Recent Attacks Submitted:

Client IP: 122.160.65.142 (India)
Payload: on=x

Client IP: 103.12.133.19 ()
Payload: <m+xmlns="http://oracle.com/richClient/comm"><k+v="type"><s>action</s></k></m>

Client IP: 103.12.133.19 ()
Payload: <m xmlns="http://oracle.com/richClient/comm"><k v="type"><s>action</s></k></m>

Client IP: 103.12.133.19 ()
Payload: %3Cm+xmlns%3D%22http%3A%2F%2Foracle.com%2FrichClient%2Fcomm%22%3E%3Ck+v%3D%22type%22%3E%3Cs%3Eaction%3C%2Fs%3E%3C%2Fk%3E%3C%2Fm%3E

Client IP: 177.53.174.154 (Brazil)
Payload: YourPayloadHere

Client IP: 69.5.115.189 (United States)
Payload: YourPayloadHereDonald

Client IP: 69.5.115.189 (United States)
Payload: <IMG SRC=javascript:alert(‘XSS’)>

Client IP: 69.5.115.189 (United States)
Payload: <svg><style>{font-family&colon;'<iframe/onload=confirm(1)>'

Client IP: 207.46.13.204 (United States)
Payload: YourPayloadHere

Client IP: 87.69.20.112 (Israel)
Payload: YourPayloadHere

Client IP: 202.154.61.210 (Indonesia)
Payload: YourPayloadHere

Client IP: 182.253.190.46 (Indonesia)
Payload: YourPayloadHere

Client IP: 182.253.190.46 (Indonesia)
Payload: google.com

Client IP: 182.253.190.46 (Indonesia)
Payload: https://www.modsecurity.org/demo/demo-deny.html?test=YourPayloadHere

Client IP: 182.253.190.46 (Indonesia)
Payload: <IMG SRC=javascript:alert(‘XSS’)>


ModSecurity Core Rule Set (CRS)

Current CRS Version - 3.0.0-dev

Please feel free to inject malicious input to stress test the ModSecurity Core Rule Set (CRS). Requests should be directed to www.modsecurity.org/demo/demo-deny.html with attacks being placed within the "test" parameter. The form accepts both GET and POST request methods. You can either do this via the form below or manually.

The data submitted in the page will be sent to a ModSecurity CRS install for inspection and processing. The response page will report any CRS events that triggered.

If you send an attack payload that is not detected by the CRS, please notify us at any of the following places:

- @ModSecurity on Twitter

- OWASP ModSecurity Core Rule Set Mail-list

- Submit bug report to GitHub

 method=GET enctype=application/x-www-form-urlencoded

Results (txn: (none))

(none)

All Matched Rules Shown Below

Return to demo page

Submit an Evasion Report to GitHub