modsecurity libinjection false positive

Question

modsecurity libinjection false positive

edgreenberg opened this issue 7 years ago · 3 comments

ModSecurity reports:

[data "Matched Data: novc found within ARGS:LoginPassword: il0veGrandpa!@#"]

I'm not sure what it's objecting to. It's pretty clear that I'm going to have to disable the rule, but I was hoping for an explanation.

Taking a look at fingerprints2sqli.py I don't see how il0vegrandpa!@# translates into anything offensive.

Answer 1 · 2019-11-07T17:47:35.000Z

I'm having the exact same issue with the same pattern - "!@#" at the end of password ARG

Answer 2 · 2024-05-10T19:28:47.000Z

We are facing the same issue. The user's password ends in !@#.

Answer 3 · 2024-08-09T15:20:44.000Z

Not to raise a corpose, but was a workaround ever discovered? Is it literally those 3 specific characters in that specific order? Is it that it can't end with a # symbol? Is it because those 3 characters in that order can't be at the end?