Results 1 to 6 of 6
  1. #1

    mod security issue

    PHP Code:
    if(isset($_GET['new'])){

    if(
    $_POST){
    if(
    $_POST['name']!="" && $_POST['url']!="" && $_POST['feed']!="")
    {
    if(
    ctype_digit($_POST['id'])){$db->query("UPDATE b SET aname='{$_POST[name]}',
    url='
    {$_POST[url]}', feed='{$_POST[feed]}' WHERE ID='{$_POST[id]}' LIMIT 1");
    }
    else{
    $db->query("INSERT INTO blogs SET aname='{$_POST[name]}',
    url='
    {$_POST[url]}', feed='{$_POST[feed]}'");}
    header("location:$mainurl/a.php");die;
    }} 
    What could be wrong with this one that mod security blocks it?
    Last edited by DjiXas; 05-09-2008 at 05:17 PM.

  2. #2
    Message: Access denied with code 500 (phase 2). Pattern match "(ht|f)tps?:/" at ARGS:url.

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Code:
    $_POST['url']
    I am assuming you are inserting urls?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  4. #4
    Yes, you are right. Is there any other function to use or just have to turn off mod security?

  5. #5
    Join Date
    Sep 2003
    Location
    Earth!
    Posts
    55
    Whose rules are you using? Im pretty sure we have adjusted the gotroot.com rules for that condition.
    Secure your server now: Atomic Secured Linux
    Troubleshooting Linux Firewalls in stores today

  6. #6
    Programmer fixed that. As he said: it looks like you can't post file.php?id or file.php?id=1, only file.php

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •