[Owasp-modsecurity-core-rule-set] FW: [JIRA] Resolved: (CORERULES-32) SQL Injection rules should be case-insensitive
Ryan Barnett
Ryan.Barnett at breach.com
Wed Feb 24 09:22:41 EST 2010
[ https://www.modsecurity.org/tracker/browse/CORERULES-32?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Barnett resolved CORERULES-32.
-----------------------------------
Resolution: Fixed
Fix Version/s: 2.0
Fixed in v2.0.6
> SQL Injection rules should be case-insensitive
> ----------------------------------------------
>
> Key: CORERULES-32
> URL: https://www.modsecurity.org/tracker/browse/CORERULES-32
> Project: Core Rules
> Issue Type: Bug
> Security Level: New
> Affects Versions: 2.0.0
> Environment: mod_security-2.5.12 Windows
> Reporter: Tom Donovan
> Assignee: Ryan Barnett
> Fix For: 2.0
>
>
> Rules in modsecurity_crs_41_sql_injection_attacks.conf should not be case-sensitive (t:lowercase).
> SQL language keywords are never case-sensitive. Table names, column names, etc. vary by database whether they are case-sensitive.
> Example:
> http://hostname/?;delete from myTable; is denied by 959075
> http://hostname/?;DELETE FROM myTable; is not denied by 959075
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://www.modsecurity.org/tracker/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the Owasp-modsecurity-core-rule-set
mailing list