[Modsecurity] false positive for phpwebsite
Lezgin Bakircioglu
lerra82 at gmail.com
Thu Nov 2 16:03:23 EST 2006
PHPWEBSITE 0.10.2
http://phpwebsite.appstate.edu/
The sec one only occurs when "translating" is done, phpwebsite is an cms
and have the easy feature to easy translate it to several languages.
========================================
Request: 80.217.xx.xx - - [02/Nov/2006:20:31:27 +0100] "POST /index.php
HTTP/1.1" 500 1215
Handler: (null)
----------------------------------------
POST /index.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel, applica$
Referer: http://www.notGiven.com/index.php
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322)
Host: www.notGiven.com
Content-Length: 3081
Connection: Keep-Alive
Cache-Control: no-cache
Cookie:
c2015d495dce986de881d2c6cbab16a0=047db13d17f3367e433c5609a38e80ce;
015b063e12bd831a46d0759581b01f93[users][js_on]=1
mod_security-message: Access denied with code 500. Pattern match
"select.+from" at POST_PAYLOAD
mod_security-action: 500
3081
module=language&lng_adm_op=edit_phrase_action&language=tr&mode=missing&lng_edit_module%5B1055%5D=layout&lng_edit_phrase%5B1055%5D=User+option+updated&lng_edit_translation%5B1055%5D=User+option+updated&lng_edit_id%5B1080%5D=1&lng_edit_module%5B1080%5D=menuman&lng_edit_phrase%5B1080%5D=0&lng_edit_translation%5B1080%5D=0&lng_edit_module%5B1066%5D=menuman&lng_edit_phrase%5B1066%5D=All+selected+menu+items+and+sub-items+were+successfully+deleted+from+the+database.&lng_edit_translation%5B1066%5D=All+selected+menu+items+and+sub-items+were+successfully+deleted+from+the+database.&lng_edit_module%5B1059%5D=menuman&lng_edit_phrase%5B1059%5D=Are+you+sure+you+want+delete+the+image+%5Bvar1%5D%3F&lng_edit_translation%5B1059%5D=Are+you+sure+you+want+delete+the+image+%5Bvar1%5D%3F&lng_edit_module%5B1065%5D=menuman&lng_edit_phrase%5B1065%5D=Are+you+sure+you+want+to+delete+these+menu+items+and+their+sub-items%3F&lng_edit_translation%5B1065%5D=Are+you+sure+you+want+to+delete+these+menu+items+and
+their+sub-items%3F&lng_edit_modullng_edit_phrase%5B1057%5D=Delete+an+image&lng_edit_translation%5B1057%5D=Delete+an+image&lng_edit_module%5B1058%5D=menuman&lng_edit_phrase%5B1058%5D=Delete+Image+Confirmation&lng_edit_translation%5B1058%5D=Delete+Image+Confirmation&lng_edit_module%5B1064%5D=menuman&lng_edit_phrase%5B1064%5D=Delete+Menu+Items+Confirmation&lng_edit_translation%5B1064%5D=Delete+Menu+Items+Confirmation&lng_edit_module%5B1062%5D=menuman&lng_edit_phrase%5B1062%5D=File+%5Bvar1%5D+upload+failed.+Contact+your+system+administrator.&lng_edit_translation%5B1062%5D=File+%5Bvar1%5D+upload+failed.+Contact+your+system+administrator.&lng_edit_module%5B1060%5D=menuman&lng_edit_phrase%5B1060%5D=Image+Deleted&lng_edit_translation%5B1060%5D=Image+Deleted&lng_edit_module%5B1078%5D=menuman&lng_edit_phrase%5B1078%5D=no+guest&lng_edit_translation%5B1078%5D=no+guest&lng_edit_module%5B1061%5D=menuman&lng_edit_phrase%5B1061%5D=The+image+%5Bvar1%5D+was+successfully+deleted.&lng_edit_tran
slation%5B1061%5D=The+image+%5Bvar1%5D+was+successfully+deleted.&ln_edit_module%5B1082%5D=menuman&lng_edit_phrase%5B1082%5D=using+%5Bvar1%5D+%28%5Bvar2%5D%29&lng_edit_translation%5B1082%5D=using+%5Bvar1%5D+%28%5Bvar2%5D%29&lng_edit_module%5B1083%5D=menuman&lng_edit_phrase%5B1083%5D=Visitors&lng_edit_translation%5B1083%5D=Visitors&lng_edit_module%5B1081%5D=menuman&lng_edit_phrase%5B1081%5D=%5Bvar1%5D+and+%5Bvar2%5D&lng_edit_translation%5B1081%5D=%5Bvar1%5D+and+%5Bvar2%5D&lng_edit_module%5B1079%5D=menuman&lng_edit_phrase%5B1079%5D=%5Bvar1%5D%2C+all+alone.&lng_edit_translation%5B1079%5D=%5Bvar1%5D%2C+all+alone.&lng_edit_module%5B1073%5D=pagemaster&lng_edit_phrase%5B1073%5D=ATTENTION%21&lng_edit_translation%5B1073%5D=ATTENTION%21&lng_edit_module%5B1074%5D=pagemaster&lng_edit_phrase%5B1074%5D=Edit+Section&lng_edit_translation%5B1074%5D=Edit+Section&lng_edit_module%5B1068%5D=pagemaster&lng_edit_phrase%5B1068%5D=New+Section&lng_edit_translation%5B1068%5D=New+Section&lng_edit_module%
5B1067%5D=pagemaster&lng_edit_phrase%5B1067%5D=Remove&lng_edit_translation%5B1067%5D=Remove
More information about the Modsecurity
mailing list