search

corazawaf / coraza

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
https://www.coraza.io
Apache License 2.0
2.15k stars 211 forks source link

Error logs are repeated 4 times for some cases #129

Closed jptosso closed 2 years ago

jptosso commented 2 years ago 
[Thu Dec 16 02:12:07.990332 2021]   error   http.handlers.waf   [client "201.189.88.159"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/coraza/owasp-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "0"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data:  found within ARGS:id:' or ''=': ' or ''='"] [severity "critical"] [ver "OWASP_CRS/3.4.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname ""] [uri "/?id=%27%20or%20%27%27=%27"] [unique_id "vF6dUumnEU3iytsDORu"]
[Thu Dec 16 02:12:07.990561 2021]   error   http.handlers.waf   [client "201.189.88.159"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/coraza/owasp-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "0"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data:  found within ARGS:id:' or ''=': ' or ''='"] [severity "critical"] [ver "OWASP_CRS/3.4.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname ""] [uri "/?id=%27%20or%20%27%27=%27"] [unique_id "vF6dUumnEU3iytsDORu"]
[Thu Dec 16 02:12:07.990710 2021]   error   http.handlers.waf   [client "201.189.88.159"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/coraza/owasp-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "0"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data:  found within ARGS:id:' or ''=': ' or ''='"] [severity "critical"] [ver "OWASP_CRS/3.4.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname ""] [uri "/?id=%27%20or%20%27%27=%27"] [unique_id "vF6dUumnEU3iytsDORu"]
[Thu Dec 16 02:12:07.990825 2021]   error   http.handlers.waf   [client "201.189.88.159"] Coraza: Warning. SQL Injection Attack Detected via libinjection [file "/coraza/owasp-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "0"] [id "942100"] [rev ""] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data:  found within ARGS:id:' or ''=': ' or ''='"] [severity "critical"] [ver "OWASP_CRS/3.4.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname ""] [uri "/?id=%27%20or%20%27%27=%27"] [unique_id "vF6dUumnEU3iytsDORu"]

payload was just ?id=' or ''='

github-actions[bot] commented 2 years ago

This issue is stale because it has been open for 30 days with no activity.

jptosso commented 2 years ago

The error has disappeared and regression tests has been added