SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Guru afridy's Avatar
    Join Date
    Mar 2007
    Posts
    966
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    OWASP ruleset vs XSS/SQL Injection

    Hello,

    i have enabled OWASP modesecurty in our WHM Server.
    then i tested the functionality with a website hosted in our server using the following sql statemnt.

    Code:
    a' union sElEcT 1,2,table_nAme fRom informAtion_schemA.tAbles WhErE tablE_scHemA=dAtabase()-- -
    406 Not acceptable - mean rule in action.


    Code:
    a'/**//*!unIoN*//**//*!SelEct*//**/1,/*!table_name*/,database()/**/from/**/information_schema.tables/**/WheRe/**/tablE_SchEma=daTabase()--+-
    successflly got in - rule set failed.

    What could be wrong

  2. #2
    SitePoint Guru afridy's Avatar
    Join Date
    Mar 2007
    Posts
    966
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    any body pls!

  3. #3
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,048
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)
    I'm guessing this is with MySQL?

    If nobody comes by with OWASP modsecurity knowledge soon we could try moving the thread to the database forum.

  4. #4
    SitePoint Guru afridy's Avatar
    Join Date
    Mar 2007
    Posts
    966
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mittineague View Post
    I'm guessing this is with MySQL?

    If nobody comes by with OWASP modsecurity knowledge soon we could try moving the thread to the database forum.
    yes mitti, will try like that then.

  5. #5
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,048
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)
    Moved to the database forum, Hopefully someone can help you put together a rule.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •