Skip to content
This repository was archived by the owner on May 14, 2020. It is now read-only.
This repository was archived by the owner on May 14, 2020. It is now read-only.

No libinjection check on last path segment #1328

Closed
Closed
No libinjection check on last path segment#1328
Labels
PR availablethis issue is referenced by an active pull request
@theseion

Description

@theseion
theseion
opened on Mar 21, 2019

The libinjection rule doesn't perform checks against the last path segment. That allows attackers to spam a webserver with URL's like the following:

https://domain.com/a/b/some-page_name999999.1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1

Metadata

Metadata

Assignees

No one assigned

    Labels

    PR availablethis issue is referenced by an active pull request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions