I hereby claim:
- I am csanders-git on github.
- I am csanders (https://keybase.io/csanders) on keybase.
- I have a public key ASDgoXVuEsya9hFkrCY_Uc_t5-1pP1dlmXkKtc9S2gNBugo
To claim this, I am signing this object:
Chaim Sanders csanders-git
csanders-git
/ gist:f7b5705833b58946670f312805770a85
Last active
June 15, 2016 19:03
Wordpress Issues with ModSecurity CRS 3.x (Paranoid Level 1)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Admin Panel update Plugins (http://localhost/wordpress/wp-admin/update-core.php?action=do-plugin-upgrade) | |
| [Wed Jun 15 14:36:21.690882 2016] [:error] [pid 25627] [client 127.0.0.1:46356] [client 127.0.0.1] ModSecurity: Warning. Matched phrase "HTTP_REFERER" at ARGS_NAMES:_wp_http_referer. [file "/etc/httpd/modsecurity.d/owasp-crs/rules/REQUEST-33-APPLICATION-ATTACK-PHP.conf"] [line "161"] [id "933130"] [rev "2"] [msg "PHP Injection Attack: Variables Found"] [data "Matched Data: HTTP_REFERER found within ARGS_NAMES:_wp_http_referer: _wp_http_referer"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "Host: localhost"] [tag "application-multi"] [tag "language-PHP"] [tag "platform-multi"] [tag "attack-PHP injection"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "localhost"] [uri "/wordpress/wp-admin/update-core.php"] [unique_id "V2GgJfQj4SI7xgr9--iITQAAAAc"], referer: http://localhost/wordpress/wp-admin/update-core.php | |
| Admin Panel reinstall vers |
csanders-git
/ gist:d384d3ac1520b1c44d5e3c0f7e70d3ea
Last active
June 28, 2016 17:08
'*' on different ModSecurity platforms
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Nginx path is relative to /usr/local/nginx/conf/ where as apache path is relative /etc/httpd/ | |
| Apache on Fedora 22 | |
| [Tue Jun 28 10:17:51.897993 2016] [:error] [pid 16064] [client 127.0.0.1:60804] [client 127.0.0.1] ModSecurity: Warning. String match "test1" at ARGS:x. [file "/etc/httpd/modsecurity.d/test/00-Apple.conf"] [line "1"] [id "2"] [hostname "localhost"] [uri "/"] [unique_id "V3KHD6xav4f8Y24ITw-fywAAAAI"] | |
| [Tue Jun 28 10:17:51.898134 2016] [:error] [pid 16064] [client 127.0.0.1:60804] [client 127.0.0.1] ModSecurity: Warning. String match "test1" at ARGS:x. [file "/etc/httpd/modsecurity.d/test/00-apple.conf"] [line "1"] [id "3"] [hostname "localhost"] [uri "/"] [unique_id "V3KHD6xav4f8Y24ITw-fywAAAAI"] | |
| [Tue Jun 28 10:17:51.898236 2016] [:error] [pid 16064] [client 127.0.0.1:60804] [client 127.0.0.1] ModSecurity: Warning. String match "test1" at ARGS:x. [file "/etc/httpd/modsecurity.d/test/Apple-00.conf"] [line "1"] [id "4"] [hostname "localhost"] [uri "/"] [unique_id "V3KHD6xav4f8Y24ITw-fywAAAAI"] | |
| [Tue J |
csanders-git
/ Update.py with argparse
Last active
August 2, 2016 17:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| Install upgrades to the ModSecurity CRS and/or GeoIP country database. | |
| Usage: util/upgrade.py [--cron] [--quiet] [crs] [geoip] | |
| crs: Upgrade the CRS using Git | |
| geoip: Upgrade the MaxMind GeoLite Country database from maxmind.com | |
| --cron: Randomly sleep 0-3 minutes before downloading, use from cron | |
| --quiet: Be quiet unless an error occurred |
csanders-git
/ keybase.md
Last active
September 20, 2019 19:03