mod_security rule for Joomla com_properties [aid] vulnerability

Here’s a mod_security2 rule to block the latest SQL injection vulnerability in a popular Joomla module ‘com_properties’ dated 4/10/2010:

SecRule ARGS:option "com_properties" "phase:1,chain,drop,t:htmlEntityDecode,t:urlDecode,t:lowercase,deny,log,auditlog,msg:'Denied Joomla Component com_properties[aid] SQL Injection Vulnerability'"
SecRule ARGS:aid "\D"

Don’t expect this to be a substitute for updating your vulnerable code, but it will at least buy you and your clients time.

It never ceases to amaze me how incredibly careless PHP programmers are:

http://www.exploit-db.com/exploits/12136

One Response to mod_security rule for Joomla com_properties [aid] vulnerability

  1. Amit says:

    Hi Sir, could you please elaborate
    in which file i need to go and where i need to write this code,
    I am not wise in programming, please help step by step.

    Thanks
    Amit