From bc450ebbb337b7f72baf14e7123e3cd76fa60020 Mon Sep 17 00:00:00 2001
From: vasco <vasco@vascoalves.xyz>
Date: Tue, 2 Jun 2026 23:46:21 +0100
Subject: [PATCH] kys17

---
 conf/modsecurity.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/conf/modsecurity.conf b/conf/modsecurity.conf
index 579d32d..8b0b235 100644
--- a/conf/modsecurity.conf
+++ b/conf/modsecurity.conf
@@ -15,6 +15,11 @@ SecRule ARGS "(?i)(['\"]|--|#|/\*|\*/)" \
 SecRule ARGS "(?i)\b(select|insert|update|delete|drop|union|grant|alter|truncate)\b" \
     "id:950002,phase:2,deny,status:403,msg:'SQL Injection: Keyword',log,t:urlDecode,t:lowercase"
 
+# sql3 (teste)
+SecRule ARGS|ARGS_NAMES|REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_HEADERS|XML:/*|JSON:/* \
+    "(?i)(select\s|insert\s|update\s|delete\s|drop\s|union\s|--|#|/\*|\*/|'|\"|%27|%22|<script>|<|>|%3C|%3E|exec\s|system\s|/etc/passwd|\.\./|%00)" \
+    "id:950100,phase:2,deny,status:403,msg:'SQL',log,t:urlDecode,t:lowercase"
+
 # xss / html injection
 SecRule REQUEST_URI|ARGS "(<.*>)|(%3C.*%3E)" \
     "id:950003,phase:1,deny,status:403,msg:'XSS/HTML INJECTION DETECTED!!!',log"