phpMyAdmin "on" cookie blocked by libinjection #820
Comments
|
This is another instance of libinjection seeing I discussed this in client9/libinjection#115 and I think it should have been fixed by replacing the So this issue should be resolved when ModSecurity targets a new libinjection release. However, I have not been able to verify the fix with a new libinjection build. It could be that I've been using an incorrect commit. So let's keep this issue open while we do a check on a new libinjection version. |
lifeforms
changed the title
|
You 're totally right @zimmerle and I'm very sorry about that (it's not the first time, damnit.. The saying "A donkey does not stumble twice on the same stone" doesn't fit for me this time :/ ). @lifeforms : Thanks for the explanation. Sounds good. |
|
@quenenni I hope we see a ModSecurity 2.9.2 with an updated libinjection, maybe this summer? ;) But let me first check if a new version of libinjection really fixes the problem. Otherwise we should go over there in the bug tracker again! |
|
We can close this here, can't we? |
|
If you're asking me, you can. |
|
True. I did not read it very carefully it seems. I got the impression it was a libinjection thing and I am a bit overwhelmed with the number of issues we are actively working on. So I wish we could close this. :) |
|
FYI a possible fix for this libinjection FP is discussed in: |
|
This issue has been open 120 days with no activity. Remove the stale label or comment, or this will be closed in 14 days |
github-actions
bot
added
the
Stale issue
|
ping, not yet addressed? |
|
@diablodale You should probably ping client9/libinjection#143 as well. |
|
My concern was the bot autoclosing this; seems a good tracking issue on the dependency. I don't have perms to remove the stale tag. Which I see you now did...thank you.👍 |
|
FYI, the owning libinjection repo of the PR appears dead. There have been no commits since early 2018. |
|
@diablodale thanks for the info and for ensuring this issue is not closed. |
|
Decision during the CRS project chat on March 2, 2020: @dune73 will get in touch with the libinjection project to try and get things moving again. |
@quenenni commented on Wed Jun 21 2017
Debian Jessie
libapache2-modsecurity v2.8.0-3
CRS v3.0.2
PhpMyAdmin is using pmaUser-2 & pmaPass-2 as cookie names.
Not always, I could use PMA for a time.
But it's the second time today that suddenly, while doing stuff, modsec decided to block all my requests.
And the reason was these 2 cookies.
I'm going to add an exception that stops the 2 rules when working with PMA, but aren't those 2 rules to harsh in a general sense?
´´´
[Wed Jun 21 15:25:10.956736 2017] [:error] [pid 5924] [client xxx.xxx.xxx.xx:50902] ModSecurity: Access denied with code 412 (phase 2). detected XSS using libinjection. [file "/etc/modsecurity/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "64"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: connection found within REQUEST_COOKIES:pmaPass-2: on+BHFUPFdfsWTEJdw8wug=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "yyyyy.net"] [uri "/alternc-sql/index.php"] [unique_id "WUpztolKzlsAABXPBZkAAAAD"]
@zimmerle commented on Wed Jun 21 2017
Hi @quenenni, it seems like you are facing a problem on OWASP CRS. The better approach is to open this issue on OWASP CRS Project.
The text was updated successfully, but these errors were encountered: