New Sophos Support Phone Numbers in Effect July 1st, 2023

sql injection

Hi guys,

can someone tell met if this means that utm has done his job and stop de SQL injection?

2023:02:22-11:37:33 securitysrv1-2 httpd[3325]: [security2:error] [pid 3325:tid 3932240752] [client 185.191.171.17:22598] [client 185.191.171.17] ModSecurity: Warning. Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:so. [file "/usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:so: r6AU1uTuw2IhNwyiLZTyvrxUCRJx942Mn62k6y4BUMBtviTorZekBoewAuQvlSfaUgh2-U_ZuBMeyTykM3c8bhPNGQhY4C4mM__TRHfUv3Qf6xoTDtBJZbr7ni9ZgKbyY8BYo0v1Sxbeuul8ukHqHX7XX40DkKJxjIRkm7ChMcYVmKTY9vnqY3oEVIowkpdv0lthuiUBR6NlyAPgkIoXz8PQU2CDBfIAwq5xvZUwnvHC-oUV4LFtN9t9z07kMd0EKeu3OlsksuggJ2yJh3VsXkO35CKmRRSJ0aJS6khZgOMp7YnO_muuUpkDTrCXdOVcRzm772IHcctDDCyuk0ZySAPXdTUeh6FLdzoGD86MWmeZCUITyrzcQcLCxeXpyNAFpo0ZsJuSJXogo-HnbTyc-w2"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "8"] [tag] [hostname "XXi-nu.nl"] [uri "/XXe.aspx"] [unique_id "Y_XwbTjqKQXGMixwt5o_UwAAARE"]


2023:02:22-11:37:34 securitysrv1-2 httpd[3325]: [security2:error] [pid 3325:tid 3932240752] [client 185.191.171.17:22598] [client 185.191.171.17] ModSecurity: Warning. Operator LT matched 5 at TX:inbound_anomaly_score. [file "/usr/apache/conf/waf/modsecurity_crs_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 3, SQLi=1, XSS=): Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [hostname "XX-nu.nl"] [uri "/XXcollectie.aspx"] [unique_id "Y_XwbTjqKQXGMixwt5o_UwAAARE"]


2023:02:22-11:37:34 securitysrv1-2 httpd: id="0299" srcip="185.191.171.17" localip="62.221.XX.184" size="12009" user="-" host="185.191.171.17" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="213677" url="/XXcollectie.aspx" server="XX-nu.nl" port="80" query="?so=r6AU1uTuw2IhNwyiLZTyvrxUCRJx942Mn62k6y4BUMBtviTorZekBoewAuQvlSfaUgh2-U_ZuBMeyTykM3c8bhPNGQhY4C4mM__TRHfUv3Qf6xoTDtBJZbr7ni9ZgKbyY8BYo0v1Sxbeuul8ukHqHX7XX40DkKJxjIRkm7ChMcYVmKTY9vnqY3oEVIowkpdv0lthuiUBR6NlyAPgkIoXz8PQU2CDBfIAwq5xvZUwnvHC-oUV4LFtN9t9z07kMd0EKeu3OlsksuggJ2yJh3VsXkO35CKmRRSJ0aJS6khZgOMp7YnO_muuUpkDTrCXdOVcRzm772IHcctDDCyuk0ZySAPXdTUeh6FLdzoGD86MWmeZCUITyrzcQcLCxeXpyNAFpo0ZsJuSJXogo-HnbTyc-w2" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y_XwbTjqKQXGMixwt5o_UwAAARE"

Parents Reply Children