+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: SQL Injection Attack Detected via libinjection (/showthread.php?tid=80674)
SQL Injection Attack Detected via libinjection - magiwells - 11-30-2021
This was in my error log is this a concern?
Code:
[Mon Nov 29 21:01:48.854727 2021] [:error] [pid 6548:tid 3992432142080] [client 191.101.31.45:51279] [client 191.101.31.45] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'sos' [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "65"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: sos found within ARGS:subject: Blockchain: The most profitable trading robot or income from $ 5000 per day \\x22^\\x22@"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "www.mysite.com"] [uri "/contact/sendemail"] [unique_id "YaWwPHxSsmJI-rb7Z95WmgAAABU"], referer: https://www.mysite.com/contactRE: SQL Injection Attack Detected via libinjection - captain-sensible - 12-02-2021
i see the mention of OWASP and so i guess its going to perhaps involve the use of zap ? Their testing app
it also seems to mention sendmail and contact.
Now I have a clone of my web running Apache (localhost) on Arch Linux
I have a view which has a contact form; the text goes to a controller; there is a little bit of checking and if everything is ok it goes to PHPMailer to send an email direct to my email account. So that process doesn't even involve a database.
Using zap on the url that serves up my web 127.0.0.x zap flagged up some issues; i took it as a false positive. Bit in your case is there any interaction with a database to retrive date in which case you migth have to look a bit deeper. In my case sql injection can't be involved on my form->controller-> creates email because the process doesn't even touch a db