Welcome! Log In Create A New Profile

Advanced

Re: using nginx to mitigate the latest joomla-vuln - discussion

mex
December 16, 2015 11:52AM
this one: https://www.nginx.com/blog/new-joomla-exploit-cve-2015-8562/


i'd suggest to change the ua-detection from "JDatabaseDriverMysql"
to a regex detecting the PHP-Object-Injection to cover additional
attack-vectors (like my gurus @ emergingthreats said:
"mitigation against the vuln, not the exploit you should create" :D

i also suggest to delete the "O:" - detection which will lead to
a lot of false positives, as well as using "{" alone.



http {
map $http_user_agent $blocked_ua {

"~O:\+?\d+:.*:\+?\d+:{(s|S):\+?\d+:.*;.*}" 1;
default 0;
}

...

server {
...
if ($blocked_ua) { return 403; }
...
}

...

}




cheers,


mex


p.s. repost, because of forum-snafu
Subject Author Posted

using nginx to mititgate the latest joomla-vuln - discussion

mex December 16, 2015 05:30AM

Re: using nginx to mitigate the latest joomla-vuln - discussion

mex December 16, 2015 11:52AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 56
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready