Skip to content

Instantly share code, notes, and snippets.

@ddotx

ddotx/web.config

Forked from iknowkungfoo/web.config
Created May 18, 2024 14:00
Show Gist options
  • Save ddotx/5c90f4d4a3205efde3743925187eda8a to your computer and use it in GitHub Desktop.
Save ddotx/5c90f4d4a3205efde3743925187eda8a to your computer and use it in GitHub Desktop.
Download ZIP
IIS SQL Injection Request Filtering
Raw
web.config
<filteringRules>
<filteringRule name="SQLInjection" scanQueryString="true">
<appliesTo>
<clear />
<add fileExtension=".asp" />
<add fileExtension=".aspx" />
</appliesTo>
<denyStrings>
<clear />
<add string="@@version" />
<add string="sqlmap" />
<add string="Connect()" />
<add string="cast(" />
<add string="char(" />
<add string="bchar(" />
<add string="sysdatabases" />
<add string="(select" />
<add string="convert(" />
<add string="DBNETLIB" />
<add string="connect(" />
<add string="int%2c(" />
<add string="sysobjects" />
<add string="count(" />
</denyStrings>
<scanHeaders>
<clear />
</scanHeaders>
</filteringRule>
</filteringRules>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment