Not being able to see your configuration, I am assuming that you do not have your ModSecurity instance in blocking mode. I suggest you check the SecRuleEngine configuration option (https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRuleEngine) and also ensure that ModSecurity is working properly. Unless this is a very novel SQL injection attack (in which case we can amend the rules to detect it) it should be detected by ModSecurity. Try pasting your payload in our demo site to ensure it will be detected by stock CRS rules (http://modsecurity.org/crs-demo.html). Hope this helps!
Chaim Sanders Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf Of Reginal Laurent Sent: Monday, February 9, 2015 3:23 AM To: owasp-modsecurity-core-rule-set@lists.owasp.org Subject: [Owasp-modsecurity-core-rule-set] ModSecurity Rules - Windows server 2008 R2 Hello, I have a Windows Server 2008 R2 running Apache2 and PHP. I have configured Modsecurity for protection against Injection SQL or other attacks. However, when i scanned vulnerabilities on my server, i still have Injection SQL vulnerabilities and other based attacks. Is it normal ? Could you help me ? Thank you for feedback. -- Cordialement, ------------------------- Réginal LAURENT Ingénieur Réseaux et Sécurité des SI CCNA - ID: CSCO12321512 skype : laurent.reginal Site perso : reginallaurent.info ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
