mod_security i XSS problem

Programiranje
1

Da li se tko susretao sa problemom da mu mod_security zabrani pristup vlastitiom serveru i kako ga je rješio (osim isključivanja mod_security)?

Radi se o tome da nakon desetak klikova u Open Cart-u moj IP biva bannan sa cijelog servera.

[Sun Feb 12 11:39:23 2012] [error] [client 89.164.123.133] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?:\\\\b(?:(?:type\\\\b\\\\W*?\\\\b(?:text\\\\b\\\\W*?\\\\b(?:j(?:ava)?|ecma|vb)|application\\\\b\\\\W*?\\\\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\\\\b.{0,100}?\\\\bsrc)\\\\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)| ..." at REQUEST_FILENAME. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "120"] [id "950004"] [msg "Cross-site Scripting (XSS) Attack"] [data ".cookie"] [severity "CRITICAL"] [tag "WEB_ATTACK/XSS"] [hostname "mojopencart.hr"] [uri "/catalog/view/javascript/jquery/ui/external/jquery.cookie.js"] [unique_id "TzeIyy4EZIUAAAki0y4AAAAW"]

Dakle prepoznaje XSS napad u ovoj jquery.cookie.js ?!

2

možda ovo pomogne:
+[line+%22120%22]+[id+%22950004%22]+[msg+%22Cross-site+Scripting+%28XSS%29&btnK=Google+pretra%C5%BEivanje&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=]http://www.google.hr/search?hl=hr&safe=off&noj=1&site=webhp&q=ModSecurity%3A+Access+denied+with+code+406+%28phase+2%29.+Pattern+match+%22%28%3F%3A\\b%28%3F%3A%28%3F%3Atype\\b\\W*%3F\\b%28%3F%3Atext\\b\\W*%3F\\b%28%3F%3Aj%28%3F%3Aava%29%3F|ecma|vb%29|application\\b\\W*%3F\\bx-%28%3F%3Ajava|vb%29%29script|c%28%3F%3Aopyparentfolder|reatetextrange%29|get%28%3F%3Aspecial|parent%29folder|iframe\\b.{0%2C100}%3F\\bsrc%29\\b|on%28%3F%3A%28%3F%3Amo%28%3F%3Ause%28%3F%3Ao%28%3F%3Aver|ut%29|down|move|up%29|ve%29|+…%22+at+REQUEST_FILENAME.+[file+%22%2Fusr%2Flocal%2Fapache%2Fconf%2Fmodsec2.user.conf%22]+[line+%22120%22]+[id+%22950004%22]+[msg+%22Cross-site+Scripting+%28XSS%29&btnK=Google+pretra%C5%BEivanje&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=

3

Primjer sam imao, a opet i sličan tome, da sam napravio (ne)mogući MySQLi (MySQL inject) putem pozivanja/dohvaćenja (slanja zahtjeva za preuzimanjem fotografije iz stranice) datoteke na stranici.

  • problem: ime datoteke

mod_security je mislio da se radi o MySQLi-u, no nije bila riječ o tome, već o imenu datoteke (fotografije).

  • dobio sam “BAN” vlastite IP adrese, pa nisam mogao pristupiti Web stranici :slight_smile:

Rješenje: promjena naziva datoteke (fotografije)

Možda ti je kod pozivanja skripte greška, nekakav kod, pa ti radi probleme.

  • dobro se zaštititi protiv bilo kakvih napada, pa tako i tzv. “XSS” i “CSRF” napada :wink: