Here’s a mod_security2 rule to block the latest SQL injection vulnerability in a popular Joomla module ‘com_properties’ dated 4/10/2010:
SecRule ARGS:option "com_properties" "phase:1,chain,drop,t:htmlEntityDecode,t:urlDecode,t:lowercase,deny,log,auditlog,msg:'Denied Joomla Component com_properties[aid] SQL Injection Vulnerability'" SecRule ARGS:aid "\D"
Don’t expect this to be a substitute for updating your vulnerable code, but it will at least buy you and your clients time.
It never ceases to amaze me how incredibly careless PHP programmers are:
One Response to mod_security rule for Joomla com_properties [aid] vulnerability
Hi Sir, could you please elaborate
in which file i need to go and where i need to write this code,
I am not wise in programming, please help step by step.