[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] block requests with the same param more than once
From:       Ryan Barnett <RBarnett () trustwave ! com>
Date:       2014-04-17 13:30:06
Message-ID: CF754F26.EE901%rbarnett () trustwave ! com
[Download RAW message or body]

This is basically an "HTTP Parameter Pollution" issue -
http://tacticalwebappsec.blogspot.com/2009/05/http-parameter-pollution.html

We have some PoC rules here -
https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/experimenta
l_rules/modsecurity_crs_40_http_parameter_pollution.conf


This rule will use "setvar" to count each parameter by name and if there
are any @gt 1 it will trigger.

Ryan Barnett
Lead Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com <http://www.trustwave.com/>




On 4/17/14 8:50 AM, "Reindl Harald" <h.reindl@thelounge.net> wrote:

> is there a way to block requests like below?
> "action=whois&amp;action=send_single_mail"
> 
> in fact that happended due development to myself
> as well as sometimes somebody moves get args in
> a form into a hidden field and forget the old one
> 
> so i would like on development machines throw an
> error if the same var-name comes more than once
> independent of GET, POST or both
> 


________________________________

This transmission may contain information that is privileged, confidential, and/or \
exempt from disclosure under applicable law. If you are not the intended recipient, \
you are hereby notified that any disclosure, copying, distribution, or use of the \
information contained herein (including any reliance thereon) is strictly prohibited. \
If you received this transmission in error, please immediately contact the sender and \
destroy the material in its entirety, whether in electronic or hard copy format.


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/


[prev in list] [next in list] [prev in thread] [next in thread]