[Modsecurity] false positive for phpwebsite

Lezgin Bakircioglu lerra82 at gmail.com
Fri Nov 3 13:00:35 EST 2006 

Sorry, remember now that u sent out a mail about report should include that.
I run the debian package of mod security.
and rule-Version: N-20060205-01
I am running almost all rules becide a couple (like one that denys
google bot etc) and no other rules becide gotroot.

Michael Shinn skrev:
> Thank you for the report.  Can you tell me which version of the rules
> you are running and which rules?  Also, are you running any other rules
> not from gotroot?  
> 
> On Thu, 2006-11-02 at 22:03 +0100, Lezgin Bakircioglu wrote:
>> PHPWEBSITE 0.10.2
>> http://phpwebsite.appstate.edu/
>>
>> The sec one only occurs when "translating" is done, phpwebsite is an cms
>> and have the easy feature to easy translate it to several languages.
>>
>> ========================================
>> Request: 80.217.xx.xx - - [02/Nov/2006:20:31:27 +0100] "POST /index.php
>> HTTP/1.1" 500 1215
>> Handler: (null)
>> ----------------------------------------
>> POST /index.php HTTP/1.1
>> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
>> application/x-shockwave-flash, application/vnd.ms-excel, applica$
>> Referer: http://www.notGiven.com/index.php
>> Accept-Language: en-us
>> Content-Type: application/x-www-form-urlencoded
>> XXXXXXXXXXXXXXX: XXXXXXXXXXXXX
>> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
>> CLR 1.1.4322)
>> Host: www.notGiven.com
>> Content-Length: 3081
>> Connection: Keep-Alive
>> Cache-Control: no-cache
>> Cookie:
>> c2015d495dce986de881d2c6cbab16a0=047db13d17f3367e433c5609a38e80ce;
>> 015b063e12bd831a46d0759581b01f93[users][js_on]=1
>> mod_security-message: Access denied with code 500. Pattern match
>> "select.+from" at POST_PAYLOAD
>> mod_security-action: 500
>>
>> 3081
>> module=language&lng_adm_op=edit_phrase_action&language=tr&mode=missing&lng_edit_module%5B1055%5D=layout&lng_edit_phrase%5B1055%5D=User+option+updated&lng_edit_translation%5B1055%5D=User+option+updated&lng_edit_id%5B1080%5D=1&lng_edit_module%5B1080%5D=menuman&lng_edit_phrase%5B1080%5D=0&lng_edit_translation%5B1080%5D=0&lng_edit_module%5B1066%5D=menuman&lng_edit_phrase%5B1066%5D=All+selected+menu+items+and+sub-items+were+successfully+deleted+from+the+database.&lng_edit_translation%5B1066%5D=All+selected+menu+items+and+sub-items+were+successfully+deleted+from+the+database.&lng_edit_module%5B1059%5D=menuman&lng_edit_phrase%5B1059%5D=Are+you+sure+you+want+delete+the+image+%5Bvar1%5D%3F&lng_edit_translation%5B1059%5D=Are+you+sure+you+want+delete+the+image+%5Bvar1%5D%3F&lng_edit_module%5B1065%5D=menuman&lng_edit_phrase%5B1065%5D=Are+you+sure+you+want+to+delete+these+menu+items+and+their+sub-items%3F&lng_edit_translation%5B1065%5D=Are+you+sure+you+want+to+delete+these+menu+items+
and
>> +their+sub-items%3F&lng_edit_modullng_edit_phrase%5B1057%5D=Delete+an+image&lng_edit_translation%5B1057%5D=Delete+an+image&lng_edit_module%5B1058%5D=menuman&lng_edit_phrase%5B1058%5D=Delete+Image+Confirmation&lng_edit_translation%5B1058%5D=Delete+Image+Confirmation&lng_edit_module%5B1064%5D=menuman&lng_edit_phrase%5B1064%5D=Delete+Menu+Items+Confirmation&lng_edit_translation%5B1064%5D=Delete+Menu+Items+Confirmation&lng_edit_module%5B1062%5D=menuman&lng_edit_phrase%5B1062%5D=File+%5Bvar1%5D+upload+failed.+Contact+your+system+administrator.&lng_edit_translation%5B1062%5D=File+%5Bvar1%5D+upload+failed.+Contact+your+system+administrator.&lng_edit_module%5B1060%5D=menuman&lng_edit_phrase%5B1060%5D=Image+Deleted&lng_edit_translation%5B1060%5D=Image+Deleted&lng_edit_module%5B1078%5D=menuman&lng_edit_phrase%5B1078%5D=no+guest&lng_edit_translation%5B1078%5D=no+guest&lng_edit_module%5B1061%5D=menuman&lng_edit_phrase%5B1061%5D=The+image+%5Bvar1%5D+was+successfully+deleted.&lng_edit_
tran
>> slation%5B1061%5D=The+image+%5Bvar1%5D+was+successfully+deleted.&ln_edit_module%5B1082%5D=menuman&lng_edit_phrase%5B1082%5D=using+%5Bvar1%5D+%28%5Bvar2%5D%29&lng_edit_translation%5B1082%5D=using+%5Bvar1%5D+%28%5Bvar2%5D%29&lng_edit_module%5B1083%5D=menuman&lng_edit_phrase%5B1083%5D=Visitors&lng_edit_translation%5B1083%5D=Visitors&lng_edit_module%5B1081%5D=menuman&lng_edit_phrase%5B1081%5D=%5Bvar1%5D+and+%5Bvar2%5D&lng_edit_translation%5B1081%5D=%5Bvar1%5D+and+%5Bvar2%5D&lng_edit_module%5B1079%5D=menuman&lng_edit_phrase%5B1079%5D=%5Bvar1%5D%2C+all+alone.&lng_edit_translation%5B1079%5D=%5Bvar1%5D%2C+all+alone.&lng_edit_module%5B1073%5D=pagemaster&lng_edit_phrase%5B1073%5D=ATTENTION%21&lng_edit_translation%5B1073%5D=ATTENTION%21&lng_edit_module%5B1074%5D=pagemaster&lng_edit_phrase%5B1074%5D=Edit+Section&lng_edit_translation%5B1074%5D=Edit+Section&lng_edit_module%5B1068%5D=pagemaster&lng_edit_phrase%5B1068%5D=New+Section&lng_edit_translation%5B1068%5D=New+Section&lng_edit_mod
ule%
>> 5B1067%5D=pagemaster&lng_edit_phrase%5B1067%5D=Remove&lng_edit_translation%5B1067%5D=Remove
>> _______________________________________________
>> Modsecurity mailing list
>> Modsecurity at gotroot.com
>> http://lists.gotroot.com/mailman/listinfo/modsecurity

More information about the Modsecurity mailing list