[SOLVED] SQL Injection Issue
- bins
- OFFLINE
-
Platinum Member
- Posts: 470
- Thanks: 40
- Karma: 4
6 years 1 month ago - 6 years 1 month ago #302654
by bins
[SOLVED] SQL Injection Issue was created by bins
I am having issues on my site where I cannot loin to admin. Checking the logs I am showing:
[Tue Mar 06 09:33:49.165730 2018] [:error] [pid 21347] [client xx.xx.xx.xx :51041] [client 80.4.133.243] ModSecurity: Warning. detected SQLi using libinjection with fingerprint '1c' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: 1c found within REQUEST_COOKIES:idev: 144--3-4-------http%3A%2F%2Fdomain.co.uk%2Findex.php%3Foption%3Dcom_comprofiler%26task%3Dpluginclass%26plugin%3Dcbpaidsubscriptions%26do%3Ddisplayplans%26Itemid%3D243"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "domain.co.uk"] [uri "/media/jui/js/jquery-migrate.min.js"] [unique_id "Wp5gfUOfWp0JBQKZjjpjWAAAAAo"], referer: www.domain.co.uk/administrator/
This is appearing when I try to log into the site - the client IP is mine.
Help!
[Tue Mar 06 09:33:49.165730 2018] [:error] [pid 21347] [client xx.xx.xx.xx :51041] [client 80.4.133.243] ModSecurity: Warning. detected SQLi using libinjection with fingerprint '1c' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: 1c found within REQUEST_COOKIES:idev: 144--3-4-------http%3A%2F%2Fdomain.co.uk%2Findex.php%3Foption%3Dcom_comprofiler%26task%3Dpluginclass%26plugin%3Dcbpaidsubscriptions%26do%3Ddisplayplans%26Itemid%3D243"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "domain.co.uk"] [uri "/media/jui/js/jquery-migrate.min.js"] [unique_id "Wp5gfUOfWp0JBQKZjjpjWAAAAAo"], referer: www.domain.co.uk/administrator/
This is appearing when I try to log into the site - the client IP is mine.
Help!
Last edit: 6 years 1 month ago by krileon. Reason: Added [SOLVED] tag to subject
Please Log in to join the conversation.
- bins
- OFFLINE
-
Platinum Member
- Posts: 470
- Thanks: 40
- Karma: 4
6 years 1 month ago #302655
by bins
Replied by bins on topic SQL Injection Issue
This looks like it could be more than a CB issue.....
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68474
- Thanks: 9071
- Karma: 1434
6 years 1 month ago - 6 years 1 month ago #302663
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic SQL Injection Issue
Looks like mod_security throwing a false positive. Contact your host as they may need to adjust some of their mod_security rules. I don't see anything in the request matching SQL so I'm not sure why that rule would flag it as an injection beyond false positive.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 6 years 1 month ago by krileon.
Please Log in to join the conversation.
- bins
- OFFLINE
-
Platinum Member
- Posts: 470
- Thanks: 40
- Karma: 4
6 years 1 month ago #302837
by bins
Replied by bins on topic SQL Injection Issue
Yup - it was mod_security on that site!
The following user(s) said Thank You: krileon, mikerotec
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.209 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- [SOLVED] SQL Injection Issue