[Modsecurity] new Horde rule
Kevin Bonner
keb at pa.net
Mon Jun 5 18:09:10 EDT 2006
On Monday 05 June 2006 18:03, Michael Shinn wrote:
> Thanks for the Rule Ryan. How about this one, would it work for as
> well:
>
> SecFilterSelective REQUEST_URI
> "/services/help(/)?\?(.*)?\&module=.*passthru\(.*\)"
> "id:390066,rev:1,severity:2,msg:'JITP: Horde passthru exploit'"
>
> On Mon, 2006-06-05 at 17:13 -0400, Ryan E. Helfter wrote:
> > SecFilterSelective THE_REQUEST
> > "GET .*/services/help(/)?\?(.*)?\&modules=.*passthru.*"
Check your plurality please.
modules != module
Ryan's original post had "module=" in the GET string, but "modules=" in the
rule. Which is correct?
Thanks,
Kevin Bonner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.gotroot.com/pipermail/modsecurity/attachments/20060605/fad1bc3a/attachment.bin
More information about the Modsecurity
mailing list