Please refer to the following presentation -  GitHub Report here -  The idea is to add in a new operator called something like "@detectSQLi".  You would pass to it the name of the fingerprints.txt file.  So it would be used like this -

SecRule ARGS "@detectSQLi /path/to/fingerprints.txt"

I think this would be a great addition.  If anyone is interested in helping to add libinjection support to ModSecurity please let me know.

Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.