|
From: Ryan B. <RBa...@tr...> - 2010-10-27 15:20:34
|
On 10/27/10 10:59 AM, "robert mena" <rob...@gm...> wrote: > well, i was not url_encoding the string before trying on the server. It > worked. > > Unfortunately I found an error message > > Rule execution error - PCRE limits exceeded (-8): (null). > > Searching in google I found very old messages (back to 2004?) and some new (in > ASL forum) but no conclusive answer of how to solve it and why it was > triggered. > > When those errors happen what occurs with the request? Is it allowed or > dropped? > Please refer to this recent thread - http://article.gmane.org/gmane.comp.apache.mod-security.user/7864 > > On Wed, Oct 27, 2010 at 9:45 AM, Ryan Barnett <RBa...@tr...> wrote: >> On 10/27/10 9:21 AM, "robert mena" <rob...@gm...> wrote: >> >>> Hi, >>> >>> Is there a way to test with standard attack vectors to see if mod_security >>> is >>> blocking the attemps for (example), sql injection? >>> >>> I've enabled and tried with www.mysite.com/?u=1 <http://www.mysite.com/?u=1> >>> <http://www.mysite.com/?u=1> >>> OR 1=1 but no message is logged in /var/log/httpd/error-log >>> >> >> What rule set are you using? When I test your payload against our public >> OWASP Core Rule Set (CRS) Demo is triggers SQL Injection alerts - >> http://www.modsecurity.org/demo/phpids?test=1+OR+1%3D1 >> >> -Ryan |
