some fixes regarding --check-payload

stamparm · stamparm · commit f7d42af046d2 · 2010-10-29T11:00:23.000Z
diff --git a/lib/utils/checkpayload.py b/lib/utils/checkpayload.py
@@ -50,9 +50,6 @@ def checkPayload(payload):
 
     if payload:
         for rule, desc in rules:
-            try:
-                regObj = getCompiledRegex(rule)
-                if regObj.search(payload):
-                    logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload))
-            except: # Some issues with some regex expressions in Python 2.5
-                pass
+            regObj = getCompiledRegex(rule)
+            if regObj.search(payload):
+                logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload))
diff --git a/xml/phpids_rules.xml b/xml/phpids_rules.xml
@@ -56,7 +56,7 @@
     </filter> 
     <filter>
         <id>45</id>
-        <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,-]+from)]]></rule>
+        <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]+)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,-]+from)]]></rule>
         <description>Detects basic SQL authentication bypass attempts 2/3</description>
         <tags>
             <tag>sqli</tag>
