLx | \.(history|histfile)($|\s) | UWA | 12 | URL |
153 | 1929 | RL | proftpdpasswd | UWA | 12 | URL |
180 | 2100 | RLx | nessus|acunetix|nmap|sqlmap|[nw]ikto|dirbuster|gobuster|w3af|webster|openvas|meterpreter|network-services-auditor|wpscan|hydra|XSpider|Nuclei|l9explore | Scanner | 12 | User-agent |
130 | 2101 | RLx | absinthe|autogetcolumn|bsqlbf|cisco-torch|crimscanner|appscan_fingerprint|amiga-aweb|digimarc webreader | Scanner | 12 | User-agent |
106 | 2102 | RLx | sql\s+power\s+injector|dav\.pm|prog.customcrawler|whcc|grendel-scan|masscan | Scanner | 12 | User-agent |
198 | 2103 | RLx | shellshock-scan|thanks-rob|WebCruiser|webinspect|whisker|chinaclaw|whatweb|wordpress hash grabber | Scanner | 12 | User-agent |
91 | 2104 | RLx | mysqloit|netsparker|paros|pavuk|uil2pn|friendly-scanner|sundayddr|zmeu|sqlspider|Evasions | Scanner | 12 | User-agent |
179 | 2105 | RLx | apachebench|datacha0s|nv32ts|brutus|arachni|synapse|havij|sucuri|sitelock|scanalert | Scanner | 12 | User-agent |
24 | 2106 | RLx | http_get_vars|n-stealth|picscout|t34mh4k|webshag|mozilla/\d+\.\d+\s+sf | Scanner | 12 | User-agent |
247 | 2107 | RL | ++++++++result | Scanner | 12 | URL |
166 | 2112 | RL | /jmx-console/htmladaptor | Scanner | 12 | URL |
221 | 2115 | RLx | php/\d+\.|python-httplib|winhttprequest|pymills-spider/|^\. | Scanner | 1 | User-agent |
133 | 2116 | RL | internal dummy connection | Scanner | 12 | User-agent |
109 | 2400 | RL | base64 | Evasion | 2 | URL|ARGS |
229 | 2401 | RL | cghwaw5mbygpoyag | Evasion | 12 | BODY|URL|ARGS|HEADERS |
234 | 2402 | RL | http://http:// | Other | 12 | HEADERS |
44 | 2403 | RLx | boundary=\S+[,|;] | Evasion | 8 | Content-Type |
130 | 2404 | RL | mid% | Evasion | 8 | URL|ARGS |
107 | 2405 | RL | dual | Evasion | 2 | URL|ARGS |
200 | 2406 | RL | strcmp( | RCE | 8 | URL|ARGS |
193 | 2407 | RLx | (\\[0-7]{1,3}){3,} | Evasion | 8 | BODY|URL|ARGS|HEADERS |
88 | 2409 | RLx | &#\d+;? | Evasion | 0 | BODY|URL|ARGS|HEADERS|MLA |
103 | 2411 | RLx | (&#x[2-7]\w;(.|\s){0,50}){5,} | Evasion | 0 | BODY|URL|ARGS|HEADERS|MLA |
37 | 2413 | RLx | (file|ftps?|https?)://(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) | Evasion | 12 | ARGS |
169 | 2414 | RLx | ((merge.{0,50}?using\s*?\()|(execute\s*?immediate\s*?[\"'`])|(match\s*?[\w(),+-]+\s*?against\s*?\()) | RCE | 8 | ARGS|Cookie |
106 | 2415 | RL | data:image | Evasion | 12 | URL |
253 | 2416 | RLx | (^|\W)(un)?hex\( | Evasion | 12 | BODY|URL|ARGS|HEADERS |
244 | 2700 | RL | .exec( | RCE | 12 | BODY|ARGS|Content-Type |
234 | 2702 | RL | /invoker/ejbinvokerservlet | Other | 12 | BODY|URL |
46 | 2703 | RL | service:wanipconnection: | Other | 12 | BODY |
199 | 2704 | RL | /struts2-blank/ | RCE | 12 | URL |
114 | 2705 | RLx | <[\s\+]*![\s\+]*(doctype|entity)[\s\+]+%*[\s\+]*[a-za-z1-9_-]*[\s\+]+system | Other | 12 | BODY |
28 | 2706 | RLx | multipart/form-data;\s*boundary=[a-zA-Z0-9_-]{4000,} | Other | 12 | Content-Type |
126 | 2707 | RL | java.beans.eventhandler | RCE | 12 | BODY|ARGS |
221 | 2708 | RL | java.lang. | RCE | 12 | BODY|ARGS |
196 | 2709 | RL | typo3_conf | Other | 12 | ARGS |
87 | 2711 | RLx | \(\s{0,50}\)\s{0,50}\{\s{0,50}\: | Other | 12 | BODY|ARGS|HEADERS |
200 | 2712 | RL | name[0%20 | Other | 12 | BODY |
116 | 2716 | RLx | script_fields.{0,50}import.{0,50}java\.util | RCE | 12 | BODY|ARGS |
81 | 2717 | RL | java.io. | RCE | 12 | BODY|ARGS |
224 | 2718 | RL | java.util. | RCE | 12 | BODY|ARGS |
171 | 2719 | RL | fill 'url | Other | 12 | BODY|URL|ARGS |
61 | 2720 | RL | $mft | Other | 8 | BODY|ARGS |
233 | 2721 | RLx | \.\./|php | Other | 12 | ARGS|$URL:/components/com_hdflvplayer/hdflvplayer/download.php |
208 | 2722 | RL | .ph | Other | 12 | $URL:/uploader/server/php/ |
163 | 2723 | RL | swp_url=http | Other | 12 | ARGS|$URL:/wp-admin/admin-post.php |
63 | 2725 | RL | system.listmethods | Other | 12 | $URL:/xmlrpc.php|BODY |
84 | 2726 | RL | system.getcapabilities | Other | 12 | $URL:/xmlrpc.php|BODY |
54 | 2727 | RL | pingback.ping | UWA | 12 | $URL:/xmlrpc.php|BODY |
103 | 2728 | RLx | ['"`)][\s\+]*(OR|AND|\|\||\&\&)(\s+NOT)?[\s\+]+(.{1,25})[\s\+]*([\!\<\>]?\=|\<|\>)[\s\+]*(.{1,25}) | SQLi | 12 | BODY|URL|ARGS|User-agent |
192 | 2729 | RLx | (^|\W)((var)?char|chr)\W*=\W*["'] | SQLi | 12 | BODY|URL|ARGS|HEADERS |
35 | 2730 | RLx | (^|\W)name_const\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
118 | 2731 | WL | %C0 | WL | 0 | Cookie |
105 | 2733 | RLx | \.([~-][\w]?|\$+)($|\s|\:) | UWA | 12 | URL |
148 | 2734 | RLx | \w=\/(etc|usr|var|bin|sbin|lib|lib64|run|sys|dev|root|home|opt|srv|mnt)\/ | Other | 12 | BODY|ARGS |
245 | 2735 | RLx | (^|\W)draggable(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
119 | 2736 | WLx | FBCR\/(\&\#\d+\-)+ | WL | 0 | User-agent |
16 | 2737 | RLx | filename\s*=\s*.+\.(php|pht|py|js\W|rb|pl|pm|cgi|aspx) | Other | 8 | Content-Disposition |
217 | 2738 | RLx | (^|\W)xbshell\W | Other | 12 | BODY|URL|ARGS|HEADERS |
84 | 2739 | RLx | (^|\W)union(\s|\+)+(all(\s|\+)+)?select\W | SQLi | 12 | BODY|URL|ARGS|HEADERS |
52 | 2740 | RL | deployment-config.json | UWA | 12 | URL |
83 | 2741 | RL | ftpsync.settings | UWA | 12 | URL |
202 | 2742 | RLx | (^|\W)convert\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
83 | 2743 | RLx | (^|\W)(md5|crc32|sha1|hash|crypt)\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
202 | 2744 | RLx | (^|\W)HashBytes\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
51 | 2745 | RLx | (^|\W)extractvalue\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
120 | 2746 | RLx | waitfor(\s|\+)+delay\W | SQLi | 12 | BODY|URL|ARGS|HEADERS |
231 | 2747 | RLx | img(\s|\+)*src=\"?(https?\:\/\/)?[\w|\.|\-|\/]+\.(txt|php|py|cgi|asp) | RFI | 12 | BODY |
49 | 2748 | RL | eval-stdin.php | UWA | 12 | URL |
92 | 2749 | RLx | \s(OR|\|\||AND|\&\&)(\s*not)?\s*(['")]\w*['"(]|\w*)\s*[!]?=\s*(['")]\w*['"(]|\w*)\s*\-\- | SQLi | 12 | BODY|URL|ARGS|User-agent |
191 | 2750 | RL | @pdiscoveryio | Scanner | 12 | User-agent |
124 | 2751 | RLx | (^|\W)function\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
166 | 2752 | RLx | (sql|old|bkp|bck|bckp|back|backup|archive)\.(zip|rar|7zip|bz2|gz|xz|lzma|tar|gz|tar\.gz)($|\s|\:) | UWA | 12 | URL |
19 | 2753 | RLx | (^|\W)includecomponent\( | RCE | 12 | BODY |
218 | 2754 | RLx | (^|\W)__schema\W*\{ | Other | 12 | BODY|ARGS |
128 | 2755 | RLx | \/\.\.[\;\+] | UWA | 12 | URL |
164 | 2756 | RLx | (^|\W)script[\s\+]+xmlns | XSS | 12 | BODY|URL|ARGS|HEADERS |
192 | 2757 | RLx | (^|\W)tostring\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
53 | 2758 | RLx | (^|\W)shell_exec\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
82 | 2759 | RLx | \=[\s\+]*\$\{\w+[\+\-\*\/]\w+\} | RCE | 12 | BODY|ARGS |
252 | 2760 | RLx | (^|\W)nslookup\W | RCE | 12 | BODY|URL|ARGS|HEADERS |
236 | 2761 | RLx | \|[\s\+]*([\/]*(\w|\.)+[\/]+)?(bash|perl|python|php)\W | RCE | 8 | BODY|URL|ARGS|HEADERS |
18 | 2762 | RLx | (^|\W)gethostbyname\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
207 | 2763 | RLx | ['"`)][\s\+]*(OR|AND|\|\||\&\&)(\s+NOT)?[\s\+\"\'\(\)]+(.{1,25})[\s\+\"\'\(\)]+([\!\<\>]?\=|\<|\>)[\s\+\"\'\(\)]+(.{1,25}) | SQLi | 12 | BODY|URL|ARGS|User-agent |
176 | 2764 | WLx | \w\-\-\w | WL | 0 | BODY|URL|ARGS|HEADERS |
235 | 2766 | RLx | bxss\W*\.me | Scanner | 12 | BODY|URL|ARGS|HEADERS |
19 | 2767 | RL | sysdate( | Injection | 12 | BODY|URL|ARGS|HEADERS |
25 | 2768 | RLx | on(waiting|pause|show|start|end|unload|drop|submit|close|after(print|scriptexecute)|contextmenu|cellchange)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
37 | 2769 | RLx | on(cuechange|(de)?activate|finish|fullscreenchange|hashchange|invalid|message|repeat)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
113 | 2770 | RLx | on(resize|scroll|search|seeked|seeking|timeupdate|touchend|touchmove|touchstart|volumechange)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
72 | 2771 | RLx | on(mozfullscreenchange|pagehide|pageshow|popstate|progress|readystatechange|transitioncancel|transitionrun|transitionstart|unhandledrejection)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
51 | 2772 | RLx | onwebkitanimation(end|iteration|start|end)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
17 | 2773 | RLx | onbefore((de)?activate|copy|cut|editfocus|paste|update|scriptexecute|input)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
157 | 2774 | RLx | onpointer(down|enter|leave|move|out|over|rawupdate|up)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
54 | 2775 | RLx | onanimation(cancel|iteration|start|end)(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
123 | 2776 | RLx | (^|\W)strrev\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
72 | 2777 | RLx | (djy|qpy)l18\.com | Other | 12 | ARGS |
219 | 2778 | RLx | (^|\W)execute\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
12 | 2779 | RLx | (^|\W)(atob|btoa)\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
40 | 2780 | RL | Fuzz Faster | Scanner | 12 | User-agent |
208 | 2781 | RLx | (^|\W)get(Runtime|Response|Writer|Property|InputStream)\( | RCE | 12 | BODY|Content-Type |
162 | 2782 | RL | .start( | RCE | 12 | BODY|Content-Type |
219 | 2783 | RL | X-Scanner: Netsparker | Scanner | 12 | X-Scanner |
21 | 2784 | RL | codepoints-to-string( | Injection | 12 | BODY|URL|ARGS|HEADERS |
211 | 2785 | RLx | (^|\W)substring\( | Injection | 8 | BODY|URL|ARGS|HEADERS |
82 | 2786 | RL | string-length( | Injection | 12 | BODY|URL|ARGS|HEADERS |
142 | 2787 | RLx | (^|\W)starts-with\( | Injection | 12 | BODY|URL|ARGS|HEADERS |
189 | 2788 | RLx | (^|\W)contains\( | Injection | 8 | BODY|URL|ARGS|HEADERS |
108 | 2789 | RL | db.collection.find( | Injection | 12 | BODY|URL|ARGS|HEADERS |
19 | 2790 | RLx | (^|\W)match\( | Injection | 8 | BODY|URL|ARGS|HEADERS |
244 | 2791 | RLx | (^|\W)document\[('|"|`)\w+('|"|`)\] | XSS | 12 | BODY|URL|ARGS|HEADERS |
19 | 2792 | RL | knoxss.me | Scanner | 12 | BODY|URL|ARGS|HEADERS |
180 | 2793 | RLx | (^|\W)confirm(\.call)?\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
129 | 2794 | RLx | (^|\W)array\( | RCE | 8 | BODY|URL|ARGS|HEADERS |
141 | 2795 | RL | array_map( | Injection | 12 | BODY|URL|ARGS|HEADERS |
140 | 2796 | RL | base_convert( | Injection | 12 | BODY|URL|ARGS|HEADERS |
88 | 2797 | RL | scaninfo@expanseinc.com | Scanner | 12 | User-agent |
102 | 2798 | RL | .xss.ht | Scanner | 12 | BODY|URL|ARGS|HEADERS |
158 | 2799 | RLx | =\$\{\d+[+\-*%]\d+\} | Injection | 8 | BODY|ARGS |
46 | 2800 | RL | load_file( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
240 | 2801 | RLx | (^|\W)start-sleep[\s\+]+\- | RCE | 12 | BODY|URL|ARGS|HEADERS |
127 | 2802 | RLx | (^|\W)passthru\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
117 | 2803 | RLx | (^|\W)sleep\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
150 | 2804 | RLx | (^|\W)typeof\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
174 | 2805 | RLx | \Wisfinite\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
140 | 2806 | RLx | (^|\W)sleep[\s\+]+\d | Injection | 8 | BODY|URL|ARGS|HEADERS |
117 | 2807 | RLx | (^|\W)prompt(\.call)?[(,`] | XSS | 8 | BODY|URL|ARGS|HEADERS |
24 | 2808 | RLx | (^|\W)substr\( | RCE | 8 | BODY|URL|ARGS|HEADERS |
31 | 2809 | RLx | (^|\W)ord\( | Injection | 8 | BODY|URL|ARGS|HEADERS |
205 | 2810 | RLx | (^|\W)mid\( | SQLi | 8 | BODY|URL|ARGS|HEADERS |
166 | 2811 | RLx | (^|\W)ifnull\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
178 | 2812 | RLx | (^|\W)cast\( | SQLi | 8 | BODY|URL|ARGS|HEADERS |
63 | 2813 | RLx | (^|\W)database\( | SQLi | 8 | BODY|URL|ARGS|HEADERS |
234 | 2814 | RL | scaninfo@paloaltonetworks.com | Scanner | 12 | User-agent |
210 | 2815 | RLx | (^|\W)require\( | Injection | 8 | BODY|URL|ARGS|HEADERS |
229 | 2816 | RLx | (^|\W)endianness\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
219 | 2817 | RL | charCodeAt( | XSS | 12 | BODY|URL|ARGS|HEADERS |
226 | 2818 | RLx | (^|\W)fillrect\( | XSS | 12 | BODY|URL|ARGS|HEADERS |
245 | 2819 | RL | fromcharcode( | XSS | 12 | BODY|URL|ARGS|HEADERS |
112 | 2820 | RLx | @Grab(Config|Resolver)?\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
220 | 2821 | RLx | (^|\W)r87\.(com|me)\W | Scanner | 12 | BODY|URL|ARGS|HEADERS |
18 | 2822 | RLx | (^|\W)echo(\s|\+)+\$\( | OSCI | 8 | BODY|URL|ARGS|HEADERS |
28 | 2823 | RLx | (^|\W)echo(\s|\+)+(\-\w+(\s|\+)+)?[\'\"\`] | OSCI | 8 | BODY|URL|ARGS|HEADERS |
203 | 2824 | RLx | (database|db|dump)\.tar(\.gz)?($|\s|\:) | UWA | 12 | URL |
213 | 2826 | RLx | (^|\W)alert\.name\W | XSS | 12 | BODY|URL|ARGS|HEADERS |
111 | 2827 | RL | .newInstance( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
241 | 2828 | RL | .forName( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
36 | 2829 | RLx | config\.inc(\.(bz2|gz|xz|tar(\.(bz2|gz|lzma|xz))?))?($|\s|\:) | UWA | 12 | URL |
84 | 2830 | RLx | config\.(bz2|gz|xz|tar(\.(bz2|gz|lzma|xz))?)($|\s|\:) | UWA | 12 | URL |
143 | 2831 | WL | Open BSD | WL | 0 | User-agent |
225 | 2832 | RLx | (^|\W)db.bz2($|\s|\:) | UWA | 12 | URL |
111 | 2833 | RL | config_db.php | UWA | 12 | URL |
184 | 2834 | RLx | (^|\W)cat_code\W | SQLi | 8 | BODY|URL|ARGS|HEADERS |
159 | 2835 | RL | x-wvs-id | Scanner | 12 | HEADERS |
34 | 2836 | RLx | (^|\W)(un)?escape\W | XSS | 6 | BODY|URL|ARGS|HEADERS |
35 | 2837 | WLx | \$\{(ad_id|platform|campaign_id)\} | WL | 0 | BODY|ARGS|HEADERS |
186 | 2838 | RLx | (^|\W)updatexml\( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
234 | 2839 | RLx | (^|\W)valueOf\W*(\(|\'|\"|.) | XSS | 8 | BODY|URL|ARGS|HEADERS |
75 | 2840 | RL | JSON.stringify( | XSS | 8 | BODY|URL|ARGS|HEADERS |
155 | 2841 | RLx | (^|\W)window\.[a-z] | XSS | 4 | BODY|URL|ARGS|HEADERS |
143 | 2842 | RLx | (^|\W)(global|window)eventhandlers\.[a-z] | XSS | 8 | BODY|URL|ARGS|HEADERS |
157 | 2843 | RLx | (^|\W)globalthis\W | XSS | 6 | BODY|URL|ARGS|HEADERS |
213 | 2844 | RLx | (^|\W)fopen\( | RCE | 8 | BODY|URL|ARGS|HEADERS |
63 | 2845 | RLx | (^|\W)f(write|puts)\( | RCE | 8 | BODY|URL|ARGS|HEADERS |
127 | 2846 | RLx | (^|\W)printenv\W | OSCI | 8 | BODY|URL|ARGS|HEADERS |
203 | 2847 | WL | gpg.key | WL | 0 | URL |
27 | 2848 | RLx | (^|\W)ini_set\( | RCE | 12 | BODY|URL|ARGS|HEADERS |
97 | 2849 | RL | set_time_limit( | RCE | 12 | BODY|URL|ARGS|HEADERS |
7 | 2850 | RLx | (^|\W)isset\( | RCE | 8 | BODY|URL|ARGS|HEADERS |
199 | 2851 | RL | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | UWA | 12 | URL |
10 | 2852 | RL | .interact.sh | Scanner | 12 | BODY|URL|ARGS|HEADERS |
49 | 2853 | RL | reflect.apply( | XSS | 8 | BODY|URL|ARGS|HEADERS |
86 | 2854 | RL | promise.all( | XSS | 8 | BODY|URL|ARGS|HEADERS |
27 | 2855 | RL | .then(alert | XSS | 8 | BODY|URL|ARGS|HEADERS |
164 | 2856 | RL | /backup/ | UWA | 12 | URL |
39 | 2857 | RL | 0x00 | Evasion | 4 | BODY|URL|ARGS|HEADERS |
95 | 2858 | RL | string.fromcodepoint( | XSS | 12 | BODY|URL|ARGS|HEADERS |
157 | 2859 | RL | .tolowercase( | XSS | 8 | BODY|URL|ARGS|HEADERS |
250 | 2860 | RL | netsystemsresearch.com | Scanner | 12 | User-agent |
151 | 2861 | RL | internet-structure-research-project-bot | Scanner | 12 | User-agent |
137 | 2862 | RL | /config.bak.php | UWA | 12 | URL |
135 | 2863 | RL | anonymousfox.co | Scanner | 12 | Referer |
251 | 2864 | RL | system.multicall | Other | 12 | BODY|$URL:/xmlrpc.php |
150 | 2865 | RLx | \/wp-config\.(orig|txt|php[._](bak|old|new)) | UWA | 12 | URL |
67 | 2866 | RLx | jndi\:(dns|rmi|iiop|ldap)\:\/\/ | RCE | 12 | BODY|URL|ARGS|HEADERS |
37 | 2867 | RLx | \$\{(lower|upper)\: | RCE | 8 | BODY|URL|ARGS|HEADERS |
152 | 2868 | RLx | \$[\\]?\{\:\:\-[jndilaprmso][\\]?\} | RCE | 8 | BODY|URL|ARGS|HEADERS |
132 | 2869 | RLx | \$[\\]?\{env\:ENV_NAME\:\-[jndilaprmso][\\]?\} | RCE | 8 | BODY|URL|ARGS|HEADERS |
156 | 2870 | RL | str_pad( | RCE | 8 | BODY|URL|ARGS|HEADERS |
132 | 2871 | RL | mysqli:: | RCE | 8 | BODY|URL|ARGS|HEADERS |
88 | 2872 | RL | /.aws/credentials | UWA | 12 | URL |
123 | 2873 | RLx | \.pydevproject($|\s|\:) | UWA | 12 | URL |
154 | 2874 | RL | BluechipBacklinks | Scanner | 12 | User-agent |
182 | 2875 | RL | rookee.bot | Scanner | 12 | User-agent |
190 | 2876 | RLx | (alfa_data|alfacgiapi|cgialfa)\/.{0,50}\.alfa($|\s|\/|\:) | UWA | 12 | URL |
248 | 2877 | RL | .httpservletresponse | RCE | 8 | BODY|Content-Type |
107 | 2878 | RLx | \/(db|backup|config)\d*\.(bz2|gz|tar|xz|lzma)($|\s|\:) | UWA | 8 | URL |
25 | 2879 | RLx | (^|\W)var_dump\( | RCE | 8 | BODY|URL|ARGS|HEADERS |
228 | 2880 | RL | wp_is_mobile | Scanner | 12 | User-agent |
163 | 2881 | RL | PHP/{5|6|7} | Scanner | 12 | User-agent |
82 | 2882 | RL | class.classloader.resources.dircontext.docbase | RCE | 8 | ARGS |
167 | 2883 | RL | github.com/gocolly | Scanner | 12 | User-agent |
34 | 2884 | RL | .get_host_address( | SQLi | 12 | BODY|URL|ARGS|HEADERS |
161 | 2885 | RLx | CensysInspect|censys\.io | Scanner | 12 | User-agent |
174 | 2886 | RLx | \.(git|svn) | UWA | 8 | URL |
200 | 2887 | RL | .touppercase( | XSS | 8 | BODY|URL|ARGS|HEADERS |
179 | 2888 | RL | 0x[] | RCE | 8 | BODY |
121 | 2889 | RL | 0x[]=androxgh0st | RCE | 12 | BODY |
79 | 2890 | RLx | while\s*\( | RCE | 4 | BODY|URL|ARGS|HEADERS |
118 | 2891 | RL | .equals( | RCE | 4 | BODY|URL|ARGS|HEADERS |
14 | 2892 | RL | class.module.classLoader | RCE | 12 | BODY|URL|ARGS|HEADERS |
106 | 2893 | RL | .getInputStream( | RCE | 8 | BODY|URL|ARGS|HEADERS |
105 | 2894 | RL | .getRuntime( | RCE | 8 | BODY|URL|ARGS|HEADERS |
16 | 2895 | RL | .getParameter( | RCE | 8 | BODY|URL|ARGS|HEADERS |
42 | 2896 | RLx | \.queryselector(all)?\( | XSS | 8 | BODY|URL|ARGS|HEADERS |
20 | 2897 | RL | springframework.context.support.FileSystemXmlApplicationContext | RCE | 8 | BODY|URL|ARGS|HEADERS |
78 | 2898 | RLx | reflect\.(apply|cons|def|del|get|has|isext|own|prev|set) | XSS | 4 | BODY|URL|ARGS|HEADERS |
209 | 2899 | RL | sort.call | XSS | 2 | BODY|URL|ARGS|HEADERS |
39 | 2900 | RL | eval.apply | XSS | 4 | BODY|URL|ARGS|HEADERS |
137 | 2901 | RL | .surf.ias-lab.de | Scanner | 12 | ARGS |
155 | 2902 | RL | .shift() | XSS | 2 | BODY|URL|ARGS|HEADERS |
253 | 2903 | RL | .with( | XSS | 2 | BODY|URL|ARGS|HEADERS |
185 | 2904 | RL | __class__ | RCE | 4 | BODY|ARGS|HEADERS |
176 | 2905 | RLx | (^|\W)(wget|curl)\W | RCE | 2 | BODY|ARGS|Referer |
222 | 2906 | RLx | (^|\W)alert\W | XSS | 4 | BODY|URL|ARGS|HEADERS |
127 | 2907 | RL | .getResource( | RCE | 8 | BODY|URL|ARGS|HEADERS |
94 | 2908 | RLx | \{\s*php\s*\} | RCE | 4 | BODY|URL|ARGS|HEADERS |
135 | 2909 | RL | freemarker.template.utility.execute | RCE | 8 | BODY |
175 | 2910 | RLx | (^|\W)window\[ | XSS | 4 | BODY|URL|ARGS|HEADERS |
139 | 2911 | RL | MakeViewVariableOptionalSolution | RCE | 12 | BODY |
117 | 2912 | RLx | (^|\W)attr\( | XSS | 2 | BODY|URL|ARGS|HEADERS |
246 | 2913 | RL | @( | Injection | 2 | BODY|URL|ARGS|HEADERS |
14 | 2914 | RL | {$ | Injection | 2 | BODY|URL|ARGS|HEADERS |
161 | 2915 | RLx | :[\/\\]+windows[\/\\]+ | UWA | 8 | BODY|URL|ARGS|HEADERS |
66 | 2917 | RLx | ['"][\s+]*;[\s+]*return[\s+] | Injection | 4 | BODY|URL|ARGS|HEADERS |
96 | 2918 | RLx | ;[\s+]*([\/]([usrbinloca?]{3,5}[\/]){1,4})?([cat?]{3,3}|[les?]{4,4})[\s+]+[\/]?\w+ | Evasion | 2 | BODY|URL|ARGS|HEADERS |
168 | 2919 | RLx | echo[\s+]+var | Injection | 4 | BODY|URL|ARGS|HEADERS |
175 | 2920 | RLx | exec[\s+]+cmd | Injection | 4 | BODY|URL|ARGS|HEADERS |
206 | 2921 | RLx | (^|\W)location\.(ancestor|href|protocol|host|pathname|search|hash|origin) | XSS | 12 | BODY|URL|ARGS|HEADERS |
202 | 2922 | RL | <%= | Injection | 4 | BODY|URL|ARGS|HEADERS |
190 | 2923 | RLx | top\[.{1,50}\]\( | XSS | 8 | BODY|URL|ARGS|HEADERS |
53 | 2924 | RL | .map( | XSS | 4 | BODY|URL|ARGS|HEADERS |
48 | 2925 | RLx | &([lr]par|quot|apos|grave|tab|nbsp); | Evasion | 0 | BODY|URL|ARGS|HEADERS|MLA |
5 | 2926 | RLx | \/(etc|usr|var|bin|sbin)\/ | UWA | 2 | BODY|URL|ARGS|HEADERS |
105 | 2927 | RL | #{ | Injection | 2 | BODY|URL|ARGS |
17 | 2928 | RLx | \{\{[_]*self.*\}\} | Injection | 8 | BODY|URL|ARGS|HEADERS |
225 | 2929 | RLx | ondata(available|setchanged|setcomplete)?(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
48 | 2930 | RLx | ondrag(end|enter|leave|start|over)?(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
4 | 2931 | RLx | onmove(end|start)?(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
114 | 2932 | RLx | onrow(enter|exit|s(delete|inserted))(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
128 | 2933 | RLx | on(load(start|eddata)?|focus(in|out)?|key(down|press|up)|pointer(over|enter|down|move|up|cancel|out|leave))(\s|\+)*\= | XSS | 12 | BODY|URL|ARGS|HEADERS |
84 | 2934 | RL | dict:// | UWA | 8 | BODY|ARGS |
245 | 2935 | RL | sftp:// | UWA | 8 | BODY|ARGS |
151 | 2936 | RL | tftp:// | UWA | 8 | BODY|ARGS |
245 | 2937 | RL | ldap:// | UWA | 8 | BODY|ARGS |
246 | 2938 | RL | gopher:// | UWA | 8 | BODY|ARGS |
26 | 2939 | RL | netdoc:// | UWA | 8 | BODY|ARGS |
194 | 2940 | RLx | \$(ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|x?or|div|like|between|and|where): | Injection | 4 | BODY|URL|ARGS|HEADERS |
201 | 2941 | RL | db.injection.insert( | Injection | 12 | BODY|URL|ARGS|HEADERS |
50 | 2942 | RLx | \.oast\.(me|pro) | Scanner | 12 | BODY|URL|ARGS|HEADERS |
205 | 2943 | RL | *{ | Injection | 2 | BODY|URL|ARGS |
253 | 2944 | RL | BugBountyBot | Scanner | 12 | User-agent |
181 | 2945 | RLx | \$0\s*<<<\s*\$ | Evasion | 8 | BODY|URL|ARGS|HEADERS |
69 | 2946 | RL | console.log( | XSS | 8 | BODY|URL|ARGS|HEADERS |
143 | 2947 | RL | navigation.onnavigate | XSS | 8 | BODY|URL|ARGS|HEADERS |
141 | 2948 | RL | document.queryselector( | XSS | 8 | BODY|URL|ARGS|HEADERS |
248 | 2949 | RL | .setAttribute( | XSS | 8 | BODY|URL|ARGS|HEADERS |
85 | 2950 | RL | json_depth( | SQLi | 8 | BODY|URL|ARGS|HEADERS |
76 | 2951 | RLx | (^|\W)printf\W | OSCI | 8 | BODY|URL|ARGS|HEADERS |
42 | 2952 | RL | x-web-scanner-info | Scanner | 8 | HEADERS |
20 | 2953 | RL | /(s(x)) | UWA | 2 | URL |
24 | 2954 | RLx | \|\s*set\s | OSCI | 8 | BODY|URL|ARGS|HEADERS |
178 | 2955 | RLx | [^-:=\.\w\|]json_(array|contains_path|depth|extract|keys|length|object|quote|search|type|unquote|valid)[^-:=\.\w\|] | SQLi | 4 | BODY|URL|ARGS|HEADERS |
129 | 2956 | RL | `id` | OSCI | 4 | BODY|URL|ARGS|HEADERS |
7 | 2957 | RL | curl_setopt( | RCE | 8 | BODY|URL|ARGS|HEADERS |
183 | 2958 | RLx | (^|\W)stristr\( | RCE | 8 | BODY|URL|ARGS|HEADERS |
91 | 2959 | RL | file_get_contents( | RCE | 8 | BODY|URL|ARGS|HEADERS |
2 | 2960 | RLx | \$_(GET|POST|FILES)\[ | RCE | 8 | BODY|URL|ARGS|HEADERS |
63 | 2961 | RL | g=echo Sp3ctra; | UWA | 12 | Cookie |
185 | 2962 | RLx | {{\s*(\d+|'\d+')\s*[*+]\s*(\d+|'\d+')?\s*}} | Injection | 8 | BODY|URL|ARGS |
236 | 2963 | RLx | {{\s*\d+\s*\|add:\s*\d+\s*}} | Injection | 8 | BODY|URL|ARGS |
29 | 2964 | RLx | (^|\W)import\( | XSS | 8 | BODY|URL|ARGS|HEADERS |