[ Video Sharing CMS v4 ] ModSecurity

Wnux · 6 April, 2015

after activating " ModSecurity " on the server, not those connect to site administration , here is the error message in WHCMS

CRITICAL   302
981245: Detects basic SQL authentication bypass attempts 2/3 Plus

-------------------------
Request:   GET /
Action Description:   Access denied with redirection to http://mysite.com/ using status 302 (phase 2).
Justification:   Pattern match "(?i:(?:union\\s*?(?:all|distinct|[(!@]*?)?\\s*?[([]*?\\s*?select\\s+)|(?:\\w+\\s+like\\s+[\"'`])|(?:like\\s*?[\"'`]\\%)|(?:[\"'`]\\s*?like\\W*?[\"'`\\d])|(?:[\"'`]\\s*?(?:n?and|x?x?or|div|like|between|and|not |\\|\\||\\&\\&)\\s+[\\s\\w]+=\\s*?\\w+\\s*? ..." at REQUEST_COOKIES:...

----------------------------

SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "(?i:(?:union\s*?(?:all|distinct|[(!@]*?)?\s*?[([]*?\s*?select\s+)|(?:\w+\s+like\s+[\"'`])|(?:like\s*?[\"'`]\%)|(?:[\"'`]\s*?like\W*?[\"'`\d])|(?:[\"'`]\s*?(?:n?and|x?x?or|div|like|between|and|not |\|\||\&\&)\s+[\s\w]+=\s*?\w+\s*?having\s+)|(?:[\"'`]\s*?\*\s*?\w+\W+[\"'`])|(?:[\"'`]\s*?[^?\w\s=.,;)(]+\s*?[(@\"'`]*?\s*?\w+\W+\w)|(?:select\s+?[\[\]()\s\w\.,\"'`-]+from\s+)|(?:find_in_set\s*?\())" "phase:request, rev:'2', ver:'OWASP_CRS/3.0.0', maturity:'9', accuracy:'8', capture, t:none,t:urlDecodeUni, block, msg:'Detects basic SQL authentication bypass attempts 2/3', id:'981245', tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION', logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}', severity:'CRITICAL', setvar:'tx.msg=%{rule.msg}', setvar:tx.sql_injection_score=+%{tx.critical_anomaly_score}, setvar:tx.anomaly_score=+%{tx.critical_anomaly_score}, setvar:'tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/SQLI-%{matched_var_name}=%{tx.0}'"

Thank you

PHPVibe A. · 6 April, 2015

Hi! It's clearly stated in the Requirements that PHPVibe doesn't work with modsecurity on.

PHPVIBE Forums

[ Video Sharing CMS v4 ] ModSecurity

Wnux

PHPVibe A.

Wnux

PHPVibe A.

Similar topics (7)