[Modsecurity] modseucirty false positive phpmyadmin
Who Knows
quien-sabe at metaorg.com
Tue May 2 20:42:34 EDT 2006
Chris Holloway wrote:
> Hello,
>
> I am seeking help, I just added mod_security and the gotroot rules
> last week. I have come across one false positive when I use
> phpmadmin, when I select browse, I will get an error that says I am
> not allowed to access sql.php
In my opinion there is a MAJOR problem with rule 300016 to start with.
It is much to severe. The rule as I read it
"(insert[[:space:]]+into.+values|select.+from|bulk[[:space:]]+insert|union.+select)"
at POST_PAYLOAD [id "300016"] [rev "1"] [msg "Generic SQL injection
protection"] [severity "CRITICAL"]
will trigger any time a post is made with text that includes the chars
"select" followed at some point later in the post by the chars "from".
Notice I said chars because I just took a hit where the select was part
of the a variable &postimageselect=97 and later in the post was the word
from.
I want to be secure, but I also want to allow users a rich user experience.
Besides personally I don't see even how a malicious select is going to
do much harm.
My $0.02.
Jim
More information about the Modsecurity
mailing list