xanubi
May 23, 2014, 3:21pm
#1
#1
ModSecurity: Access denied with code 403 (phase 2). Match of “contains google_ad” against “MATCHED_VAR” required.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “23”]
[id “212000”] [msg “COMODO WAF: XSS Filter - Category 1: Script Tag Vector”]
[data “Matched Data: found within MATCHED_VAR: \x0d\x0a\x0d\x0a\x09\x0d\x0a <td class=\x22lista_topo delete\x22 title=\x22Import\x22>IMP\x0d\x0a\x09\x0d\x0a\x09\x0d\x0a\x09<td class=…”]
[severity “CRITICAL”] [uri “/bo/frames/encomendas/print.php”]
xanubi
May 23, 2014, 3:34pm
#2
#2
ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i)([\\s\”'`;\\/0-9\\=]+on\\w+\\s*=)" at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “35”]
[id “212010”] [msg “COMODO WAF: XSS Filter - Category 2: Event Handler Vector”]
[data “Matched Data: \x22 onsubmit= found within ARGS:tabelaencomenda: \x0d\x0a\x0d\x0a\x09\x0d\x0a <td class=\x22lista_topo delete\x22 title=\x22Import\x22>IMP\x0d\x0a\x09\x0d\x0a\x09\x0d\x0a\x09
Pick
REF
Fornecedor
…”]
[severity “CRITICAL”] [uri “/bo/frames/encomendas/print.php”]
xanubi
May 23, 2014, 3:42pm
#3
#3
ModSecurity: Access denied with code 403 (phase 2). Pattern match “\\bonsubmit\\b[^a-zA-Z0-9_]{0,}?=” at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “471”]
[id “212400”] [msg “COMODO WAF: Cross-site Scripting (XSS) Attack”]
[data “Matched Data: onsubmit= found within ARGS:tabelaencomenda: <td class=\x22lista_topo delete\x22 title=\x22import\x22>imp
pick ref fornecedor loc tmnh</t…”]
[severity “CRITICAL”] [uri “/bo/frames/encomendas/print.php”]
xanubi
May 23, 2014, 3:47pm
#4
#4
ModSecurity: Access denied with code 403 (phase 2). Pattern match “\\bhref\\b[^a-zA-Z0-9_]{0,}?\\bjavascript:” at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “507”]
[id “212430”] [msg “COMODO WAF: Cross-site Scripting (XSS) Attack”]
[data “Matched Data: href=\x22javascript: found within ARGS:tabelaencomenda: <td class=\x22lista_topo delete\x22 title=\x22import\x22>imp <td class=\x22lista_topo\x22 title=\x22tamanho\…”]
[severity “CRITICAL”] [uri “/bo/frames/encomendas/print.php”]
xanubi
May 23, 2014, 3:56pm
#5
#5
ModSecurity: Access denied with code 403 (phase 2). Pattern match “< {0,1}script\\b” at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “711”]
[id “212620”] [msg “COMODO WAF: Cross-site Scripting (XSS) Attack”]
[data “Matched Data: <script found within ARGS:tabelaencomenda: <td class=\x22lista_topo delete\x22 title=\x22import\x22>imp…”]
[severity “CRITICAL”] [uri “/bo/frames/encomendas/print.php”]
pick ref fornecedor loc tmnh
xanubi
May 23, 2014, 3:57pm
#6
#6
ModSecurity: Access denied with code 403 (phase 2). String match within “.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/” at TX:extension.
[file “/var/cpanel/cwaf/rules/cwaf_01.conf”] [line “450”]
[id “210730”] [msg “COMODO WAF: URL file extension is restricted by policy”]
[data “.com”]
[severity “CRITICAL”] [uri “/casadascontas.com”]
xanubi
May 23, 2014, 4:00pm
#7
#7
ModSecurity: Access denied with code 403 (phase 2). Pattern match “\\bon(abort|blur|change|click|dblclick|dragdrop|error|focus|keydown|keypress|keyup|load|mousedown|mousemove|mouseout|mouseover|mouseup|move|readystatechange|reset|resize|select|submit|unload)\\b[^a-zA-Z0-9_]{0,}?=” at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “829”]
[id “212750”] [msg “COMODO WAF: XSS Attack Detected”]
[data “Matched Data: onsubmit= found within ARGS:tabelaencomenda: \x0d\x0a\x0d\x0a\x09\x0d\x0a <td class=\x22lista_topo delete\x22 title=\x22import\x22>imp\x0d\x0a\x09\x0d\x0a\x09\x0d\x0a\x09
pick
ref
fornecedor
loc</…”]
[uri “/bo/frames/encomendas/print.php”]
xanubi
May 23, 2014, 4:02pm
#8
#8
ModSecurity: Access denied with code 403 (phase 2). Pattern match “(asfunction|data|javascript|livescript|mocha|vbscript):” at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “839”]
[id “212770”] [msg “COMODO WAF: XSS Attack Detected”]
[data “Matched Data: javascript: found within ARGS:tabelaencomenda: <tablewidth=\x22100%\x22id=\x22produtos\x22><tdclass=\x22lista_topo\x22title=\x22picking\x22>pick<tdclass=\x22lista_topodelete\x22title=\x22import\x22>imp<tdclass=\x22lista_topo\x22title=\x22refer\xeancia\x22>ref<tdclass=\x22lista_topo\x22title=\x22fornecedor\x22>fornecedor<tdclass=\x22lista_topo\x22title=\x22localiza\xe7\xe3o\x22>loc<tdclass=\x22lista_topo\x22title=\x22tamanho\x22>tmnh<tdclass=\x22lista…”]
[uri “/bo/frames/encomendas/print.php”]
xanubi
May 23, 2014, 4:04pm
#9
#9
ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:(?:create[\\t\\n\\r ]{1,}function[\\t\\n\\r ]{1,}[a-zA-Z0-9_]{1,}[\\t\\n\\r ]{1,}returns)|(?:;[\\t\\n\\r ]{0,}?(?:alter|create|delete|desc|insert|load|rename|select|truncate|update)[\\t\\n\\r ]{0,}?[(\\[]{0,1}[a-zA-Z0-9_]{2,}))” at ARGS:descricao_l1.
[file “/var/cpanel/cwaf/rules/cwaf_02.conf”] [line “601”]
[id “211820”] [msg “COMODO WAF: Detects MySQL UDF injection and other data/structure manipulation attempts”]
[data “Matched Data: ; descartavel found within ARGS:descricao_l1:
Agora não precisa de contratar uma empresa de Balões. Faça voçê mesmo.
[severity “CRITICAL”] [uri “/bo/frames/produtos/editar2.php”]
xanubi
May 23, 2014, 4:12pm
#10
#10
ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:<script.{0,}?>)” at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “934”]
[id “212870”] [msg “COMODO WAF: IE XSS Filters - Attack Detected.”]
[data “Matched Data: found within ARGS:tabelaencomenda: <td class=\x22lista_topo delete\x22 title=\x22Import\x22>IMP
Pick REF Fornecedor LOC Tmnh</td…”]
[uri “/bo/frames/encomendas/print.php”]
xanubi
May 23, 2014, 4:17pm
#11
#11
ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:(j|(&#x {0,1}0{0,}((74)|(4A)|(106)|(6A));{0,1}))([\\r]|(&((#x {0,1}0{0,}(9|A|D|(13)|(10));{0,1})|(tab;)|(newline;)))){0,}(a|(&#x {0,1}0{0,}((65)|(41)|(97)|(61));{0,1}))([\\r]|(&((#x {0,1}0{0,}(9|A|D|(13)|(10));{0,1})|(tab;)|(newline;)))){0,}(v|(&#x {0,1 …” at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “984”]
[id “212920”] [msg “COMODO WAF: IE XSS Filters - Attack Detected.”]
[data “Matched Data: javascript:a found within ARGS:tabelaencomenda: <td class=\x22lista_topo delete\x22 title=\x22Import\x22>IMP
Pick REF Fornecedor LOC Tmnh…”]
[uri “/bo/frames/encomendas/print.php”]
xanubi
May 23, 2014, 4:21pm
#12
#12
ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:[\\r \”'+/`]style[\\r +/]{0,}?=.{0,}([:=]|(&#x {0,1}0{0,}((58)|(3A)|(61)|(3D));{0,1})).{0,}?([(\\\\]|(&#x {0,1}0{0,}((40)|(28)|(92)|(5C));{0,1})))" at ARGS:tabelaencomenda.
[file “/var/cpanel/cwaf/rules/cwaf_03.conf”] [line “1117”]
[id “213100”] [msg “COMODO WAF: IE XSS Filters - Attack Detected.”]
[data “Matched Data: style=\x22background-color:#f8f8f8 \x22> <form id=\x22pr_0\x22 method=\x22POST\x22 action=\x22/bo/frames/encomendas/editar.php?id=40379#pr_0\x22> <input type=\x22text\x22 name=\x22q\x22 value=\x22\x22 style=\x22text-align:center; background-color:#FFF !important; border:1px solid #888 ; width:25px;\x22> <input type=\…”]
[uri “/bo/frames/encomendas/print.php”]
Thank you. These false positives will be processed.
xanubi
May 27, 2014, 4:29pm
#14
#13
ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count.
[file “/var/cpanel/cwaf/rules/cwaf_02.conf”] [line “422”]
[id “211530”] [msg “COMODO WAF: SQL SELECT Statement Anomaly Detection Alert”]
[data “Matched Data: Accept-Language found within TX:sqli_select_statement_count: 4”]
[uri “/bo/frames/produtos/exportar.php”]