Closed joaopontes22 closed 1 month ago
[Thu Jul 18 15:06:19.596554 2024] [security2:error] [pid 526:tid 526] [client 177.107.231.54:62020] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\/])\\.\\.(?:[\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "Zpkva2AHHnn2rkFsyZoxUAAAAAM"] [Thu Jul 18 15:06:19.596696 2024] [security2:error] [pid 526:tid 526] [client 177.107.231.54:62020] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\/])\\.\\.(?:[\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "Zpkva2AHHnn2rkFsyZoxUAAAAAM"] [Thu Jul 18 15:06:19.599968 2024] [security2:error] [pid 526:tid 526] [client 177.107.231.54:62020] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "Zpkva2AHHnn2rkFsyZoxUAAAAAM"] [Thu Jul 18 15:06:19.600288 2024] [security2:error] [pid 526:tid 526] [client 177.107.231.54:62020] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "Zpkva2AHHnn2rkFsyZoxUAAAAAM"]
--6e005669-A-- [18/Jul/2024:15:06:52.109969 +0000] ZpkvjFHsY5o8URkhNoVsmgAAAAo 177.107.231.54 62060 10.0.0.80 443 --6e005669-B-- GET /WeGIA/controle/control.php?metodo=listarTodos&nomeClasse=SaidaControle&nextPage=../html/listar_saida.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=l3qtr41r306gqi2kksvkbcj7bj; _ga_F8DXBXLV8J=GS1.1.1721314557.29.1.1721315142.60.0.0 --6e005669-F-- HTTP/1.1 403 Forbidden Content-Length: 288 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 --6e005669-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
You don't have permission to access this resource.
--6e005669-H-- Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkvjFHsY5o8URkhNoVsmgAAAAo"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkvjFHsY5o8URkhNoVsmgAAAAo"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkvjFHsY5o8URkhNoVsmgAAAAo"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkvjFHsY5o8URkhNoVsmgAAAAo"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-php Stopwatch: 1721315212103227 7592 (- - -) Stopwatch2: 1721315212103227 7592; combined=6017, p1=859, p2=4842, p3=0, p4=0, p5=316, sr=166, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" --6e005669-Z--
--6e005669-A-- [18/Jul/2024:15:06:52.109969 +0000] ZpkvjFHsY5o8URkhNoVsmgAAAAo 177.107.231.54 62060 10.0.0.80 443 --6e005669-B-- GET /WeGIA/controle/control.php?metodo=listarTodos&nomeClasse=SaidaControle&nextPage=../html/listar_saida.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=l3qtr41r306gqi2kksvkbcj7bj; _ga_F8DXBXLV8J=GS1.1.1721314557.29.1.1721315142.60.0.0 --6e005669-F-- HTTP/1.1 403 Forbidden Content-Length: 288 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 --6e005669-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
You don't have permission to access this resource.
--6e005669-H-- Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkvjFHsY5o8URkhNoVsmgAAAAo"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_saida.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkvjFHsY5o8URkhNoVsmgAAAAo"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkvjFHsY5o8URkhNoVsmgAAAAo"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkvjFHsY5o8URkhNoVsmgAAAAo"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-php Stopwatch: 1721315212103227 7592 (- - -) Stopwatch2: 1721315212103227 7592; combined=6017, p1=859, p2=4842, p3=0, p4=0, p5=316, sr=166, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" --6e005669-Z--
Problemas de segurança resolvidos
Vulnerability Analysis
Vulnerabilidade de Injeção SQL:
Nesse trecho, o valor de
$id_pessoa
é diretamente incorporado na consulta SQL sem nenhuma validação, abrindo a possibilidade de um ataque de injeção SQL.Vulnerabilidade de Redirecionamento Não Confiável:
O código só faz a verificação básica do usuário logado e, em seguida, redireciona para a página inicial
[../index.php]
. Dependendo da implementação do sistema, um atacante pode explorar essa vulnerabilidade para redirecionar usuários para páginas maliciosas.Validação de Resultado nula inadequada:
!is_null($resultado)
no código não é uma maneira segura de verificar se uma consulta SQL retorna resultados adequados. Pode ser útil verificar o número de linhas retornadas ou se a consulta falhou de forma adequada.Redundância de código:
Vulnerabilidade de códigos desatualizados:
Possível inclusão de arquivo inseguro:
personalizacao_display.php
é vulnerável a inclusões arbitrárias de arquivos, dependendo do conteúdo do arquivoconfig.php
. Certifique-se de queconfig.php
e outros arquivos incluídos sejam seguros e não possam ser manipulados pelo usuário.Ausência de medidas de segurança aprofundadas:
Recomenda-se revisar o código, implementar medidas de segurança adequadas, como preparação de consultas SQL, validação de entrada de dados e controle de sessão, e manter as bibliotecas atualizadas para garantir a segurança da aplicação web.