mod_security i XSS problem

Programiranje
1

Da li se tko susretao sa problemom da mu mod_security zabrani pristup vlastitiom serveru i kako ga je rješio (osim isključivanja mod_security)?

Radi se o tome da nakon desetak klikova u Open Cart-u moj IP biva bannan sa cijelog servera.

[Sun Feb 12 11:39:23 2012] [error] [client 89.164.123.133] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "120"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "mojopencart.hr"] [uri "/catalog/view/javascript/jquery/ui/external/jquery.cookie.js"] [unique_id "TzeIyy4EZIUAAAki0y4AAAAW"]

Dakle prepoznaje XSS napad u ovoj jquery.cookie.js ?!

2

možda ovo pomogne:
+[line+%22120%22]+[id+%22950004%22]+[msg+%22Cross-site+Scripting+%28XSS%29&btnK=Google+pretra%C5%BEivanje&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=]http://www.google.hr/search?hl=hr&safe=off&noj=1&site=webhp&q=ModSecurity%3A+Access+denied+with+code+406+(phase+2).+Pattern+match+"(%3F%3A\\\\b(%3F%3A(%3F%3Atype\\\\b\\\\W*%3F\\\\b(%3F%3Atext\\\\b\\\\W*%3F\\\\b(%3F%3Aj(%3F%3Aava)%3F|ecma|vb)|application\\\\b\\\\W*%3F\\\\bx-(%3F%3Ajava|vb))script|c(%3F%3Aopyparentfolder|reatetextrange)|get(%3F%3Aspecial|parent)folder|iframe\\\\b.{0%2C100}%3F\\\\bsrc)\\\\b|on(%3F%3A(%3F%3Amo(%3F%3Ause(%3F%3Ao(%3F%3Aver|ut)|down|move|up)|ve)|+…"+at+REQUEST_FILENAME.+[file+"%2Fusr%2Flocal%2Fapache%2Fconf%2Fmodsec2.user.conf"]+[line+"120"]+[id+"950004"]+[msg+%22Cross-site+Scripting+%28XSS%29&btnK=Google+pretra%C5%BEivanje&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=

3

Primjer sam imao, a opet i sličan tome, da sam napravio (ne)mogući MySQLi (MySQL inject) putem pozivanja/dohvaćenja (slanja zahtjeva za preuzimanjem fotografije iz stranice) datoteke na stranici.

  • problem: ime datoteke

mod_security je mislio da se radi o MySQLi-u, no nije bila riječ o tome, već o imenu datoteke (fotografije).

  • dobio sam “BAN” vlastite IP adrese, pa nisam mogao pristupiti Web stranici :slight_smile:

Rješenje: promjena naziva datoteke (fotografije)

Možda ti je kod pozivanja skripte greška, nekakav kod, pa ti radi probleme.

  • dobro se zaštititi protiv bilo kakvih napada, pa tako i tzv. “XSS” i “CSRF” napada :wink: