Christian Folini
Christian Folini
The following payload is not detected by libinject (via ModSecurity 2.9.3). ``` a=SELECT-id-1.FROM`test` ``` (Based on tweet https://twitter.com/brutelogic/status/1189184204073885697)
The bypass is obvious. An attacker omits the content-type header, ModSec does not know which request body processor to use, the attack goes undetected, the backend makes a guess what...
This is a little set new pair of rules that prevents parameter pollution bypasses in bug bounty findings `Z05OZUCH` and `5UXE4RK0`. The issues reported bypass existing parameter pollution rule 921180...
This might be of some use for CRS.
This is the Agenda for the Monthly CRS Chat. The general chat is going to happen on https://owasp.slack.com in the channel #coreruleset on Monday, 2022-08-01, at 20:30 CET. That's the...
### Description New SQLi attack using scientific notation of numbers: https://blog.h3xstream.com/2021/10/bypassing-modsecurity-waf.html Author thinks libinjection should catch it, maybe better to catch it with regexp rules too. We catch it just...
### Motivation This would help us spread the word. But perhaps even more importantly, it forces us to describe the core new features that this release brings. Without that process...
### Description ``` $ crssandbox -d "foo=ping tests broken" ... 932150 PL1 Remote Command Execution: Direct Unix Command Execution ... ``` ### Audit Logs / Triggered Rule Numbers ``` [2022-03-04...
### Motivation https://github.com/trickest/cve is a repo with PoC of new CVEs; gathered via an automatic workflow. We should take the PoCs and run them against the Sandbox. Results could be...
### Description MariaDB shares error codes with MySQL, however, there are also specific ones. They are documented at https://mariadb.com/kb/en/mariadb-error-codes/#mariadb-specific-error-codes. Yet CRS does not cover these yet. This may lead to...