Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Rule 942450 (SQL Hex Encoding Identified) too lax?

See original GitHub issue

_Issue originally created by user lifeforms on date 2017-07-06 18:39:09. Link to original issue: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/833._

Rule 942450 (SQL Hex Encoding Identified; PL2) gives FPs in alphanumeric strings that contain the substring 0x. Examples:

N0X5d1

bKjyGu1pGxza4NGsxfqxoSTPA6acPA12pshj0xddfda reported in #832

Could we be a little less annoying and not fire if there is a letter before the 0x substring? This should not diminish detecting actual attacks.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:8

github_iconTop GitHub Comments

1reaction
CRS-migration-botcommented, May 13, 2020

User lifeforms commented on date 2020-04-06 15:08:18:

The great thing is that wjwoodson already fixed this in #1662, so this issue can be closed!

0reactions
CRS-migration-botcommented, May 13, 2020

User dune73 commented on date 2020-03-04 08:07:57:

Decision during the CRS project chat on March 2, 2020: lifeforms will take this on.

https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1683#issuecomment-593584538

Read more comments on GitHub >

github_iconTop Results From Across the Web

Rule 942450 (SQL Hex Encoding Identified) too lax? #833
Rule 942450 (SQL Hex Encoding Identified; PL2) gives FPs in alphanumeric strings that contain the substring 0x.
Read more >
How to tune your WAF installation to reduce false positives
Optimizing your NGINX setup with a tuned ModSecurity / Core Rule Set ... Attribute Injection 8188 942450 SQL Hex Encoding Identified.
Read more >
The OWASP ModSecurity Core Rule Set 3.0 - LWN.net
ModSecurity would alert on every request of the session with messages pointing to rule 981260 "SQL Hex Encoding Identified" (rule).
Read more >
Handling False Positives with the OWASP ... - netnea
942450 looks for strings of the pattern 0x with two additional hexadecimal digits. This is a hexadecimal encoding which can point to an...
Read more >
Azure WAF - OAuth 2.0 tokens, SQLi's, and false positives
This rule set protects your web application from common threats defined in the ... which is in this is 942450 - SQL Hex...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Rule 218500 False positives

Next page

phpMyAdmin "on" cookie blocked by libinjection