D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
bitninja-waf
/
etc
/
BitNinja
/
Filename :
405-MAGENTO-REMOTE-EXECUTION-PROTECTION.conf
back
Copy
SecRule REQUEST_LINE "@pm /cms_wysiwyg/" "block,auditlog,phase:2,id:405001,chain,\ severity:CRITICAL,\ msg:'Magento Shoplift Remote Code Execution',\ logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}'" SecRule &ARGS:forwarded "!@eq 0" "chain" SecRule &ARGS:filter "!@eq 0" "chain" SecRule &ARGS:___directive "!@eq 0" "setvar:tx.bn_inbound_found=+1"SecRule REQUEST_FILENAME "@endsWith web/magmi_import_run.php" \ "id:405002,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:lowercase,t:normalizePath,\ msg:'Multiple XSS vulnerabilities in the Magento Mass Importer (CVE-2015-2068)',\ logdata:'Multiple XSS vulnerabilities in the Magento Mass Importer (CVE-2015-2068)'" SecRule REQUEST_URI "@contains <" "t:none,t:urlDecodeUni,t:htmlEntityDecode,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_FILENAME "@endsWith web/ajax_pluginconf.php" \ "id:405003,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:lowercase,t:normalizePath,\ msg:'Directory traversal vulnerability in Magento Mass Importer (CVE-2015-2067)',\ logdata:'Directory traversal vulnerability in Magento Mass Importer (CVE-2015-2067)'" SecRule &ARGS:plugintype "@ge 1" "chain,t:none" SecRule &ARGS:pluginclass "@ge 1" "chain,t:none" SecRule ARGS:file "@rx \.\.|^\/" "t:none,t:urlDecodeUni,t:htmlEntityDecode,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_URI "@contains product_frontend_action/synchronize" \ "id:405004,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:normalizePath,t:urlDecodeUni,\ msg:'SQL Injection vulnerability in Magento (PRODSECBUG-2198)',\ logdata:'SQL Injection vulnerability in Magento (PRODSECBUG-2198)'" SecRule ARGS:type_id "@streq recently_products" "t:none,t:urlDecodeUni,chain" SecRule ARGS:ids[0][product_id][from] "@rx \?" "t:none,t:urlDecodeUni,chain" SecRule ARGS:ids[0][product_id][to] "@rx \)\)\)" "t:none,t:lowercase,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "@rx ^POST$" \ "id:405005,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'Magento Webforms Arbitrary File Upload',\ logdata:'Magento Webforms Arbitrary File Upload'" SecRule REQUEST_URI "@endsWith /js/webforms/upload/index.php" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_METHOD "^POST$" \ "id:405006,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,\ msg:'Magento Webforms Upload Vulnerability',\ logdata:'Magento Webforms Upload Vulnerability'" SecRule REQUEST_URI "@contains /js/webforms/upload/" "chain,t:none,t:urlDecodeUni,t:normalizePath" SecRule FILES "@rx (\.htaccess|.+\.(pht|phtml|php\d?)$)" "t:urlDecodeUni,t:removeWhitespace,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_URI "@contains /wp-content/plugins/core-engine/" \ "id:405007,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:normalizePath,\ msg:'SQLi in Adobe Commerce and Magento Open Source before 2.4.3-p1',\ logdata:'SQLi in Adobe Commerce and Magento Open Source before 2.4.3-p1'" SecRule REQUEST_URI "@rx '|\x22|\(" "t:none,setvar:'tx.bn_inbound_found=+1'" SecRule REQUEST_URI "@pm /checkout/cart/add/uenc/ /review/product/post/id/ /catalogsearch/result/ /gifts/devotional/ /mageworx_searchsuiteautocomplete/ajax/index/ /catalogsearch/searchTermsLog/save/ /search/ajax/suggest/" \ "id:405008,\ chain,\ phase:2,\ rev:'1',\ severity:critical,\ t:none,t:normalizePath,\ msg:'Inproper input validation in Adobe Commerce and Magento Open Source before 2.4.3',\ logdata:'Inproper input validation in Adobe Commerce and Magento Open Source before 2.4.3'" SecRule ARGS "@rx ;|[\x22\d']=[\x22\d']|>|\.\.\/|waitfor delay|\/\*|\(select|(?:benchmark|sleep|convert|cha?r)\(" "t:none,t:htmlEntityDecode,t:urlDecode,t:lowercase,t:compressWhitespace,setvar:'tx.bn_inbound_found=+1'"