libinjection icon indicating copy to clipboard operation
libinjection copied to clipboard
verified publisher icon client9

Libinjection Rule: 942100 False positive 0202

Open Shajinraj opened this issue 4 years ago • 3 comments

[-:error] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'f(n)' [file "/../.. /coreruleset-3.4-dev/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "65"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: f(n) found within ARGS:q: cos(accckt)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname **************]

Your Environment CRS version (v3.2.0): Paranoia level setting: ModSecurity version (v2.9.3): Web Server and version (httpd2.4.41): Operating System and version: RHEL 7.9 Confirmation [ ] I have removed any personal data (email addresses, IP addresses, passwords, domain names) from any logs posted.

Hi Guys,

I am getting this false positive when I click a particular tab in my website. Could you please help me that this rule can be removed or we have any other fix?

https://github.com/coreruleset/coreruleset/issues/2076

Shajinraj avatar May 18 '21 12:05 Shajinraj

any updates?

Shajinraj avatar May 19 '21 10:05 Shajinraj

?

BalintSzigeti avatar May 11 '22 15:05 BalintSzigeti

I'm afraid of this issue can not be resolved without the raw query.

BalintSzigeti avatar May 11 '22 15:05 BalintSzigeti