Análise de vulnerabilidade do arquivo html/listar_entrada.php

[joaopontes22]

Vulnerability Analysis A vulnerabilidade encontrada no código é a falta de validação de entrada de dados na consulta SQL. No trecho do código abaixo, a variável $id_pessoa é inserida diretamente na consulta SQL sem nenhum tipo de escape ou validação:

$resultado = mysqli_query($conexao, "SELECT * FROM funcionario WHERE id_pessoa=$id_pessoa");

Isso pode levar a uma vulnerabilidade de injeção de SQL, onde um atacante pode manipular o valor de $id_pessoa para executar comandos maliciosos no banco de dados.

Para corrigir essa vulnerabilidade, é recomendável utilizar prepared statements para evitar a injeção de SQL. Aqui está um exemplo de como o trecho acima poderia ser corrigido:

$stmt = $conexao->prepare("SELECT * FROM funcionario WHERE id_pessoa=?");
$stmt->bind_param("i", $id_pessoa);
$stmt->execute();
$resultado = $stmt->get_result();

Dessa forma, o valor de $id_pessoa é tratado como um parâmetro e não como parte da consulta SQL, prevenindo a injeção de SQL. Certifique-se de aplicar esse tipo de técnica em todas as consultas SQL no código para garantir a segurança do sistema.

[joaopontes22]

[Thu Jul 18 15:00:45.164388 2024] [php:warn] [pid 612:tid 612] [client 177.107.231.54:61752] PHP Warning: include_once(conexao.php): Failed to open stream: No such file or directory in /var/www/html/WeGIA/html/pet/cadastro_pet.php on line 3, referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:45.164474 2024] [php:warn] [pid 612:tid 612] [client 177.107.231.54:61752] PHP Warning: include_once(): Failed opening 'conexao.php' for inclusion (include_path='.:/usr/share/php') in /var/www/html/WeGIA/html/pet/cadastro_pet.php on line 3, referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:45.167774 2024] [php:warn] [pid 612:tid 612] [client 177.107.231.54:61752] PHP Warning: Undefined array key "cpf" in /var/www/html/WeGIA/html/pet/cadastro_pet.php on line 56, referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:45.168685 2024] [php:warn] [pid 612:tid 612] [client 177.107.231.54:61752] PHP Warning: Undefined array key "msg" in /var/www/html/WeGIA/html/pet/cadastro_pet.php on line 72, referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:45.171680 2024] [php:warn] [pid 612:tid 612] [client 177.107.231.54:61752] PHP Warning: Undefined variable $imagem in /var/www/html/WeGIA/html/pet/cadastro_pet.php on line 268, referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:45.171747 2024] [php:warn] [pid 612:tid 612] [client 177.107.231.54:61752] PHP Warning: Undefined array key "cpf_interno" in /var/www/html/WeGIA/html/pet/cadastro_pet.php on line 568, referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:45.171768 2024] [php:warn] [pid 612:tid 612] [client 177.107.231.54:61752] PHP Warning: Undefined array key "cpf_interno" in /var/www/html/WeGIA/html/pet/cadastro_pet.php on line 584, referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:50.573985 2024] [php:warn] [pid 527:tid 527] [client 177.107.231.54:61751] PHP Warning: Undefined variable $entrada in /var/www/html/WeGIA/html/listar_entrada.php on line 119, referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:50.616229 2024] [security2:error] [pid 751:tid 751] [client 177.107.231.54:61739] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\/])\\.\\.(?:[\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuIqFo2bUamjRAXeNy8QAAAAE"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:50.616386 2024] [security2:error] [pid 751:tid 751] [client 177.107.231.54:61739] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\/])\\.\\.(?:[\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuIqFo2bUamjRAXeNy8QAAAAE"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:50.631798 2024] [security2:error] [pid 751:tid 751] [client 177.107.231.54:61739] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuIqFo2bUamjRAXeNy8QAAAAE"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:50.632200 2024] [security2:error] [pid 751:tid 751] [client 177.107.231.54:61739] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuIqFo2bUamjRAXeNy8QAAAAE"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:52.083752 2024] [security2:error] [pid 751:tid 751] [client 177.107.231.54:61739] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\/])\\.\\.(?:[\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuJKFo2bUamjRAXeNy8gAAAAE"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:52.083921 2024] [security2:error] [pid 751:tid 751] [client 177.107.231.54:61739] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\/])\\.\\.(?:[\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuJKFo2bUamjRAXeNy8gAAAAE"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:52.087300 2024] [security2:error] [pid 751:tid 751] [client 177.107.231.54:61739] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuJKFo2bUamjRAXeNy8gAAAAE"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php [Thu Jul 18 15:00:52.087686 2024] [security2:error] [pid 751:tid 751] [client 177.107.231.54:61739] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuJKFo2bUamjRAXeNy8gAAAAE"], referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php

[joaopontes22]

--a3d7a066-A-- [18/Jul/2024:14:22:04.300591 +0000] ZpklDLO8zYmIe_JUWYUKJgAAAAs 141.98.10.12 33114 10.0.0.80 443 --a3d7a066-B-- GET / HTTP/1.0 ‌ --a3d7a066-F-- HTTP/1.1 400 Bad Request Content-Length: 450 Connection: close Content-Type: text/html; charset=iso-8859-1 ‌ --a3d7a066-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

---

Apache/2.4.61 (Debian) Server at comfirewall.wegia.org Port 443

‌ --a3d7a066-H-- Stopwatch: 1721312524298950 1765 (- - -) Stopwatch2: 1721312524298950 1765; combined=1300, p1=803, p2=0, p3=64, p4=261, p5=172, sr=168, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" ‌ --a3d7a066-Z-- ‌ --e505e123-A-- [18/Jul/2024:14:56:20.693905 +0000] ZpktFFjKD8QR2CRkZ_xvuwAAAAI 177.107.231.54 61546 10.0.0.80 443 --e505e123-B-- GET /WeGIA/controle/control.php?metodo=listarTodos&nomeClasse=AtendidoControle&nextPage=../html/atendido/listar_ocorrencias_ativas.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=l3qtr41r306gqi2kksvkbcj7bj; _ga_F8DXBXLV8J=GS1.1.1721314557.29.1.1721314561.56.0.0 ‌ --e505e123-F-- HTTP/1.1 403 Forbidden Content-Length: 288 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 ‌ --e505e123-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

Forbidden

You don't have permission to access this resource.

---

Apache/2.4.61 (Debian) Server at comfirewall.wegia.org Port 8000

‌ --e505e123-H-- Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/atendido/listar_ocorrencias_ativas.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/atendido/listar_ocorrencias_ativas.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/atendido/listar_ocorrencias_ativas.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpktFFjKD8QR2CRkZ_xvuwAAAAI"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/atendido/listar_ocorrencias_ativas.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpktFFjKD8QR2CRkZ_xvuwAAAAI"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpktFFjKD8QR2CRkZ_xvuwAAAAI"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpktFFjKD8QR2CRkZ_xvuwAAAAI"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-php Stopwatch: 1721314580668359 26360 (- - -) Stopwatch2: 1721314580668359 26360; combined=24994, p1=850, p2=23511, p3=0, p4=0, p5=468, sr=168, sw=0, l=0, gc=165 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" ‌ --e505e123-Z-- ‌ --44ff200f-A-- [18/Jul/2024:14:59:39.159882 +0000] Zpkt25mTqzvT7a3VcqSmIwAAAAc 177.107.231.54 61658 10.0.0.80 443 --44ff200f-B-- GET /WeGIA/controle/control.php?metodo=listarTodos&nomeClasse=AtendidoControle&nextPage=../html/atendido/Informacao_Atendido.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=l3qtr41r306gqi2kksvkbcj7bj; _ga_F8DXBXLV8J=GS1.1.1721314557.29.1.1721314766.60.0.0 ‌ --44ff200f-F-- HTTP/1.1 403 Forbidden Content-Length: 288 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 ‌ --44ff200f-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

Forbidden

You don't have permission to access this resource.

---

Apache/2.4.61 (Debian) Server at comfirewall.wegia.org Port 8000

‌ --44ff200f-H-- Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/atendido/Informacao_Atendido.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/atendido/informacao_atendido.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/atendido/Informacao_Atendido.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "Zpkt25mTqzvT7a3VcqSmIwAAAAc"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/atendido/informacao_atendido.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "Zpkt25mTqzvT7a3VcqSmIwAAAAc"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "Zpkt25mTqzvT7a3VcqSmIwAAAAc"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "Zpkt25mTqzvT7a3VcqSmIwAAAAc"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-php Stopwatch: 1721314779149047 11131 (- - -) Stopwatch2: 1721314779149047 11131; combined=7261, p1=1502, p2=5462, p3=0, p4=0, p5=297, sr=582, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" ‌ --44ff200f-Z-- ‌ --a8235d5f-A-- [18/Jul/2024:15:00:50.632384 +0000] ZpkuIqFo2bUamjRAXeNy8QAAAAE 177.107.231.54 61739 10.0.0.80 443 --a8235d5f-B-- GET /WeGIA/controle/control.php?metodo=listarTodosComProdutos&nomeClasse=EntradaControle&nextPage=../html/listar_entrada.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=l3qtr41r306gqi2kksvkbcj7bj; _ga_F8DXBXLV8J=GS1.1.1721314557.29.1.1721314848.59.0.0 ‌ --a8235d5f-F-- HTTP/1.1 403 Forbidden Content-Length: 288 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 ‌ --a8235d5f-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

Forbidden

You don't have permission to access this resource.

---

Apache/2.4.61 (Debian) Server at comfirewall.wegia.org Port 8000

‌ --a8235d5f-H-- Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuIqFo2bUamjRAXeNy8QAAAAE"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuIqFo2bUamjRAXeNy8QAAAAE"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuIqFo2bUamjRAXeNy8QAAAAE"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuIqFo2bUamjRAXeNy8QAAAAE"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-php Stopwatch: 1721314850613592 19626 (- - -) Stopwatch2: 1721314850613592 19626; combined=18005, p1=844, p2=16856, p3=0, p4=0, p5=305, sr=165, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" ‌ --a8235d5f-Z-- ‌ --d1cd583f-A-- [18/Jul/2024:15:00:52.087886 +0000] ZpkuJKFo2bUamjRAXeNy8gAAAAE 177.107.231.54 61739 10.0.0.80 443 --d1cd583f-B-- GET /WeGIA/controle/control.php?metodo=listarTodosComProdutos&nomeClasse=EntradaControle&nextPage=../html/listar_entrada.php HTTP/1.1 Host: comfirewall.wegia.org:8000 Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://comfirewall.wegia.org:8000/WeGIA/html/home.php Accept-Encoding: gzip, deflate, br, zstd Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7 Cookie: _ga=GA1.1.226787592.1712170424; PHPSESSID=l3qtr41r306gqi2kksvkbcj7bj; _ga_F8DXBXLV8J=GS1.1.1721314557.29.1.1721314848.59.0.0 ‌ --d1cd583f-F-- HTTP/1.1 403 Forbidden Content-Length: 288 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 ‌ --d1cd583f-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

Forbidden

You don't have permission to access this resource.

---

Apache/2.4.61 (Debian) Server at comfirewall.wegia.org Port 8000

‌ --d1cd583f-H-- Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Warning. Pattern match "(?:^|[\/])\.\.(?:[\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuJKFo2bUamjRAXeNy8gAAAAE"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at ARGS:nextPage. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "72"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within ARGS:nextPage: ../html/listar_entrada.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuJKFo2bUamjRAXeNy8gAAAAE"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuJKFo2bUamjRAXeNy8gAAAAE"] Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 177.107.231.54] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "comfirewall.wegia.org"] [uri "/WeGIA/controle/control.php"] [unique_id "ZpkuJKFo2bUamjRAXeNy8gAAAAE"] Action: Intercepted (phase 2) Apache-Handler: application/x-httpd-php Stopwatch: 1721314852081057 7674 (- - -) Stopwatch2: 1721314852081057 7674; combined=6049, p1=863, p2=4858, p3=0, p4=0, p5=327, sr=183, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/); OWASP_CRS/3.3.4. Server: Apache/2.4.61 (Debian) Engine-Mode: "ENABLED" ‌ --d1cd583f-Z-- ‌

[angel-jgpv]

Resolvido by: Lenart 04/09/2024