Mod_security - letting a lot of abuse through


#1

Examples like these don’t seem to be getting picked up by mod-security — why not?

Here’s a few. I have many more examples that seem to sneak past mod_security??

GET /index.php?key=%27%20union%20select%20all%20table_name%20from%20information_schema.columns%20where%20table_name!=%27users%27%20and%20table_name!=%27users%20and%20table_name!=

GET /index.php?key=…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/home/domain.com/images/shell.gif

GET /index.php?key=27%20union%20select%20all%20password%20from%20users%20where%20username=%27username%27%20or%20%27

GET /index.php?cmd=mv%20images/…/…/base/images/base/shell.gif%20shell.php&key=…/…/…/…/…/…/…/…home/domain.com/images/shell.gif

GET /index.php?id=9999999%27%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A%2A%2Fmpassword%2F%2A%2A%2FFROM%2F%2A%2A%2Fnucleus_member%2F%2A%2A%2FWHERE%2F%2A%2

GET /index.php?VERSION=%22%3E%3Cscript%3Ealert(‘FORCE_XSS’)%3C/script%3E HTTP/1.1" 403 501

POST /index.php?template=…/…/…/…/…/…/…/…/…/…/boot.ini%00 HTTP/1.1" 403 501 “-” “-”

/index.php??pid=-1%20union%20select%201,concat(0x4F,0x6E,0x6C,0x69,0x6E,0x65,0x20,0x52,0x65,0x6E,0x74,0x61,0x6C,0x20,0x50,0x72,0x6F,0x70,0x65,0x72,0x74,0x79,0

GET //AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA