Skip to content

Instantly share code, notes, and snippets.

@naveeninja

naveeninja/www.lhs.com.my

Created April 24, 2017 09:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save naveeninja/5eb2468dffe8aca2c21a921bbca65f75 to your computer and use it in GitHub Desktop.
Save naveeninja/5eb2468dffe8aca2c21a921bbca65f75 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
www.lhs.com.my
{
"id": "354101ce302c4032",
"country": "TR",
"ip": "94.121.170.48",
"protocol": "HTTP/1.1",
"method": "GET",
"host": "www.lhs.com.my",
"user_agent": "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1",
"uri": "/wp-login.php",
"request_duration": 5208999936,
"triggered_rule_ids": [
"950001",
"950007",
"950901",
"950911",
"958030",
"958039",
"958049",
"958051",
"958056",
"958057",
"959073",
"960011",
"960024",
"973300",
"973301",
"973302",
"973304",
"973306",
"973314",
"973315",
"973316",
"973321",
"973322",
"973327",
"973329",
"973330",
"973331",
"973332",
"973333",
"973334",
"973335",
"973336",
"973338",
"973344",
"973348",
"981133",
"981136",
"981176",
"981231",
"981240",
"981243",
"981245",
"981246",
"981247B",
"981248",
"981250",
"981257",
"981302",
"981303",
"981318",
"981319"
],
"action": "challenge",
"cloudflare_location": "SOF",
"occurred_at": "2017-04-23T13:00:40.03Z",
"rule_detail": [
{
"id": "960011",
"description": "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ-REQUEST_HEADERS:CONTENT-LENGTH=93300"
},
{
"id": "960024",
"description": "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION-ARGS:\n\n \n<!DOCTYPE HTML>\n<!--\n ______ _______ _______ _______ ______ _____ __ _ _______ _____ _____ ______ _______\n | \\ |______ |_____| | |______ |_____/ | | \\ | |______ |_____] | |_____/ |______\n |_____/ |______ | | |_____ |______ | \\_ __|__ | \\_| ______| | __|__ | \\_ |______\n\n VISIT HTTP://WWW.DEALERINSPIRE.COM TO INSPIRE YOUR VISITORS AND TURN THEM INTO CUSTOMERS.\n-->\n<!--[IF LT IE 7]><HTML CLASS=\"><!["
},
{
"id": "950911",
"description": "OWASP_CRS/WEB_ATTACK/RESPONSE_SPLITTING-2000000408_129=<html"
},
{
"id": "981231",
"description": "OWASP_CRS/WEB_ATTACK/SQL_INJECTION-ARGS_NAMES:\n\n \n<!DOCTYPE HTML>\n<!--\n ______ _______ _______ _______ ______ _____ __ _ _______ _____ _____ ______ _______\n | \\ |______ |_____| | |______ |_____/ | | \\ | |______ |_____] | |_____/ |______\n |_____/ |______ | | |_____ |______ | \\_ __|__ | \\_| ______| | __|__ | \\_ |______\n\n VISIT HTTP://WWW.DEALERINSPIRE.COM TO INSPIRE YOUR VISITORS AND TURN THEM INTO CUSTOMERS.\n-->\n<!--[IF LT IE 7]><HTML CLASS=0"
},
{
"id": "981318",
"description": "OWASP_CRS/WEB_ATTACK/SQL_INJECTION-2000000408_146=;"
},
{
"id": "981319",
"description": "OWASP_CRS/WEB_ATTACK/SQL_INJECTION-2000000408_146=||"
},
{
"id": "950901",
"description": "OWASP_CRS/WEB_ATTACK/SQL_INJECTION-ARGS_NAMES: JQUERY(WINDOW).WIDTH() > 767;}\n};\nISSMALLMOBILE =WIDTH() > 767"
},
{
"id": "950007",
"description": "OWASP_CRS/WEB_ATTACK/SQL_INJECTION-2000000409_161=SUBSTRING"
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5="
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7="
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9="
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2=name"
},
{
"id": "",
"description": "3=n"
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5=a"
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7=m"
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9=e"
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "950001",
"description": "OWASP_CRS/WEB_ATTACK/SQL_INJECTION-2000000408_146=SUBSTRING("
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5="
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7="
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9="
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2=name"
},
{
"id": "",
"description": "3=n"
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5=a"
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7=m"
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9=e"
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "959073",
"description": "OWASP_CRS/WEB_ATTACK/SQL_INJECTION-2000000408_146=SUBSTRING("
},
{
"id": "981257",
"description": "DETECTS MYSQL COMMENT-/SPACE-OBFUSCATED INJECTIONS AND BACKTICK TERMINATION-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=,\"terms\":[\"schedule service\","
},
{
"id": "981248",
"description": "DETECTS CHAINED SQL INJECTION ATTEMPTS 1/2-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=div id=\""
},
{
"id": "981250",
"description": "DETECTS SQL BENCHMARK AND SLEEP INJECTION ATTEMPTS INCLUDING CONDITIONAL QUERIES-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=;\n if( msie"
},
{
"id": "981245",
"description": "DETECTS BASIC SQL AUTHENTICATION BYPASS ATTEMPTS 2/3-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=\"><![endif]-->\n<!--[i"
},
{
"id": "981240",
"description": "DETECTS MYSQL COMMENTS, CONDITIONS AND CH(A)R INJECTIONS-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=|| jQuery("
},
{
"id": "981246",
"description": "DETECTS BASIC SQL AUTHENTICATION BYPASS ATTEMPTS 3/3-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=\"redirect_url\":\""
},
{
"id": "981247B",
"description": "DETECTS CONCATENATED BASIC SQL INJECTION AND SQLLFI ATTEMPTS-OWASP_CRS/WEB_ATTACK/SQLI-2000000409_167=\t// insert"
},
{
"id": "981243",
"description": "DETECTS CLASSIC SQL INJECTION PROBINGS 2/2-OWASP_CRS/WEB_ATTACK/SQLI-2000000408_146=\"><![endif]--"
},
{
"id": "973336",
"description": "OWASP_CRS/WEB_ATTACK/XSS-ARGS:\n\n \n<!DOCTYPE HTML>\n<!--\n ______ _______ _______ _______ ______ _____ __ _ _______ _____ _____ ______ _______\n | \\ |______ |_____| | |______ |_____/ | | \\ | |______ |_____] | |_____/ |______\n |_____/ |______ | | |_____ |______ | \\_ __|__ | \\_| ______| | __|__ | \\_ |______\n\n VISIT HTTP://WWW.DEALERINSPIRE.COM TO INSPIRE YOUR VISITORS AND TURN THEM INTO CUSTOMERS.\n-->\n<!--[IF LT IE 7]><HTML CLASS=<script type='text/javascript' src='http://www.landroverpalmbeach.com/wp/wp-includes/js/jquery/jquery.js?ver=1.12.4'></script>"
},
{
"id": "973338",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_204=<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">"
},
{
"id": "958057",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_143=<iframe"
},
{
"id": "958049",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_143=<meta"
},
{
"id": "958030",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_143=src='http:"
},
{
"id": "958051",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_143=<script"
},
{
"id": "958056",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_143=iframe src"
},
{
"id": "958039",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_143=type='text/javascript"
},
{
"id": "973300",
"description": "OWASP_CRS/WEB_ATTACK/XSS-ARGS_NAMES:\n\n \n<!DOCTYPE HTML>\n<!--\n ______ _______ _______ _______ ______ _____ __ _ _______ _____ _____ ______ _______\n | \\ |______ |_____| | |______ |_____/ | | \\ | |______ |_____] | |_____/ |______\n |_____/ |______ | | |_____ |______ | \\_ __|__ | \\_| ______| | __|__ | \\_ |______\n\n VISIT HTTP://WWW.DEALERINSPIRE.COM TO INSPIRE YOUR VISITORS AND TURN THEM INTO CUSTOMERS.\n-->\n<!--[IF LT IE 7]><HTML CLASS=<html "
},
{
"id": "973301",
"description": "OWASP_CRS/WEB_ATTACK/XSS-ARGS:\n\n \n<!DOCTYPE HTML>\n<!--\n ______ _______ _______ _______ ______ _____ __ _ _______ _____ _____ ______ _______\n | \\ |______ |_____| | |______ |_____/ | | \\ | |______ |_____] | |_____/ |______\n |_____/ |______ | | |_____ |______ | \\_ __|__ | \\_| ______| | __|__ | \\_ |______\n\n VISIT HTTP://WWW.DEALERINSPIRE.COM TO INSPIRE YOUR VISITORS AND TURN THEM INTO CUSTOMERS.\n-->\n<!--[IF LT IE 7]><HTML CLASS=rel="
},
{
"id": "973302",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_126=text/html"
},
{
"id": "973304",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_136=href="
},
{
"id": "973306",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_136=style="
},
{
"id": "973314",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000408_136=<!doctype"
},
{
"id": "973331",
"description": "OWASP_CRS/WEB_ATTACK/XSS-ARGS:\n\n \n<!DOCTYPE HTML>\n<!--\n ______ _______ _______ _______ ______ _____ __ _ _______ _____ _____ ______ _______\n | \\ |______ |_____| | |______ |_____/ | | \\ | |______ |_____] | |_____/ |______\n |_____/ |______ | | |_____ |______ | \\_ __|__ | \\_| ______| | __|__ | \\_ |______\n\n VISIT HTTP://WWW.DEALERINSPIRE.COM TO INSPIRE YOUR VISITORS AND TURN THEM INTO CUSTOMERS.\n-->\n<!--[IF LT IE 7]><HTML CLASS=<script type='text/javascript' src='http://www.landroverpalmbeach.com/wp/wp-includes/js/jquery/jquery.js?ver=1.12.4'>"
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5="
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7="
},
{
"id": "973315",
"description": "OWASP_CRS/WEB_ATTACK/XSS-ARGS:\n\n \n<!DOCTYPE HTML>\n<!--\n ______ _______ _______ _______ ______ _____ __ _ _______ _____ _____ ______ _______\n | \\ |______ |_____| | |______ |_____/ | | \\ | |______ |_____] | |_____/ |______\n |_____/ |______ | | |_____ |______ | \\_ __|__ | \\_| ______| | __|__ | \\_ |______\n\n VISIT HTTP://WWW.DEALERINSPIRE.COM TO INSPIRE YOUR VISITORS AND TURN THEM INTO CUSTOMERS.\n-->\n<!--[IF LT IE 7]><HTML CLASS=<style type='text/css'>Default CSS Comment</style> <!-- This site is optimized with the Yoast SEO plugin v3.4.2 - https://yoast.com/wordpress/plugins/seo/ --> <title>Page Not Found | Land Rover Palm Beach</title> <meta name=\"robots\" content=\"noindex,follow"
},
{
"id": "973330",
"description": "OWASP_CRS/WEB_ATTACK/XSS-ARGS:\n\n \n<!DOCTYPE HTML>\n<!--\n ______ _______ _______ _______ ______ _____ __ _ _______ _____ _____ ______ _______\n | \\ |______ |_____| | |______ |_____/ | | \\ | |______ |_____] | |_____/ |______\n |_____/ |______ | | |_____ |______ | \\_ __|__ | \\_| ______| | __|__ | \\_ |______\n\n VISIT HTTP://WWW.DEALERINSPIRE.COM TO INSPIRE YOUR VISITORS AND TURN THEM INTO CUSTOMERS.\n-->\n<!--[IF LT IE 7]><HTML CLASS=<script type='text/javascript' src="
},
{
"id": "973327",
"description": "OWASP_CRS/WEB_ATTACK/XSS-ARGS: ( PARSEINT(WINDOW.NAVIGATOR.USERAGENT.SUBSTRING(MSIE 5, WINDOW.NAVIGATOR.USERAGENT.INDEXOF(\".\", MSIE))) ) <=<iframe src="
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5="
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7="
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9="
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2=name"
},
{
"id": "",
"description": "3=n"
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5=a"
},
{
"id": "973322",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=<meta http-equiv=\"C"
},
{
"id": "973348",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=<meta http-equiv=\"Content-Type\" content=\"text/html; charset="
},
{
"id": "973321",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=<link rel=\"shortcut icon\" type=\"image/png\" href="
},
{
"id": "973335",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=\"><![endif]--> <!--[if IE 7]><html class=\"ie7\" lang=\"en\"><![endif]--> <!--[if IE 8]><html class=\"ie8\" lang=\"en\"><![endif]--> <!--[if IE 9]><html class=\"ie9\" lang=\"en\"><![endif]--> <!--[if gt IE 9]><!--> <html class=\"\" lang=\"en\"> <!--<![endif]--> <head> <me"
},
{
"id": "973334",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=\"ie6\" lang=\"en\"><![endif]--> <!--[if IE 7]><html class=\"ie7\" lang=\"en\"><![endif]--> <!--[if IE 8]><html class=\"ie8\" lang=\"en\"><![endif]--> <!--[if IE 9]><html class=\"ie9\" lang=\"en\"><![endif]--> <!--[if gt IE 9]><!--> <html class=\"\" lang=\"en\"> <!--<![endif]"
},
{
"id": "973333",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=\"><![endif]--> <!--[if IE 7]><html class=\"ie7\" lang=\"en\"><![endif]--> <!--[if IE 8]><html class=\"ie8\" lang=\"en\"><![endif]--> <!--[if IE 9]><html class=\"ie9\" lang=\"en\"><![endif]--> <!--[if gt IE 9]><!--> <html class=\"\" lang=\"en\"> <!--<![endif]--> <head> <me"
},
{
"id": "973344",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=\"><![endif]--> <!--[if IE 7]><html class="
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5="
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7="
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9="
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2=name"
},
{
"id": "",
"description": "3=n"
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5=a"
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7=m"
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9=e"
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5="
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7="
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9="
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5="
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7="
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9="
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "",
"description": "5="
},
{
"id": "",
"description": "6="
},
{
"id": "",
"description": "7="
},
{
"id": "",
"description": "8="
},
{
"id": "",
"description": "9="
},
{
"id": "",
"description": "0="
},
{
"id": "973332",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=\"><![endif]--> <!--[if IE 7]><html class=\"ie7\" lang=\"en\"><![endif]--> <!--[if IE 8]><html class=\"ie8\" lang=\"en\"><![endif]--> <!--[if IE 9]><html class=\"ie9\" lang=\"en\"><![endif]--> <!--[if gt IE 9]><!--> <html class=\"\" lang=\"en\"> <!--<![endif]--> <head> <me"
},
{
"id": "973329",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217=<form action=\"/\" id=\"searchform\" class=\"main-search\" role=\"search\" method=\"get\">"
},
{
"id": "",
"description": "0="
},
{
"id": "",
"description": "1="
},
{
"id": "",
"description": "2="
},
{
"id": "",
"description": "3="
},
{
"id": "",
"description": "4="
},
{
"id": "973316",
"description": "OWASP_CRS/WEB_ATTACK/XSS-2000000412_217= style=\"display:none;visibility:hidden\"></iframe></noscript> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement("
},
{
"id": "960011",
"description": "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ-REQUEST_HEADERS:CONTENT-LENGTH"
}
],
"rule_message": "Inbound Anomaly Score Exceeded (Total Score: 225, SQLi=38, XSS=140): Last Matched Message: IE XSS Filters - Attack Detected.",
"type": "waf",
"rule_id": "981176",
"zone_id": "4dafb580fa27a09f77d8f4eb84981e07",
"cookie": ""
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment