Skip to content

Instantly share code, notes, and snippets.

@iknowkungfoo
Created February 10, 2020 03:05
Show Gist options
  • Save iknowkungfoo/0ca080f667a8642d5439703cd6fc6608 to your computer and use it in GitHub Desktop.
Save iknowkungfoo/0ca080f667a8642d5439703cd6fc6608 to your computer and use it in GitHub Desktop.
IIS SQL Injection Request Filtering
<filteringRules>
<filteringRule name="SQLInjection" scanQueryString="true">
<appliesTo>
<clear />
<add fileExtension=".asp" />
<add fileExtension=".aspx" />
</appliesTo>
<denyStrings>
<clear />
<add string="@@version" />
<add string="sqlmap" />
<add string="Connect()" />
<add string="cast(" />
<add string="char(" />
<add string="bchar(" />
<add string="sysdatabases" />
<add string="(select" />
<add string="convert(" />
<add string="DBNETLIB" />
<add string="connect(" />
<add string="int%2c(" />
<add string="sysobjects" />
<add string="count(" />
</denyStrings>
<scanHeaders>
<clear />
</scanHeaders>
</filteringRule>
</filteringRules>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment