I used Vega scanner to test my web application and it found some Shell Injection vulnerabilities that can be found by entering commands like these:
GET /http:/mywebsite.com/?s="%20%3B%20/bin/sleep%2031%20%3B
GET /http:/mywebsite.com/http:/http:/mywebsite.com/?s="%20%3B%20/bin/sleep%2031%20%3B
I'm running Windows Server with IIS and PHP. A portion of my web.config file is here:
<requestFiltering>
<denyUrlSequences>
<add sequence="module" />
<add sequence="engine" />
<add sequence="tpl(\.php" />
<add sequence="profile" />
<add sequence="Root" />
<add sequence="Tag" />
<add sequence="Template" />
<add sequence="Repository" />
<add sequence="code-style" />
<add sequence="GET /?p=/./" />
<add sequence="/?p=/./" />
<add sequence="/?" />
<add sequence="/?p=/./ HTTP/1.1" />
<add sequence="/bin/sleep" />
<add sequence="sleep" />
<add sequence="bin" />
<add sequence="{" />
<add sequence="}" />
<add sequence=";" />
<add sequence="|" />
<add sequence="~" />
</denyUrlSequences>
</requestFiltering>
What I'm trying to do is block these types of queries from being used by using the web.config file. What I have above should be blocking the malicious queries, but it appears to not be working even after updating the web.config and rescanning. Could anyone give me advice on how to proceed please? Thank you very much!
Aucun commentaire:
Enregistrer un commentaire