[Modsecurity] modseucirty false positive phpmyadmin
Chris Holloway
chrisholloway at thumbtechs.com
Tue May 2 14:51:25 EDT 2006
Hello,
I am seeking help, I just added mod_security and the gotroot rules last
week. I have come across one false positive when I use phpmadmin, when
I select browse, I will get an error that says I am not allowed to
access sql.php
Here is the log:
Request: sqladmin.thumbtechs.net 216.212.52.98 - - [02/May/2006:11:34:58
--0500] "GE
T
/sql.php?lang=en-utf-8&server=1&collation_connection=utf8_general_ci&db=thumbtechs
&table=contact&goto=tbl_properties_structure.php&back=tbl_properties_structure.php&s
ql_query=SELECT+%2A+FROM+%60contact%60&pos=0 HTTP/1.1" 403 209
"http://sqladmin.thum
btechs.net/tbl_properties_structure.php?lang=en-utf-8&server=1&collation_connection=
utf8_general_ci&db=thumbtechs&table=contact" "Mozilla/4.0 (compatible;
MSIE 6.0; Win
dows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
wH8 at Z38AAAEAABT8AxEAAAAh "
-"
Handler: php5-script
----------------------------------------
GET
/sql.php?lang=en-utf-8&server=1&collation_connection=utf8_general_ci&db=thumbtec
hs&table=contact&goto=tbl_properties_structure.php&back=tbl_properties_structure.php
&sql_query=SELECT+%2A+FROM+%60contact%60&pos=0 HTTP/1.1
Accept: */*
Referer:
http://sqladmin.thumbtechs.net/tbl_properties_structure.php?lang=en-utf-8&s
erver=1&collation_connection=utf8_general_ci&db=thumbtechs&table=contact
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.432
2; .NET CLR 2.0.50727)
Host: sqladmin.thumbtechs.net
Connection: Keep-Alive
Cookie: pma_theme=original; pma_collation_connection=utf8_general_ci;
pma_lang=en-ut
f-8; pma_charset=iso-8859-1
Authorization: Basic cm9vdDpJY2FuU1BFTExnb29k
mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match
"(insert[[:space:]]
+into.+values|select.+from|bulk[[:space:]]+insert|union.+select)" at
QUERY_STRING [i
d "300016"] [rev "1"] [msg "Generic SQL injection protection"] [severity
"CRITICAL"]
HTTP/1.1 403 Forbidden
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
--4fedcf00--
More information about the Modsecurity
mailing list