It seems like SQL Injection is still possible with mod_security installed ... simply by putting the SQL code in a comment like /*! code_here */ ... this is a version dependent comment so will be executed by mysql, but it's not checked by mod_security (because it is a comment ...)
I tried matching /*! ... with no success ... I tried matching ! and got hits only if the exclamation mark is alone ... as soon as it comes with /*! it doesn't get a match ...
Any ideas an this?
Let me explain by example:
The problem: ht tp://example.com/test.php?id=1/*! UNION SELECT whatever */ does not get blocked
Solution 1 (let's block ! ..):
ht tp://example.com/test.php! (get's blocked)
ht tp://example.com/test.php/*! (does not get blocked)