|
From: Ryan B. <RBa...@tr...> - 2010-10-27 13:45:22
|
On 10/27/10 9:21 AM, "robert mena" <rob...@gm...> wrote: > Hi, > > Is there a way to test with standard attack vectors to see if mod_security is > blocking the attemps for (example), sql injection? > > I've enabled and tried with www.mysite.com/?u=1 <http://www.mysite.com/?u=1> > OR 1=1 but no message is logged in /var/log/httpd/error-log > What rule set are you using? When I test your payload against our public OWASP Core Rule Set (CRS) Demo is triggers SQL Injection alerts - http://www.modsecurity.org/demo/phpids?test=1+OR+1%3D1 -Ryan |
