Open jeremyjpj0916 opened 4 years ago
Confirm. I can trigger this on 942100 as follows:
$> curl localhost -d "foo=2104 GRANT AVE #A"
UNION AVE on the other hand did not match a fingerprint. GRANT AVE citizens get rekt I suppose.
@dune73 another one strikes again!
[id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: nok1o found within ARGS:json.billingPreferenceList.array_0.billingPrefSourceInfo.billingPreferenceDescription: CLOSED - OPTION 1 / OPTION 3"]
Not sure what a nok1o is but it reminds me of the word Tokyo for some reason.
Description
I am guessing this fires on just some keywords to trip a MySQLi?
Audit Logs / Triggered Rule Numbers
Linked my issue w dependency here: https://github.com/client9/libinjection/issues/149
Your Environment