Hi,
I'm using libinjection with ModSecurity and the OWASP CRS 3.0.2 and found a simple bypass issue.
When providing an input of a filed like ' OR 1=1;' it's not detected as an SQLinjection
Whereas ' OR 1=1; is detected (note the difference of the last single quote) and triggers the according ModSecurity rule.
As I don't have full insight how the pattern matching works in the library I can't really judge if this is a issue to fix.
But I would expect that such a slight modification should also be detected.
Hi, I'm using libinjection with ModSecurity and the OWASP CRS 3.0.2 and found a simple bypass issue.
When providing an input of a filed like
' OR 1=1;'it's not detected as an SQLinjection Whereas' OR 1=1;is detected (note the difference of the last single quote) and triggers the according ModSecurity rule.As I don't have full insight how the pattern matching works in the library I can't really judge if this is a issue to fix. But I would expect that such a slight modification should also be detected.
mod_security 2.9.2 with libinjection 3.9.2