False Positive valid JSON input being caught by 942260 V3.1.0 #1907
Assignees
Labels
Comments
|
@KevinDyer-3DS Thanks for reporting. Just a small question: do you have the JSON processor enabled properly? |
|
Thanks for reporting this issue. Can you give us more information and the full error message showing the matching data? Thank you. |
|
Closing this now... Please reopen the issue if the problem persists. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
JSON data in the request object are being blocked by 942260
Core Rule Set V3.1.0
"2020-10-16T11:39:19.747Z","/3ddashboard/api/widget-instances/reorder","Detects basic SQL authentication bypass attempts 2/3",942260,Matched,"Warning. Pattern match ""(?i:(?:[""'
]\\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\\|\\||and|div|&&)\\s+[\\s\\w]+=\\s*?\\w+\\s*?having\\s+|like(?:\\s+[\\s\\w]+=\\s*?\\w+\\s*?having\\s+|\\W*?[\""'\d])|[^?\\w\\s=.,;)(]+\s*?[(@""']*?\\s*?\\w+\\W+\\w|\\*\\s*?\\w+\\W+[\""'])|(?:union\s*?(?:distinct|[(!@]*?|all)?\s"" at ARGS:children.coordinates .... ","3.1.0","176.25.235.253"{"parentId":"9L12rBWAt104N0zBgW10","children":[{"id":"9L12rBWAt104N0zBgW12","coordinates":"{"desktop":{"sizex":4,"sizey":6,"row":1,"col":5}}"},{"id":"9L12rBWAt104N0zBgW11","coordinates":"{"desktop":{"sizex":4,"sizey":6,"row":1,"col":1}}"}]}
Running the regex and payload through a regex tester there are 12 matches with the above payload.
Match 1
Full match 10-37 ":"9L12rBWAt104N0zBgW10","c
Match 2
Full match 44-55 ":[{"id":"9
Match 3
Full match 88-108 ":"{"desktop":{"s
Match 4
Full match 113-120 ":4,"s
Match 5
Full match 125-132 ":6,"r
Match 6
Full match 135-142 ":1,"c
Match 7
Full match 145-156 ":5}}"},{"i
Match 8
Full match 157-184 ":"9L12rBWAt104N0zBgW11","c
Match 9
Full match 194-214 ":"{"desktop":{"s
Match 10
Full match 219-226 ":4,"s
Match 11
Full match 231-238 ":6,"r
Match 12
Full match 241-248 ":1,"c
The text was updated successfully, but these errors were encountered: