CGI-IDS
view release on metacpan or search on metacpan
lib/CGI/IDS.xml view on Meta::CPAN
<impact>4</impact>
</filter>
<filter>
<id>20</id>
<rule><![CDATA[(?:\)\s*\[)|(?:\/\w*\s*\)\s*\W)|([^*:\s\w,.\/?+-]\s*)?(?<![a-z]\s)(?<![a-z_@>\|])(\s*return\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype|try|catch|top|call|apply|url|function|objec...
<description>Detects JavaScript language constructs</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
<tag>id</tag>
<tag>rfe</tag>
</tags>
<impact>4</impact>
</filter>
<filter>
<id>21</id>
<rule><![CDATA[(?:,\s*(?:alert|showmodaldialog|eval)\s*,)|(?::\s*eval\s*[^\s])|([^:\s\w,.\/?+-]\s*)?(?<![a-z\/_@])(\s*return\s*)?(?:(?:document\s*\.)?(?:.+\/)?(?:alert|eval|msgbox|showmodaldialog|prompt|write(?:ln)?|confirm|dialog|open))\s*(?...
<description>Detects very basic XSS probings</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
<tag>id</tag>
<tag>rfe</tag>
</tags>
<impact>3</impact>
</filter>
<filter>
<id>22</id>
<rule><![CDATA[(?:=\s*(?:top|this|window|content|self|frames|_content))|(?:\/\s*\w*\s*[)}])|(?:[^\s]\s*=\s*script)|(?:\.\s*constructor)|(?:default\s+xml\s+namespace\s*=)|(?:\/\s*\+[^+]+\s*\+\s*\/)]]></rule>
<description>Detects advanced XSS probings via Script(), RexExp, constructors and XML namespaces</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
<tag>id</tag>
<tag>rfe</tag>
</tags>
<impact>5</impact>
</filter>
<filter>
<id>23</id>
<rule><![CDATA[(?:\.\s*\w+\W*=)|(?:\W\s*(?:location|document)\s*\W[^({[;]+[({[;])|(?:\(\w+\?[:\w]+\))|(?:\w{2,}\s*=\s*\d+[^&\w]\w+)|(?:\]\s*\(\s*\w+)]]></rule>
<description>Detects JavaScript location/document property access and window access obfuscation</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
</tags>
<impact>5</impact>
</filter>
<filter>
<id>24</id>
<rule><![CDATA[(?:[".]script\s*\()|(?:\$\$?\s*\(\s*[\w"])|(?:\/[\w\s]+\/\.)|(?:=\s*\/\w+\/\s*\.)|(?:(?:this|window|top|parent|frames|self|content)\[\s*[(,"]*\s*[\w\$])|(?:,\s*new\s+\w+\s*[,;)])]]></rule>
<description>Detects basic obfuscated JavaScript script injections</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
</tags>
<impact>5</impact>
</filter>
<filter>
<id>25</id>
<rule><![CDATA[(?:=\s*[$\w]\s*[\(\[])|(?:\(\s*(?:this|top|window|self|parent|_?content)\s*\))|(?:src\s*=s*(?:\w+:|\/\/))|(?:\w+\[("\w+"|\w+\|\|))|(?:[\d\W]\|\|[\d\W]|\W=\w+,)|(?:\/\s*\+\s*[a-z"])|(?:=\s*\$[^([]*\()|(?:=\s*\(\s*")]]></rule>
<description>Detects obfuscated JavaScript script injections</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
</tags>
<impact>5</impact>
</filter>
<filter>
<id>26</id>
<rule><![CDATA[(?:[^:\s\w]+\s*[^\w\/](href|protocol|host|hostname|pathname|hash|port|cookie)[^\w])]]></rule>
<description>Detects JavaScript cookie stealing and redirection attempts</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
</tags>
<impact>4</impact>
</filter>
<filter>
<id>27</id>
<rule><![CDATA[(?:data:.*,)|(?:\w+\s*=\W*(?!https?)\w+:)|(jar:\w+:)|(=\s*"?\s*vbs(?:ript)?:)|(language\s*=\s?"?\s*vbs(?:ript)?)|on\w+\s*=\*\w+\-"?]]></rule>
<description>Detects data: URL injections, VBS injections and common URI schemes</description>
<tags>
<tag>xss</tag>
<tag>rfe</tag>
</tags>
<impact>5</impact>
</filter>
<filter>
<id>28</id>
<rule><![CDATA[(?:firefoxurl:\w+\|)|(?:(?:file|res|telnet|nntp|news|mailto|chrome)\s*:\s*[%&#xu\/]+)|(wyciwyg|firefoxurl\s*:\s*\/\s*\/)]]></rule>
<description>Detects IE firefoxurl injections, cache poisoning attempts and local file inclusion/execution</description>
<tags>
<tag>xss</tag>
<tag>rfe</tag>
<tag>lfi</tag>
<tag>csrf</tag>
</tags>
<impact>5</impact>
</filter>
<filter>
<id>29</id>
<rule><![CDATA[(?:binding\s?=|moz-binding|behavior\s?=)|(?:[\s\/]style\s*=\s*[-\\])]]></rule>
<description>Detects bindings and behavior injections</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
<tag>rfe</tag>
</tags>
<impact>4</impact>
</filter>
<filter>
<id>30</id>
<rule><![CDATA[(?:=\s*\w+\s*\+\s*")|(?:\+=\s*\(\s")|(?:!+\s*[\d.,]+\w?\d*\s*\?)|(?:=\s*\[s*\])|(?:"\s*\+\s*")|(?:[^\s]\[\s*\d+\s*\]\s*[;+])|(?:"\s*[&|]+\s*")|(?:\/\s*\?\s*")|(?:\/\s*\)\s*\[)|(?:\d\?.+:\d)|(?:]\s*\[\W*\w)|(?:[^\s]\s*=\s*\/)]]>...
<description>Detects common XSS concatenation patterns 1/2</description>
<tags>
<tag>xss</tag>
<tag>csrf</tag>
<tag>id</tag>
<tag>rfe</tag>
</tags>
( run in 2.674 seconds using v1.01-cache-2.11-cpan-5735350b133 )