)|(?:\s?\/>)|(?:\>\\?")]]> finds html breaking injections including whitespace attacks xss csrf 4 finds attribute breaking injections including whitespace attacks xss csrf 4 [\w\s]*<\/\w+>)]]> finds unquoted attribute breaking injections xss csrf 2 finds attribute breaking injections including obfuscated attributes xss csrf 4 url-, name- and referrer-contained payload attacks xss csrf 5 hash-contained xss payload attacks and __property__ overloading xss csrf 5 detects JS with() and .source code injection attempts xss csrf 5 detects self-executing JS functions xss csrf 5 detects all entitites including the bizarre IE US-ASCII entitites xss csrf 2 detects the IE octal, hex and unicode entities xss csrf 2 finds closing javascript breaker including whitespace attacks xss 4 finds opening javascript breaker including whitespace attacks xss 4 detects basic directory traversal dt id lfi 5 detects specific directory and path traversal dt id lfi 5 detects etc/passwd inclusion attempts dt id lfi 5 detects obfuscated directory traversal dt id lfi 5 detects protocol relative url inclusions xss csrf 3 detects halfwidth/fullwidth encoded unicode HTML breaking attempts xss csrf 3 detects possible includes and packed functions xss csrf id rfe 5 detects possible includes and typical script methods xss csrf id rfe 5 detects javascript script object properties and methods xss csrf id rfe 4 detects javascript script array properties and methods xss csrf id rfe 4 detects javascript script string properties and methods xss csrf id rfe 4 detects javascript script language constructs xss csrf id rfe 4 detects javascript location/document property access xss csrf 5 detects basic obfuscated javascript script injections xss csrf 5 detects obfuscated javascript script injections via associative DOM method execution xss csrf 5 detects library based JS injections (covers jQuery, Prototype, Ext, cssQuery, GWT and dojo) xss csrf 5 detects self contained xss via with() xss csrf 5 detects javascript cookie stealing and redirection attempts xss csrf 4 detects attribute breaking attempts via fragment identifier xss csrf 3 detects data: URL injections xss rfe 5 detects IE firefoxurl injections, cache poisoning attempts and local file inclusion/execution xss rfe lfi xsrf 5 detects octal and hexadecimal ip address schemes xss rfe 3 detects bindings and behavior injections xss csrf rfe 2 \w=\/)]]> detects malformed attribute utilizing script includes xss csrf 3 ))]]> detects nullparam and numeric includes xss csrf id rfe 4 detects possible event handlers xss csrf 4 ]*)t(?!rong))|(?:\ detects obfuscated script tags xss 2 detects attributes in closing tags (IE-only issue) xss csrf 3 detects base href injections xss csrf id 5 |\/\*|\*\/|\/\/\W*\w+\s*$)|(?:(?:#|--|{)\s*$)|(?:\/{3,}.*$)]]> detects common comment types xss csrf id 3 )]]> detects comments to exploit firefox' faulty rendering xss csrf id 3 detects possibly malicious html elements including some attributes xss csrf id rfe lfi 4 detects SSI attacks id rfe lfi 3 detects nullbytes and HTTP response splitting id rfe xss 5 detects common tomcat exploits id 4 detects common uri schemes rfe 3 detects GBK HEX addslashes() circumvention sqli id xss 3 detects MySQL version comments and ch(a)r injections sqli id lfi 4 detects conditional SQL injection attempts sqli id lfi 3 ]+.*\s?(?:--|#|\/\*|{)?]]> detects classic SQL injection probings sqli id lfi 5 detects more SQL injection probings sqli id lfi 5 detects very basic SQL injection attempts sqli id lfi 4 detects basic SQL authentication bypass attempts sqli id lfi 4 ]\s?SELECT\s?[*\w]+\s?\\?[\s"\+\-\|]+)|(?:SELECT\s+(?:CONCAT|CHAR|CONCAT|LOAD_FILE|0x)\s?\(?)]]> detects concatinated basic SQL injection and SQLLFI attempts sqli id lfi 5 detects chained SQL injection attempts sqli id 5 detects SQL benchmark and sleep injection attempts including conditional queries sqli id 4 detects MySQL UDF injection attempts sqli id 4 detects MySQL charset switch attempts sqli id 4 detects MySQL stored procedure/function injections sqli id 5 detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts sqli id 5 detects MSSQL code execution and information gathering attempts sqli id 5 detects Oracle MERGE attacks sqli id 5 detects MySQL comment-/space-obfuscated injections sqli id 5 )?)]]> detects code injection attempts id rfe lfi 4 )?)]]> detects code injection attempts including eval, execute, preg-like functions and others id rfe lfi 5 detects common mail header injections id spam 5 detects perl echo shellcode injection fli rfe 5 detects basic dos attempts rfe dos 5 detects code red worm probings and AIM protocol attacks rfe dos 5 detects konqueror UXSS attacks adn Gecko 1.9 threading directives rfe dos 5 detects apache forward and back pointers id dt lfi 4