Hay All
I been asked to test mod_security before putting it on an production server, i installed it through Cpanel and wanted to test, to make sure it was fine.
I found an guide on digitalocean and used the test part where you create an simple database, the example script has code that can be use to do an inject attack,
when i pass the attack "' Or True -- ", the script works and i get no block messages or reports
using the same login.php script from digitalocean i uses sqlmap on kali to test an sql inject attack (blocked it no issues)
I am not sure if i am missing somthing
link to guide
www.digitalocean.com
I been asked to test mod_security before putting it on an production server, i installed it through Cpanel and wanted to test, to make sure it was fine.
I found an guide on digitalocean and used the test part where you create an simple database, the example script has code that can be use to do an inject attack,
when i pass the attack "' Or True -- ", the script works and i get no block messages or reports
using the same login.php script from digitalocean i uses sqlmap on kali to test an sql inject attack (blocked it no issues)
I am not sure if i am missing somthing
link to guide
How To Set Up mod_security with Apache on Debian/Ubuntu | DigitalOcean
Here's how to set up mod_security with Apache on Debian/Ubuntu.
www.digitalocean.com
Last edited by a moderator:
