Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sql injection

Hi guys,

can someone tell met if this means that utm has done his job and stop de SQL injection?

2023:02:22-11:37:33 securitysrv1-2 httpd[3325]: [security2:error] [pid 3325:tid 3932240752] [client 185.191.171.17:22598] [client 185.191.171.17] ModSecurity: Warning. Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:so. [file "/usr/apache/conf/waf/modsecurity_crs_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:so: r6AU1uTuw2IhNwyiLZTyvrxUCRJx942Mn62k6y4BUMBtviTorZekBoewAuQvlSfaUgh2-U_ZuBMeyTykM3c8bhPNGQhY4C4mM__TRHfUv3Qf6xoTDtBJZbr7ni9ZgKbyY8BYo0v1Sxbeuul8ukHqHX7XX40DkKJxjIRkm7ChMcYVmKTY9vnqY3oEVIowkpdv0lthuiUBR6NlyAPgkIoXz8PQU2CDBfIAwq5xvZUwnvHC-oUV4LFtN9t9z07kMd0EKeu3OlsksuggJ2yJh3VsXkO35CKmRRSJ0aJS6khZgOMp7YnO_muuUpkDTrCXdOVcRzm772IHcctDDCyuk0ZySAPXdTUeh6FLdzoGD86MWmeZCUITyrzcQcLCxeXpyNAFpo0ZsJuSJXogo-HnbTyc-w2"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "8"] [tag] [hostname "XXi-nu.nl"] [uri "/XXe.aspx"] [unique_id "Y_XwbTjqKQXGMixwt5o_UwAAARE"]


2023:02:22-11:37:34 securitysrv1-2 httpd[3325]: [security2:error] [pid 3325:tid 3932240752] [client 185.191.171.17:22598] [client 185.191.171.17] ModSecurity: Warning. Operator LT matched 5 at TX:inbound_anomaly_score. [file "/usr/apache/conf/waf/modsecurity_crs_correlation.conf"] [line "33"] [id "981203"] [msg "Inbound Anomaly Score (Total Inbound Score: 3, SQLi=1, XSS=): Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [hostname "XX-nu.nl"] [uri "/XXcollectie.aspx"] [unique_id "Y_XwbTjqKQXGMixwt5o_UwAAARE"]


2023:02:22-11:37:34 securitysrv1-2 httpd: id="0299" srcip="185.191.171.17" localip="62.221.XX.184" size="12009" user="-" host="185.191.171.17" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="213677" url="/XXcollectie.aspx" server="XX-nu.nl" port="80" query="?so=r6AU1uTuw2IhNwyiLZTyvrxUCRJx942Mn62k6y4BUMBtviTorZekBoewAuQvlSfaUgh2-U_ZuBMeyTykM3c8bhPNGQhY4C4mM__TRHfUv3Qf6xoTDtBJZbr7ni9ZgKbyY8BYo0v1Sxbeuul8ukHqHX7XX40DkKJxjIRkm7ChMcYVmKTY9vnqY3oEVIowkpdv0lthuiUBR6NlyAPgkIoXz8PQU2CDBfIAwq5xvZUwnvHC-oUV4LFtN9t9z07kMd0EKeu3OlsksuggJ2yJh3VsXkO35CKmRRSJ0aJS6khZgOMp7YnO_muuUpkDTrCXdOVcRzm772IHcctDDCyuk0ZySAPXdTUeh6FLdzoGD86MWmeZCUITyrzcQcLCxeXpyNAFpo0ZsJuSJXogo-HnbTyc-w2" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="Y_XwbTjqKQXGMixwt5o_UwAAARE"



This thread was automatically locked due to age.
Parents Reply
  • Hi Aresh,

    Is your question about access via Webserver Protection or to WebAdmn?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data