Failed to include some sensitive path or file in #REQUEST-930-APPLICATION-ATTACK-LFI rules
See original GitHub issue_Issue originally created by user umarfarook882 on date 2017-06-17 21:14:30. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/814._
I have tested these payload on OWASP-CRS, It failed to block user form accessing this sensitive path or file. I have checked the rule on REQUEST-930-APPLICATION-ATTACK-LFI , these sensitive path or file are not included on the lfi-os-files.data file or on any other rules.
#REQUEST-930-APPLICATION-ATTACK-LFI
#PARANOIA_LEVEL:1
#rule ID:930100,930110,930120,930130
These are the following sensitive file failed to detect by the OWASP-CRS
/var/mail/www-data
/etc/network/* i.e /etc/network/interfaces
/etc/init/* i.e /etc/init/anacron.conf
For more information check my demo video on Github
Issue Analytics
- State:
- Created 3 years ago
- Comments:6
Top Results From Across the Web
Failed to include some sensitive path or file in #REQUEST ...
I have tested these payload on OWASP-CRS, It failed to block user form accessing this sensitive path or file. I have checked the...
Read more >Handling False Positives with the OWASP ... - netnea
This will let you practice writing rules exclusions so the false alarms disappear from the installation. I have prepared two such files for...
Read more >Web Application Firewall Policies - Create Or Update
Learn more about Application Gateway service - Creates or update policy with specified rule set name within a resource group.
Read more >66.175.236.108 | IONOS Inc. | AbuseIPDB
IP Abuse Reports for 66.175.236.108: ; ManagedStack, 20 Jan 2021. Unauthorized path/IP Access (full log not revealed as it contains sensitive data) ;...
Read more >azurerm_application_gateway | Resources | hashicorp/azurerm
backend_address_pool_name - (Optional) The Name of the Backend Address Pool to use for this Path Rule. Cannot be set if redirect_configuration_name is set....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
User umarfarook882 commented on date 2017-06-27 06:52:30:
No, as far now we will add this below directories to
lfi-os-files.data
and close this issue.User umarfarook882 commented on date 2017-08-07 04:54:51:
lifeforms Sure, Thanks for Merging the PR 😃 .