Showing 129 results for: ModSecurity Rules ×

Detecting Successful XSS Testing with JS Overrides

Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) vulnerability in your web application? This blog post will demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to response pages that...

Web Application Defense: Bayesian Attack Analysis

Regular Expressions for Input Validation If your web application defensive strategy against injection attacks relies solely upon the use of blacklist regular expression for input validation, it is only a matter of time before an attacker finds an evasion. Want...

WAF Normalization and I18N

Submitted By Breno Silva Pinto and Ryan Barnett WAF Normalization and I18N Web application firewalls must be able to handle Internationaliztion (I18N) and thus properly handle various data encodings including Unicode and UTF-8 in order to prevent not only evasion...

ModSecurity and OWASP CRS Updates Available

Security Fix Release: ModSecurity v2.6.6 The ModSecurity Development Team has released version 2.6.6 in response to a multipart bypass vulnerability that was disclosed to us. Users are strongly encouraged to update. Please see the release notes included into CHANGES file....

HULK vs. THOR - Application DoS Smackdown

SpiderLabs Research Team Contributions from: @jgrunzweig @ethackal @claudijd There was a new web server DoS tool released yesterday called HULK (Http Unbearable Load King). Here is a snippet from the blog page: In my line of work, I get to...

PHP-CGI Exploitation by Example

Late last week, a vulnerability in PHP-CGI was disclosed, which allows all sorts of bad for folks running PHP-CGI. It was met with lots of controversy and questions about how it was leaked before a patch was available. What we'll...

Recent Mass SQL Injection Payload Analysis

There have been a number of mass SQL Injection campaigns targeting ASP/ASP.Net/MS-SQL sites over the past few months. While there have been a number of stories, sites and blogs that analyze the the injected JS script tags into the infected...

Virtual Patch for Movable Types XSS (CVE 2012-1262)

My SpiderLabs Research colleague Jonathan Claudius recently identified an XSS flaw in the Movable Types application which was outlined in Trustwave Security Advisory TWSL2012-003. Here is the quick overview of the issue: After extracting the Moveable Type CGI files and...

HOIC DDoS Analysis and Detection

In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion Canon) used by Anonymous in supports of denial of service attacks over the past year. Attackers are constantly changing their tactics and...

TWSL2012-002: Multiple Vulnerabilities in WordPress

Trustwave SpiderLabs has published a new advisory today for multiple vulnerabilities discovered in the WordPress 'setup-config.php' page. These include PHP code execution/persistent cross site scripting (XSS) vulnerabilities and a MySQL server username/password disclosure weakness. All of these vulnerabilities were discovered...

[Honeypot Alert] Simple Page Options Module for Joomla! Local File Inclusion Attack Detected

Our web honeypots generated the following ModSecurity alert today: [Thu Jan 19 17:55:55 2012] [error] [client 218.145.160.100] ModSecurity: Warning. Pattern match ".*" at TX:950103-WEB_ATTACK/DIR_TRAVERSAL-ARGS:spo_site_lang. [file "/usr/local/apache/conf/crs/base_rules/modsecurity_slr_46_lfi_attacks.conf"] [line "6379"] [id "2074201"] [rev "011712"] [msg "SLR: Simple Page Options Module for Joomla!...

[Honeypot Alert] phpMyAdmin Superglobal Session Manipulation Attack Detected

Our web honeypots have identified attempts to exploit CVE-2011-2505. OSVDB lists the vulnerabilty as - phpMyAdmin libraries/auth/swekey/swekey.auth.lib.php Swekey_login() Function Superglobal Session Manipulation Arbitrary PHP Code Execution. Vulnerability Details The vulnerability lies within the following code snippet of the libraries /auth/swekey/swekey.auth.lib.php...