Add vpatch-CVE-2020-13640 rule and test

[crowdsec-automation]

This rule targets the SQL injection vulnerability in the wpDiscuz plugin for WordPress (CVE-2020-13640). The attack is performed by sending a POST request to the plugin's AJAX handler endpoint (/wp-content/plugins/wpdiscuz/utils/ajax/wpdiscuz-ajax.php) with a malicious payload in the order parameter. The rule:

• Matches requests to the vulnerable endpoint using a case-insensitive contains match on the URI.
• Inspects the order parameter in the POST body, applying lowercase and urldecode transforms to ensure normalization and case insensitivity.
• Triggers if the order parameter contains a parenthesis "(", which is a strong indicator of SQL injection attempts (as seen in the nuclei template payloads).
• The rule avoids matching on full SQL keywords to minimize false positives and instead focuses on the presence of SQL metacharacters in the relevant parameter.
• Labels and classification are set according to the CVE and CWE references from the nuclei template.

Validation checklist:

• All value: fields are lowercase.
• transform includes lowercase and urldecode where applicable.
• No match.value contains capital letters.
• The rule uses contains instead of regex for the parameter check.

[github-actions]

Hello @crowdsec-automation and thank you for your contribution!

❗ It seems that the following scenarios are not part of the 'crowdsecurity/appsec-virtual-patching' collection:

🔴 crowdsecurity/vpatch-CVE-2020-13640 🔴

[github-actions]

Hello @crowdsec-automation,

Scenarios/AppSec Rule are compliant with the taxonomy, thank you for your contribution!