ModSecurity Trustwave

ModSecurity Core Rule Set (CRS)

Current CRS Version - 3.0.0-dev

Please feel free to inject malicious input to stress test the ModSecurity Core Rule Set (CRS). Requests should be directed to with attacks being placed within the "test" parameter. The form accepts both GET and POST request methods. You can either do this via the form below or manually.

The data submitted in the page will be sent to a ModSecurity CRS install for inspection and processing. The response page will report any CRS events that triggered.

If you send an attack payload that is not detected by the CRS, please notify us at any of the following places:

- @ModSecurity on Twitter

- OWASP ModSecurity Core Rule Set Mail-list

- Submit bug report to GitHub

 method=GET enctype=application/x-www-form-urlencoded

Recent Attacks Submitted:

Client IP: ()
Payload: How do you know each other? <a href=" ">buy cialis online europe</a> 503-F3 in the Response Status segment will be spaces.

Client IP: ()
Payload: Whereabouts are you from? <a href=" ">online cialis store</a> NO PAYMENT WILL BE RECEIVED THIS CYCLE. SEE REMITTANCE FOR DETAILS.

Client IP: ()
Payload: I like watching football <a href=" ">khasiat cialis 50 mg</a> healthcare workers. But for some workers, exposure to latex may result in allergic reaction. Mild

Client IP: ()
Payload: Wonderfull great site <a href=" ">Buy Cialis Emedsrx</a> 2The powered manual focus function works up to a2x

Client IP: ()
Payload: US dollars <a href=" ">how to buy viagra online canada</a> B1 = 1-4 Rx Billings

Client IP: ()
Payload: This is the job description <a href=" ">how to buy viagra online canada</a> Wash the simsim, cook in the dry pan and in cook until they start sticking to each other. Roll into small

Client IP: (China)
Payload: I'd like to open a personal account <a href=" ">iphone spy stick for mac</a> I wish there were young hot girls who knew how to fuck when I was there age..Shit..She has got a great body..a bit on the healthy side..