HEX
Server: nginx/1.28.0
System: Linux w3c-2 6.8.0-78-generic #78-Ubuntu SMP PREEMPT_DYNAMIC Tue Aug 12 11:34:18 UTC 2025 x86_64
User: inpa_co_1 (1082)
PHP: 8.3.29
Disabled: NONE
$ pwd: /etc/modsecurity.d/owasp/regex-assembly/
Upload Files
File: //etc/modsecurity.d/owasp/regex-assembly/933100.ra
##! Please refer to the documentation at
##! https://coreruleset.org/docs/development/regex_assembly/.

##!+ i

##!> assemble
  ##! Always start with the short tag <?
  <\?
  ##!=>
  ##!> assemble
    ##! Standard PHP tag (requires whitespace per PHP spec)
    php\s
    ##! Short echo tag <?= (no whitespace required)
    =
    ##! Short tag with whitespace: <? echo, <? system
    \s
    ##! Polyglot attack: <?xml :echo 1; (whitespace + non-letter catches the colon)
    ##! Excludes legitimate XML like <?xml version="1.0"?> where letter follows whitespace
    xml\s+[^a-z]
    ##! Polyglot attack: <?xml:echo 1; (colon without space)
    xml:
    ##! Standalone <? at end of input (potential injection start)
    $
  ##!<
##!<

##! BBCode-style PHP tags: [php], [/php], [\php]
##! Used by forum software (e.g., phpBB, vBulletin) to embed PHP code blocks
##!> assemble
  \[
  ##!=>
  ##!> assemble
    php
    /php
    \x5cphp
  ##!<
  ##!=>
  \]
##!<

##! Smarty template engine PHP tags: {php}, {/php}
##! Deprecated since Smarty 3.1.0 but still exploitable in older installations
##!> assemble
  \{
  ##!=>
  ##!> assemble
    php\}
    /php\}
  ##!<
##!<
@ Telegram