ModSecurity 模块搭建 WAF

0. 运行环境:Ubuntu 16.04 LTS

1. 测试网页已前置 Apache

2.安装并配置 ModSecurity 模块,搭建 WAF。

2.1 环境安装

安装 LAMP Server

$ sudo apt-get install apache2 mysql-server libapache2-mod-auth-mysql php-mysql php libapache2-mod-php php-mcrypt

安装 libapache2-modsecurity 模块及其依赖包

$ sudo apt-get install libxml2 libxml2-dev libxml2-utils libaprutil1 libaprutil1-dev libapache2-modsecurity

查看安装情况,如果一切正常,您应该看到以下输出:

$ apachectl -M | grep security
security2_module (shared)
2.2 配置mod_security

默认情况下,mod_security 不起作用,因为它需要规则才能工作。首先,需要重命名位于/etc/modsecurity目录下的 modsecurity.conf-recommended 文件示例:

$ sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

然后修改配置文件

$ sudo vim /etc/modsecurity/modsecurity.conf
SecRuleEngine on
2.3 搭建 WAF

默认情况下,mod_security 附带位于 /usr/share/modsecurity-crs 目录的核心规则集(安全规则)。但建议从 GitHub 存储库下载 mod_security CRS 。

$ sudo rm -rf /usr/share/modsecurity-crs    #删除
$ sudo git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
$ cd /usr/share/modsecurity-crs
$ sudo mv crs-setup.conf.example crs-setup.conf

修改配置文件

$ sudo vim /etc/apache2/mods-enabled/security2.conf
<IfModule security2_module> 
     SecDataDir /var/cache/modsecurity 
     IncludeOptional /etc/modsecurity/*.conf 
     IncludeOptional /usr/share/modsecurity-crs/*.conf 
     IncludeOptional /usr/share/modsecurity-crs/rules/*.conf 
 </IfModule>

重启 Apache 服务

$ sudo systemctl restart apache2

3. 根据文档自行编写,或者在 OWASP ModSecurity CRS 规则库的基础上修改,对 SQL 注入攻击进行阻断并报警。

SQL 注入测试

测试 mod_security 如何保护 Apache Web 服务器免受 SQL 攻击
正常访问:

学号查询

查询结果
$ curl "http://127.0.0.1/student/search.php?id=15********7"
<h3>查询结果</h3><br>学号: 15********7姓名: 李华成绩: 86<br><br>

尝试 SQL 注入:http://127.0.0.1/student/search.php?id=123+or+1%3D1

image.png

在以下输出中看到 403 Forbidden 响应:

image.png
$ curl "http://127.0.0.1/student/search.php?id=15********7+or+1%3D1"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /student/search.php
on this server.<br />
</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>
</body></html>

查看日志文件,选择最下面的最新日志

$ sudo vim /var/log/apache2/modsec_audit.log
--adbda74e-A--
[11/Jul/2018:20:45:36 +0800] W0X78H8AAQEAACbUCz4AAAAA 127.0.0.1 33846 127.0.0.1 80
--adbda74e-B--
GET /student/search.php?id=15********7+or+1%3D1 HTTP/1.1
Host: 127.0.0.1
User-Agent: curl/7.47.0
Accept: */*

--adbda74e-F--
HTTP/1.1 403 Forbidden
Content-Length: 302
Content-Type: text/html; charset=iso-8859-1

--adbda74e-E--
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /student/search.php
on this server.<br />
</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at 127.0.0.1 Port 80</address>
</body></html>

--adbda74e-H--
Message: Warning. Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "810"] [id "920350"] [rev "2"] [msg "Host header is a numeric IP address"] [data "127.0.0.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"]
Message: Warning. detected SQLi using libinjection with fingerprint '1&1' [file "/usr/share/modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "68"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: 1&1 found within ARGS:id: 15********7 or 1=1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "57"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"]
Message: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "73"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"]
Action: Intercepted (phase 2)
Apache-Handler: application/x-httpd-php
Stopwatch: 1531313136934105 1209 (- - -)
Stopwatch2: 1531313136934105 1209; combined=920, p1=247, p2=600, p3=0, p4=0, p5=72, sr=8, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/); OWASP_CRS/3.0.2.
Server: Apache/2.4.18 (Ubuntu)
Engine-Mode: "ENABLED"

--adbda74e-Z--

4. 尝试对特定扫描器或发包工具(paros、w3af 等)的 User-Agent 进行检测和报警,并在单个 IP 访问数量超过一定门限后对来源 IP 进行封禁。

4.1 安装 W3AF
$ git clone https://github.com/andresriancho/w3af.git
$ cd w3af/
$ ./w3af_console

在执行 w3af_console 文件时,有时会提示系统未安装很多依赖环境,需要安装的环境,已经写在了 /tmp 目录下的 w3af_dependency_install.sh 文件里面,执行它即会自动下载安装所需的所有文件。

$ . /tmp/w3af_dependency_install.sh

上述步骤完成后可在终端中操作:

$ w3af_console 
w3af>>> exit
w3af>>> 
May the brute force be with you.

也可以启动器中搜索 W3AF 启动图形化界面操作:

image.png
4.2 使用 W3AF 进行 SQL 注入

两次注入使用同一规则

$ w3af_console 
w3af>>> plugins 
w3af/plugins>>> audit sqli,xss
w3af/plugins>>> back
w3af>>> plugins 
w3af/plugins>>> output htmlFile,console,gtkOutput
w3af/plugins>>> output config console 
w3af/plugins/output/config:console>>> set verbose True 
w3af/plugins/output/config:console>>> back 
w3af/plugins>>> output config gtkOutput
w3af/plugins/output/config:gtkOutput>>> back 
w3af/plugins>>> back 
w3af>>> plugins 
w3af/plugins>>> discovery webSpider 
w3af/plugins>>> back 
w3af>>> target 
w3af/config:target>>> set target http://127.0.0.1/student/
w3af/config:target>>> back 
w3af>>> start

此时关闭 ModSecurity 模块:

Exiting setOutputPlugins()
Called w3afCore.start()
Enabling _dnsCache()
Called buildOpeners
keepalive: added one connection, len(self._hostmap["127.0.0.1"]): 1
DNS response from DNS server for domain: 127.0.0.1
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 1
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
[thread manager] Successfully added function to threadpool. Work queue size: 4
[thread manager] Successfully added function to threadpool. Work queue size: 5
[thread manager] Successfully added function to threadpool. Work queue size: 6
[thread manager] Successfully added function to threadpool. Work queue size: 7
[thread manager] Successfully added function to threadpool. Work queue size: 8
[thread manager] Successfully added function to threadpool. Work queue size: 9
[thread manager] Successfully added function to threadpool. Work queue size: 10
[thread manager] Successfully added function to threadpool. Work queue size: 11
[thread manager] Successfully added function to threadpool. Work queue size: 12
[thread manager] Successfully added function to threadpool. Work queue size: 13
[thread manager] Successfully added function to threadpool. Work queue size: 14
keepalive: added one connection, len(self._hostmap["127.0.0.1"]): 2
Cached DNS response for domain: 127.0.0.1
keepalive: added one connection, len(self._hostmap["127.0.0.1"]): 3
Cached DNS response for domain: 127.0.0.1
keepalive: added one connection, len(self._hostmap["127.0.0.1"]): 4
Cached DNS response for domain: 127.0.0.1
keepalive: added one connection, len(self._hostmap["127.0.0.1"]): 5
Cached DNS response for domain: 127.0.0.1
GET http://127.0.0.1/student/FUvnFBBV.do returned HTTP code "404" - id: 2
GET http://127.0.0.1/student/jsxoBpVu.htm returned HTTP code "404" - id: 3
No grep for: "http://127.0.0.1/student/FUvnFBBV.do", the plugin sent grep=False.
No grep for: "http://127.0.0.1/student/jsxoBpVu.htm", the plugin sent grep=False.
GET http://127.0.0.1/student/MsJuQg77.asp returned HTTP code "404" - id: 4
No grep for: "http://127.0.0.1/student/MsJuQg77.asp", the plugin sent grep=False.
GET http://127.0.0.1/student/KiRaEBmg. returned HTTP code "404" - id: 5
No grep for: "http://127.0.0.1/student/KiRaEBmg.", the plugin sent grep=False.
GET http://127.0.0.1/student/kOdH34Go.py returned HTTP code "404" - id: 6
No grep for: "http://127.0.0.1/student/kOdH34Go.py", the plugin sent grep=False.
GET http://127.0.0.1/student/57QkDA8a.htmls returned HTTP code "404" - id: 8
No grep for: "http://127.0.0.1/student/57QkDA8a.htmls", the plugin sent grep=False.
GET http://127.0.0.1/student/BON3jkWF.gif returned HTTP code "404" - id: 9
No grep for: "http://127.0.0.1/student/BON3jkWF.gif", the plugin sent grep=False.
GET http://127.0.0.1/student/wEbTIluY.jsp returned HTTP code "404" - id: 10
GET http://127.0.0.1/student/RGlBqtVR.rb returned HTTP code "404" - id: 7
GET http://127.0.0.1/student/gn3WcCeY.cgi returned HTTP code "404" - id: 11
No grep for: "http://127.0.0.1/student/gn3WcCeY.cgi", the plugin sent grep=False.
No grep for: "http://127.0.0.1/student/RGlBqtVR.rb", the plugin sent grep=False.
No grep for: "http://127.0.0.1/student/wEbTIluY.jsp", the plugin sent grep=False.
GET http://127.0.0.1/student/edBljb1t.php returned HTTP code "404" - id: 12
No grep for: "http://127.0.0.1/student/edBljb1t.php", the plugin sent grep=False.
GET http://127.0.0.1/student/JZlDh7jm.aspx returned HTTP code "404" - id: 13
No grep for: "http://127.0.0.1/student/JZlDh7jm.aspx", the plugin sent grep=False.
GET http://127.0.0.1/student/a1NH5ixa.pl returned HTTP code "404" - id: 14
GET http://127.0.0.1/student/SbH4QlRA.xhtml returned HTTP code "404" - id: 15
No grep for: "http://127.0.0.1/student/a1NH5ixa.pl", the plugin sent grep=False.
No grep for: "http://127.0.0.1/student/SbH4QlRA.xhtml", the plugin sent grep=False.
The 404 body result database has a length of 1.
"http://127.0.0.1/student/" (id:1) is NOT a 404 [similarity_index < 0.9].
Called _discover_worker()
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 16 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 17
"http://127.0.0.1/student/search.php" (id:17) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/search.php" to the result.
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 18
"http://127.0.0.1/student/" (id:18) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
GET http://127.0.0.1/ returned HTTP code "200" - id: 19
GET http://127.0.0.1/KOPcHnri/ returned HTTP code "404" - id: 20
No grep for: "http://127.0.0.1/KOPcHnri/", the plugin sent grep=False.
"http://127.0.0.1/" (id:19) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 21
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 22 - from cache.
"http://127.0.0.1/student/" (id:22) is NOT a 404 [similarity_index < 0.9].
GET http://127.0.0.1/ returned HTTP code "200" - id: 23 - from cache.
Adding relative reference "http://127.0.0.1/student/" to the result.
GET http://127.0.0.1/QCidGWGN/ returned HTTP code "404" - id: 24
No grep for: "http://127.0.0.1/QCidGWGN/", the plugin sent grep=False.
"http://127.0.0.1/" (id:23) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
New URL found by webSpider plugin: http://127.0.0.1/
New URL found by webSpider plugin: http://127.0.0.1/student/
New URL found by webSpider plugin: http://127.0.0.1/student/search.php
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 25 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 27 - from cache.
GET http://127.0.0.1/ returned HTTP code "200" - id: 26 - from cache.
GET http://127.0.0.1/QI6edyjx/ returned HTTP code "404" - id: 28
No grep for: "http://127.0.0.1/QI6edyjx/", the plugin sent grep=False.
"http://127.0.0.1/" (id:26) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
"http://127.0.0.1/student/" (id:27) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 29 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 30 - from cache.
"http://127.0.0.1/student/" (id:30) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
GET http://127.0.0.1/ returned HTTP code "200" - id: 31 - from cache.
GET http://127.0.0.1/ZLRP3B8O/ returned HTTP code "404" - id: 32
No grep for: "http://127.0.0.1/ZLRP3B8O/", the plugin sent grep=False.
"http://127.0.0.1/" (id:31) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 33 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 34 - from cache.
GET http://127.0.0.1/ returned HTTP code "200" - id: 35 - from cache.
GET http://127.0.0.1/wEFjddZU/ returned HTTP code "404" - id: 36
No grep for: "http://127.0.0.1/wEFjddZU/", the plugin sent grep=False.
"http://127.0.0.1/" (id:35) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
"http://127.0.0.1/student/" (id:34) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 37 - from cache.
"http://127.0.0.1/student/search.php" (id:37) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/search.php" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 38 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
[thread manager] Successfully added function to threadpool. Work queue size: 4
[thread manager] Successfully added function to threadpool. Work queue size: 5
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
GET http://127.0.0.1/manual returned HTTP code "404" - id: 40
GET http://127.0.0.1/var/www/html/index.html returned HTTP code "404" - id: 39
GET http://127.0.0.1/usr/share/doc/apache2/README.Debian.gz returned HTTP code "404" - id: 41
GET http://127.0.0.1/etc/apache2/apache2.conf returned HTTP code "404" - id: 42
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 43
GET http://127.0.0.1/icons/not-ubuntu-logo.png returned HTTP code "404" - id: 44
No grep for: "http://127.0.0.1/icons/not-ubuntu-logo.png", the plugin sent grep=False.
"http://127.0.0.1/icons/ubuntu-logo.png" (id:43) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/icons/ubuntu-logo.png" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 45 - from cache.
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
[thread manager] Successfully added function to threadpool. Work queue size: 1
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 46 - from cache.
"http://127.0.0.1/student/search.php" (id:46) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/search.php" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 47
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 48 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
[thread manager] Successfully added function to threadpool. Work queue size: 4
[thread manager] Successfully added function to threadpool. Work queue size: 5
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
GET http://127.0.0.1/manual returned HTTP code "404" - id: 50
GET http://127.0.0.1/var/www/html/index.html returned HTTP code "404" - id: 49
GET http://127.0.0.1/etc/apache2/apache2.conf returned HTTP code "404" - id: 51
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 52 - from cache.
GET http://127.0.0.1/usr/share/doc/apache2/README.Debian.gz returned HTTP code "404" - id: 53
GET http://127.0.0.1/icons/not-ubuntu-logo.png returned HTTP code "404" - id: 54
No grep for: "http://127.0.0.1/icons/not-ubuntu-logo.png", the plugin sent grep=False.
"http://127.0.0.1/icons/ubuntu-logo.png" (id:52) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/icons/ubuntu-logo.png" to the result.
New URL found by webSpider plugin: http://127.0.0.1/icons/ubuntu-logo.png
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/icons/ubuntu-logo.png
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 55 - from cache.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/icons/ubuntu-logo.png
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 56 - from cache.
The following is a list of broken links that were found by the webSpider plugin:
- http://127.0.0.1/manual [ referenced from: http://127.0.0.1/ ]
Called _bruteforce()
Found 4 URLs and 6 different points of injection.
The list of URLs is:
- http://127.0.0.1/icons/ubuntu-logo.png
- http://127.0.0.1/student/search.php
- http://127.0.0.1/
- http://127.0.0.1/student/
The list of fuzzable requests is:
- http://127.0.0.1/ | Method: GET
- http://127.0.0.1/icons/ubuntu-logo.png | Method: GET
- http://127.0.0.1/student/ | Method: GET
- http://127.0.0.1/student/search.php | Method: GET
- http://127.0.0.1/student/search.php | Method: GET | Parameters: (id="")
- http://127.0.0.1/student/search.php | Method: GET | Parameters: (id="")
Called _audit()
Starting plugin: sqli
SQLi plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 57 - from cache.
Fuzzing query string
SQLi plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 58 - from cache.
Fuzzing query string
[thread manager] Successfully added function to threadpool. Work queue size: 1
GET http://127.0.0.1/student/search.php?id=d'z"0 returned HTTP code "200" - id: 59
SQLi plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 60 - from cache.
Fuzzing query string
SQLi plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 61 - from cache.
Fuzzing query string
[thread manager] Successfully added function to threadpool. Work queue size: 1
GET http://127.0.0.1/student/search.php?id=d'z"0 returned HTTP code "200" - id: 62
SQLi plugin is testing: http://127.0.0.1/icons/ubuntu-logo.png
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 63 - from cache.
Fuzzing query string
SQLi plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 64 - from cache.
Fuzzing query string
Starting plugin: xss
XSS plugin is testing: http://127.0.0.1/
Fuzzing query string
XSS plugin is testing: http://127.0.0.1/student/search.php
Fuzzing query string
GET http://127.0.0.1/student/search.php?id=2EYAr returned HTTP code "200" - id: 65
The variable id is NOT being echoed back.
Fuzzing query string
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
GET http://127.0.0.1/student/search.php?id=<SCrIPT>fake_alert("TeOH")</SCrIPT> returned HTTP code "200" - id: 66
GET http://127.0.0.1/student/search.php?id=<ScRIPT>a=/TeOH/
fake_alert(a.source)</SCRiPT> returned HTTP code "200" - id: 67
GET http://127.0.0.1/student/search.php?id=<ScRIpT>fake_alert(String.fromCharCode(TeOH))</SCriPT> returned HTTP code "200" - id: 68
XSS plugin is testing: http://127.0.0.1/student/search.php
Fuzzing query string
XSS plugin is testing: http://127.0.0.1/student/search.php
Fuzzing query string
GET http://127.0.0.1/student/search.php?id=Ftf6h returned HTTP code "200" - id: 69
The variable id is NOT being echoed back.
Fuzzing query string
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
GET http://127.0.0.1/student/search.php?id=<ScRIPT>a=/3lqp/
fake_alert(a.source)</SCRiPT> returned HTTP code "200" - id: 70
GET http://127.0.0.1/student/search.php?id=<SCrIPT>fake_alert("3lqp")</SCrIPT> returned HTTP code "200" - id: 71
GET http://127.0.0.1/student/search.php?id=<ScRIpT>fake_alert(String.fromCharCode(3lqp))</SCriPT> returned HTTP code "200" - id: 72
XSS plugin is testing: http://127.0.0.1/icons/ubuntu-logo.png
Fuzzing query string
XSS plugin is testing: http://127.0.0.1/student/
Fuzzing query string
GET http://127.0.0.1/ returned HTTP code "200" - id: 73
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 74
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 75
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 76
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 77
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 78
Cleared urllib2 local cache.
Calling join on all daemon threads
Exiting setOutputPlugins()
Scan finished in 0 seconds.

ModSecurity 模块开启后:

Exiting setOutputPlugins()
Called w3afCore.start()
Enabling _dnsCache()
Called buildOpeners
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 79 - from cache.
"http://127.0.0.1/student/" (id:79) is NOT a 404 [similarity_index < 0.9].
Called _discover_worker()
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 80 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
[thread manager] Successfully added function to threadpool. Work queue size: 4
[thread manager] Successfully added function to threadpool. Work queue size: 5
[thread manager] Successfully added function to threadpool. Work queue size: 6
GET http://127.0.0.1/var/www/html/index.html returned HTTP code "404" - id: 82
GET http://127.0.0.1/ returned HTTP code "200" - id: 81 - from cache.
GET http://127.0.0.1/etc/apache2/apache2.conf returned HTTP code "404" - id: 84
keepalive: removed one connection, len(self._hostmap["127.0.0.1"]): 4
keepalive: replacing bad connection with a new one
Cached DNS response for domain: 127.0.0.1
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 85 - from cache.
GET http://127.0.0.1/manual returned HTTP code "404" - id: 83
GET http://127.0.0.1/GEYxGKYe/ returned HTTP code "403" - id: 86
No grep for: "http://127.0.0.1/GEYxGKYe/", the plugin sent grep=False.
"http://127.0.0.1/" (id:81) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
keepalive: removed one connection, len(self._hostmap["127.0.0.1"]): 4
keepalive: replacing bad connection with a new one
Cached DNS response for domain: 127.0.0.1
GET http://127.0.0.1/usr/share/doc/apache2/README.Debian.gz returned HTTP code "404" - id: 87
GET http://127.0.0.1/icons/not-ubuntu-logo.png returned HTTP code "403" - id: 88
No grep for: "http://127.0.0.1/icons/not-ubuntu-logo.png", the plugin sent grep=False.
"http://127.0.0.1/icons/ubuntu-logo.png" (id:85) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/icons/ubuntu-logo.png" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 89 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 90 - from cache.
"http://127.0.0.1/student/" (id:90) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
GET http://127.0.0.1/ returned HTTP code "200" - id: 91 - from cache.
keepalive: removed one connection, len(self._hostmap["127.0.0.1"]): 4
keepalive: replacing bad connection with a new one
Cached DNS response for domain: 127.0.0.1
GET http://127.0.0.1/uPK8fafH/ returned HTTP code "403" - id: 92
No grep for: "http://127.0.0.1/uPK8fafH/", the plugin sent grep=False.
"http://127.0.0.1/" (id:91) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 93 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
GET http://127.0.0.1/ returned HTTP code "200" - id: 94 - from cache.
keepalive: removed one connection, len(self._hostmap["127.0.0.1"]): 4
keepalive: replacing bad connection with a new one
Cached DNS response for domain: 127.0.0.1
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 95 - from cache.
GET http://127.0.0.1/liR6EW0m/ returned HTTP code "403" - id: 96
No grep for: "http://127.0.0.1/liR6EW0m/", the plugin sent grep=False.
"http://127.0.0.1/" (id:94) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
"http://127.0.0.1/student/" (id:95) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 97 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
GET http://127.0.0.1/ returned HTTP code "200" - id: 98 - from cache.
keepalive: removed one connection, len(self._hostmap["127.0.0.1"]): 4
keepalive: replacing bad connection with a new one
Cached DNS response for domain: 127.0.0.1
GET http://127.0.0.1/gOlOzfLm/ returned HTTP code "403" - id: 99
No grep for: "http://127.0.0.1/gOlOzfLm/", the plugin sent grep=False.
"http://127.0.0.1/" (id:98) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 100 - from cache.
"http://127.0.0.1/student/" (id:100) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/icons/ubuntu-logo.png
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 101 - from cache.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 102 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 103 - from cache.
"http://127.0.0.1/student/search.php" (id:103) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/search.php" to the result.
GET http://127.0.0.1/ returned HTTP code "200" - id: 104 - from cache.
GET http://127.0.0.1/sblhIenS/ returned HTTP code "403" - id: 106
No grep for: "http://127.0.0.1/sblhIenS/", the plugin sent grep=False.
"http://127.0.0.1/" (id:104) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/" to the result.
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 105 - from cache.
"http://127.0.0.1/student/" (id:105) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
New URL found by webSpider plugin: http://127.0.0.1/
New URL found by webSpider plugin: http://127.0.0.1/icons/ubuntu-logo.png
New URL found by webSpider plugin: http://127.0.0.1/student/
New URL found by webSpider plugin: http://127.0.0.1/student/search.php
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 107 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
[thread manager] Successfully added function to threadpool. Work queue size: 4
[thread manager] Successfully added function to threadpool. Work queue size: 5
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
GET http://127.0.0.1/var/www/html/index.html returned HTTP code "404" - id: 108
GET http://127.0.0.1/manual returned HTTP code "404" - id: 109
GET http://127.0.0.1/etc/apache2/apache2.conf returned HTTP code "404" - id: 110
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 111 - from cache.
GET http://127.0.0.1/usr/share/doc/apache2/README.Debian.gz returned HTTP code "404" - id: 112
GET http://127.0.0.1/icons/not-ubuntu-logo.png returned HTTP code "403" - id: 113
No grep for: "http://127.0.0.1/icons/not-ubuntu-logo.png", the plugin sent grep=False.
"http://127.0.0.1/icons/ubuntu-logo.png" (id:111) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/icons/ubuntu-logo.png" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/icons/ubuntu-logo.png
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 114 - from cache.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 115 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 116 - from cache.
"http://127.0.0.1/student/search.php" (id:116) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/search.php" to the result.
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 117 - from cache.
"http://127.0.0.1/student/" (id:117) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 118 - from cache.
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 119 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
[thread manager] Successfully added function to threadpool. Work queue size: 4
[thread manager] Successfully added function to threadpool. Work queue size: 5
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
GET http://127.0.0.1/var/www/html/index.html returned HTTP code "404" - id: 120
GET http://127.0.0.1/manual returned HTTP code "404" - id: 121
GET http://127.0.0.1/etc/apache2/apache2.conf returned HTTP code "404" - id: 122
GET http://127.0.0.1/usr/share/doc/apache2/README.Debian.gz returned HTTP code "404" - id: 124
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 123 - from cache.
GET http://127.0.0.1/icons/not-ubuntu-logo.png returned HTTP code "403" - id: 125
No grep for: "http://127.0.0.1/icons/not-ubuntu-logo.png", the plugin sent grep=False.
"http://127.0.0.1/icons/ubuntu-logo.png" (id:123) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/icons/ubuntu-logo.png" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 126 - from cache.
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
[thread manager] Successfully added function to threadpool. Work queue size: 4
[thread manager] Successfully added function to threadpool. Work queue size: 5
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
GET http://127.0.0.1/var/www/html/index.html returned HTTP code "404" - id: 127
GET http://127.0.0.1/manual returned HTTP code "404" - id: 128
GET http://127.0.0.1/etc/apache2/apache2.conf returned HTTP code "404" - id: 129
GET http://127.0.0.1/usr/share/doc/apache2/README.Debian.gz returned HTTP code "404" - id: 131
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 130 - from cache.
GET http://127.0.0.1/icons/not-ubuntu-logo.png returned HTTP code "403" - id: 132
No grep for: "http://127.0.0.1/icons/not-ubuntu-logo.png", the plugin sent grep=False.
"http://127.0.0.1/icons/ubuntu-logo.png" (id:130) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/icons/ubuntu-logo.png" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 133 - from cache.
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
[thread manager] Successfully added function to threadpool. Work queue size: 1
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 134 - from cache.
"http://127.0.0.1/student/search.php" (id:134) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/search.php" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 135 - from cache.
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 136 - from cache.
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
[thread manager] Successfully added function to threadpool. Work queue size: 4
[thread manager] Successfully added function to threadpool. Work queue size: 5
GET http://127.0.0.1/var/www/html/index.html returned HTTP code "404" - id: 137
GET http://127.0.0.1/manual returned HTTP code "404" - id: 138
GET http://127.0.0.1/etc/apache2/apache2.conf returned HTTP code "404" - id: 139
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 140 - from cache.
GET http://127.0.0.1/usr/share/doc/apache2/README.Debian.gz returned HTTP code "404" - id: 141
GET http://127.0.0.1/icons/not-ubuntu-logo.png returned HTTP code "403" - id: 142
No grep for: "http://127.0.0.1/icons/not-ubuntu-logo.png", the plugin sent grep=False.
"http://127.0.0.1/icons/ubuntu-logo.png" (id:140) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/icons/ubuntu-logo.png" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 143 - from cache.
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
[thread manager] Successfully added function to threadpool. Work queue size: 1
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 144 - from cache.
"http://127.0.0.1/student/search.php" (id:144) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/search.php" to the result.
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 145 - from cache.
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 146 - from cache.
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 147 - from cache.
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 148 - from cache.
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/var/www/html/index.html" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/manual" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/etc/apache2/apache2.conf" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/icons/ubuntu-logo.png" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/usr/share/doc/apache2/README.Debian.gz" (it is simply a variant).
Starting plugin: webSpider
webSpider plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 149 - from cache.
Ignoring new reference "http://127.0.0.1/" (it is simply a variant).
Ignoring new reference "http://127.0.0.1/student/" (it is simply a variant).
[thread manager] Successfully added function to threadpool. Work queue size: 1
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 150 - from cache.
"http://127.0.0.1/student/search.php" (id:150) is NOT a 404 [similarity_index < 0.9].
Adding relative reference "http://127.0.0.1/student/search.php" to the result.
The following is a list of broken links that were found by the webSpider plugin:
- http://127.0.0.1/manual [ referenced from: http://127.0.0.1/ ]
Called _bruteforce()
Found 4 URLs and 6 different points of injection.
The list of URLs is:
- http://127.0.0.1/student/
- http://127.0.0.1/icons/ubuntu-logo.png
- http://127.0.0.1/
- http://127.0.0.1/student/search.php
The list of fuzzable requests is:
- http://127.0.0.1/ | Method: GET
- http://127.0.0.1/icons/ubuntu-logo.png | Method: GET
- http://127.0.0.1/student/ | Method: GET
- http://127.0.0.1/student/search.php | Method: GET
- http://127.0.0.1/student/search.php | Method: GET | Parameters: (id="")
- http://127.0.0.1/student/search.php | Method: GET | Parameters: (id="")
Called _audit()
Starting plugin: sqli
SQLi plugin is testing: http://127.0.0.1/
GET http://127.0.0.1/ returned HTTP code "200" - id: 151 - from cache.
Fuzzing query string
SQLi plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 152 - from cache.
Fuzzing query string
[thread manager] Successfully added function to threadpool. Work queue size: 1
GET http://127.0.0.1/student/search.php?id=d'z"0 returned HTTP code "200" - id: 153 - from cache.
SQLi plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php returned HTTP code "200" - id: 154 - from cache.
Fuzzing query string
SQLi plugin is testing: http://127.0.0.1/student/search.php
GET http://127.0.0.1/student/search.php?id= returned HTTP code "200" - id: 155 - from cache.
Fuzzing query string
[thread manager] Successfully added function to threadpool. Work queue size: 1
GET http://127.0.0.1/student/search.php?id=d'z"0 returned HTTP code "200" - id: 156 - from cache.
SQLi plugin is testing: http://127.0.0.1/icons/ubuntu-logo.png
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "200" - id: 157 - from cache.
Fuzzing query string
SQLi plugin is testing: http://127.0.0.1/student/
GET http://127.0.0.1/student/ returned HTTP code "200" - id: 158 - from cache.
Fuzzing query string
Starting plugin: xss
XSS plugin is testing: http://127.0.0.1/
Fuzzing query string
XSS plugin is testing: http://127.0.0.1/student/search.php
Fuzzing query string
GET http://127.0.0.1/student/search.php?id=hM3VD returned HTTP code "403" - id: 159
The variable id is NOT being echoed back.
Fuzzing query string
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
GET http://127.0.0.1/student/search.php?id=%3CSCrIPT%3Efake_alert%28%22uUlk%22%29%3C%2FSCrIPT%3E returned HTTP code "403" - id: 160
GET http://127.0.0.1/student/search.php?id=%3CScRIPT%3Ea%3D%2FuUlk%2F%0Afake_alert%28a.source%29%3C%2FSCRiPT%3E returned HTTP code "403" - id: 161
GET http://127.0.0.1/student/search.php?id=%3CScRIpT%3Efake_alert%28String.fromCharCode%28uUlk%29%29%3C%2FSCriPT%3E returned HTTP code "403" - id: 162
XSS plugin is testing: http://127.0.0.1/student/search.php
Fuzzing query string
XSS plugin is testing: http://127.0.0.1/student/search.php
Fuzzing query string
GET http://127.0.0.1/student/search.php?id=w8DQE returned HTTP code "403" - id: 163
The variable id is NOT being echoed back.
Fuzzing query string
[thread manager] Successfully added function to threadpool. Work queue size: 1
[thread manager] Successfully added function to threadpool. Work queue size: 2
[thread manager] Successfully added function to threadpool. Work queue size: 3
GET http://127.0.0.1/student/search.php?id=<SCrIPT>fake_alert("dZSq")</SCrIPT> returned HTTP code "403" - id: 164
GET http://127.0.0.1/student/search.php?id=<ScRIPT>a=/dZSq/%0Afake_alert(a.source)</SCRiPT> returned HTTP code "403" - id: 165
GET http://127.0.0.1/student/search.php?id=<ScRIpT>fake_alert(String.fromCharCode(dZSq))</SCriPT> returned HTTP code "403" - id: 166
XSS plugin is testing: http://127.0.0.1/icons/ubuntu-logo.png
Fuzzing query string
XSS plugin is testing: http://127.0.0.1/student/
Fuzzing query string
GET http://127.0.0.1/ returned HTTP code "403" - id: 167
GET http://127.0.0.1/student/search.php?id= returned HTTP code "403" - id: 168
GET http://127.0.0.1/student/search.php returned HTTP code "403" - id: 169
GET http://127.0.0.1/student/search.php?id= returned HTTP code "403" - id: 170
GET http://127.0.0.1/icons/ubuntu-logo.png returned HTTP code "403" - id: 171
GET http://127.0.0.1/student/ returned HTTP code "403" - id: 172
Cleared urllib2 local cache.
Calling join on all daemon threads
Exiting setOutputPlugins()
Scan finished in 1 second.

对比两次 SQL 注入的返回数据可观察出:

  • 在关闭 ModSecurity 模块的情况下:HTTP 请求返回的都是 returned HTTP code "200"
  • 在开启 ModSecurity 模块的情况下:HTTP 请求返回的都是 returned HTTP code "403"
    ModSecurity有效的阻止了 SQL 注入。

总结

学习了 ModSecurity 搭建 WAF 的方法,这在数据库运维管理有着很重要的意义,结合课堂上老师讲的关于安全的实例,对数据库安全保护有了更高的认识,这几天也学会了很多技能,如何一步步的解决问题,怎样配置环境,总计经验并转化为自己的知识技能。
总结这几个实验,更多学到的是解决问题的方法,相信这在以后的工作学习之中都会对自己有所帮助。

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 204,921评论 6 478
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 87,635评论 2 381
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 151,393评论 0 338
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 54,836评论 1 277
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 63,833评论 5 368
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 48,685评论 1 281
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 38,043评论 3 399
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 36,694评论 0 258
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 42,671评论 1 300
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 35,670评论 2 321
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 37,779评论 1 332
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 33,424评论 4 321
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 39,027评论 3 307
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 29,984评论 0 19
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 31,214评论 1 260
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 45,108评论 2 351
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 42,517评论 2 343

推荐阅读更多精彩内容