Welcome Guest, Not a member yet? Register   Sign In
SQL Injection Attack Detected via libinjection
#1

This was in my error log is this a concern?
Code:
[Mon Nov 29 21:01:48.854727 2021] [:error] [pid 6548:tid 3992432142080] [client 191.101.31.45:51279] [client 191.101.31.45] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'sos' [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "65"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: sos found within ARGS:subject: Blockchain: The most profitable trading robot or income from $ 5000 per day \\x22^\\[email protected]"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "www.mysite.com"] [uri "/contact/sendemail"] [unique_id "YaWwPHxSsmJI-rb7Z95WmgAAABU"], referer: https://www.mysite.com/contact
Reply
#2

i see the mention of OWASP and so i guess its going to perhaps involve the use of zap ? Their testing app


it also seems to mention sendmail and contact.

Now I have a clone of my web running Apache (localhost) on Arch Linux

I have a view which has a contact form; the text goes to a controller; there is a little bit of checking and if everything is ok it goes to PHPMailer to send an email direct to my email account. So that process doesn't even involve a database.

Using zap on the url that serves up my web 127.0.0.x zap flagged up some issues; i took it as a false positive. Bit in your case is there any interaction with a database to retrive date in which case you migth have to look a bit deeper. In my case sql injection can't be involved on my form->controller-> creates email because the process doesn't even touch a db
Reply




Theme © iAndrew 2016 - Forum software by © MyBB