[Modsecurity] false positive
Zekeria Oezdemir
zeki at zeki.ch
Wed Feb 21 07:32:20 EST 2007
hi there
here a false positiv with a shop based on oscommerce in rules.conf
thanks for fixing,
zeki
***********
==4c3c8c26==============================
Request: www.domain.ch 217.8.212.114 - - [21/Feb/2007:13:20:17 +0100]
"POST /admin/categories.php?cPath=1&pID=10226&action=new_product_preview
HTTP/1.1" 500 1266
"http://www.domain.ch/admin/categories.php?cPath=1&pID=10226&action=new_product"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; i-NavFourF;
.NET CLR 1.1.4322)" - "-"
----------------------------------------
POST /admin/categories.php?cPath=1&pID=10226&action=new_product_preview
HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, application/x-shockwave-flash, */*
Referer:
http://www.domain.ch/admin/categories.php?cPath=1&pID=10226&action=new_product
Accept-Language: de-ch
Content-Type: multipart/form-data;
boundary=---------------------------7d728413b09bc
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
i-NavFourF; .NET CLR 1.1.4322)
Host: www.blackberry-shop.ch
Content-Length: 8152
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: osCAdminID=r58n9hf041975iufsv455q6be6
Authorization: Basic dG1lOml0YnNpbmVz
mod_security-action: 500
mod_security-message: Access denied with code 500. Pattern match
"!/imp/login\\.php" at HEADER("Referer") [id "300018"] [rev "3"] [msg
"Generic PHP code injection protection via ARGS"] [severity "CRITICAL"]
More information about the Modsecurity
mailing list