On 10/27/10 10:59 AM, "robert mena" <rob...@gm...> wrote:
> well, i was not url_encoding the string before trying on the server. It
> worked.
>
> Unfortunately I found an error message
>
> Rule execution error - PCRE limits exceeded (-8): (null).
>
> Searching in google I found very old messages (back to 2004?) and some new (in
> ASL forum) but no conclusive answer of how to solve it and why it was
> triggered.
>
> When those errors happen what occurs with the request? Is it allowed or
> dropped?
>
Please refer to this recent thread -
http://article.gmane.org/gmane.comp.apache.mod-security.user/7864
>
> On Wed, Oct 27, 2010 at 9:45 AM, Ryan Barnett <RBa...@tr...> wrote:
>> On 10/27/10 9:21 AM, "robert mena" <rob...@gm...> wrote:
>>
>>> Hi,
>>>
>>> Is there a way to test with standard attack vectors to see if mod_security
>>> is
>>> blocking the attemps for (example), sql injection?
>>>
>>> I've enabled and tried with www.mysite.com/?u=1 <http://www.mysite.com/?u=1>
>>> <http://www.mysite.com/?u=1>
>>> OR 1=1 but no message is logged in /var/log/httpd/error-log
>>>
>>
>> What rule set are you using? When I test your payload against our public
>> OWASP Core Rule Set (CRS) Demo is triggers SQL Injection alerts -
>> http://www.modsecurity.org/demo/phpids?test=1+OR+1%3D1
>>
>> -Ryan
|