Merge branch 'master' into 1776258921-vpatch-CVE-2026-1357

Author: buixor

.appsec-tests/vpatch-CVE-2023-24000/CVE-2023-24000.yaml

@@ -0,0 +1,18 @@
+## autogenerated on 2026-03-30 12:50:01
+id: CVE-2023-24000
+info:
+  name: CVE-2023-24000
+  author: crowdsec
+  severity: info
+  description: CVE-2023-24000 testing
+  tags: appsec-testing
+http:
+  - raw:
+      - |
+        GET /wp-json/wp/v2/gamipress-logs?trigger_type[]=test')%20AND%20(SELECT%201%20FROM%20(SELECT(SLEEP(6)))x)%20AND%20('a'='a HTTP/1.1
+        Host: {{Hostname}}
+    cookie-reuse: true
+    matchers:
+    - type: status
+      status:
+       - 403

.appsec-tests/vpatch-CVE-2023-24000/config.yaml

@@ -0,0 +1,5 @@
+## autogenerated on 2026-03-30 12:50:01
+appsec-rules:
+  - ./appsec-rules/crowdsecurity/base-config.yaml
+  - ./appsec-rules/crowdsecurity/vpatch-CVE-2023-24000.yaml
+nuclei_template: CVE-2023-24000.yaml

.github/workflows/lint.yml

@@ -33,9 +33,9 @@ jobs:
           go-version-file: waf-check/go.mod
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
+        uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
         with:
-          version: v2.5
+          version: v2.10
           args: --issues-exit-code=1 --timeout 10m
           only-new-issues: false
           working-directory: waf-check

.github/workflows/test_appsec_rules.yaml

@@ -31,7 +31,7 @@ jobs:
       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
       with:
-        go-version: '1.25'
+        go-version: '1.26'
     - name: Install requirements
       run: |
         sudo apt update

appsec-rules/crowdsecurity/vpatch-CVE-2023-24000.yaml

@@ -0,0 +1,35 @@
+## autogenerated on 2026-03-30 12:50:01
+name: crowdsecurity/vpatch-CVE-2023-24000
+description: 'Detects SQL injection attempts in WordPress GamiPress plugin via trigger_type[] parameter.'
+rules:
+  - and:
+      - zones:
+          - URI
+        transform:
+          - lowercase
+          - urldecode
+        match:
+          type: contains
+          value: /wp-json/wp/v2/gamipress-logs
+      - zones:
+          - ARGS
+        variables:
+          - trigger_type[]
+        transform:
+          - lowercase
+          - urldecode
+        match:
+          type: regex
+          value: "[^a-z0-9_-]"
+
+labels:
+  type: exploit
+  service: http
+  confidence: 3
+  spoofable: 0
+  behavior: 'http:exploit'
+  label: 'GamiPress - SQLI'
+  classification:
+    - cve.CVE-2023-24000
+    - attack.T1190
+    - cwe.CWE-89

collections/crowdsecurity/appsec-virtual-patching.yaml

@@ -47,6 +47,7 @@ appsec-rules:
 - crowdsecurity/vpatch-CVE-2024-5057
 - crowdsecurity/vpatch-CVE-2023-35078
 - crowdsecurity/vpatch-CVE-2023-35082
+- crowdsecurity/vpatch-CVE-2023-24000
 - crowdsecurity/vpatch-CVE-2022-22954
 - crowdsecurity/vpatch-CVE-2024-1212
 - crowdsecurity/vpatch-symfony-profiler

collections/crowdsecurity/appsec-wordpress.yaml

@@ -6,6 +6,7 @@ appsec-rules:
   - crowdsecurity/vpatch-CVE-2023-2009
   - crowdsecurity/vpatch-CVE-2023-23488
   - crowdsecurity/vpatch-CVE-2023-23489
+  - crowdsecurity/vpatch-CVE-2023-24000
   - crowdsecurity/vpatch-CVE-2023-4634
   - crowdsecurity/vpatch-CVE-2023-6360
   - crowdsecurity/vpatch-CVE-2023-6567

waf-check/go.mod

@@ -1,5 +1,5 @@
 module waf-check
 
-go 1.25
+go 1.26
 
 require gopkg.in/yaml.v2 v2.4.0

waf-check/request.go

@@ -52,12 +52,12 @@ func (r *Request) Curl() string {
 	curlCmd.WriteString("curl -X " + r.Method)
 
 	for key, value := range r.Headers {
-		curlCmd.WriteString(fmt.Sprintf(" -H '%s: %s'", key, value))
+		fmt.Fprintf(&curlCmd, " -H '%s: %s'", key, value)
 	}
 	if r.Method == http.MethodPost || r.Method == http.MethodPut {
-		curlCmd.WriteString(fmt.Sprintf(" -d '%s'", r.Data))
+		fmt.Fprintf(&curlCmd, " -d '%s'", r.Data)
 	}
-	curlCmd.WriteString(fmt.Sprintf(" '%s'", r.FullURL))
+	fmt.Fprintf(&curlCmd, " '%s'", r.FullURL)
 
 	return curlCmd.String()
 }