Welcome to the nuBuilder forums!

Please register and login to view forums and other content only available to registered users.

Alleged SQL Injection Attack error when installing Topic is solved

Questions related to installing, updating, setting up and configuring
Post Reply
kc3302
Posts: 3
Joined: Sun Sep 25, 2022 7:29 am
nuBuilder Version: 4.5
Location: Sydney, Australia
Has thanked: 1 time

Alleged SQL Injection Attack error when installing

Unread post by kc3302 »

I have searched but haven't found anything similar on this forum.

After uploading the files to my server, when I try to log in to nuBuilder I get a "Forbidden" error message (not a browser 403 - image is at the bottom of this post) and am unable to get past it.

I end up looking at the error log and I see that COMODO WAF (Web Application Firewall) that my webhost has installed thinks that nuBuilder is trying to perform a SQL Injection and as such stops the code running.

Is there a known workaround? Probably not :P

Or does it require getting my webhost to run the setup for me, so they can bypass the WAF? Is nuBuilder also likely to incur further such false SQL Injection claims in the future?

Is it just easier to move onto a webhost?

I changed my domain name shown in the log and added line breaks as it was just 1 very long line, but everything else is as per the log file. /nub/ is the folder I have nuBuilder in.

Any suggestions?

forbidden.png
forbidden.png (5.32 KiB) Viewed 659 times

Code: Select all

[Mon Sep 26 05:18:06.982679 2022] [:error] [pid 487461:tid 140548960933632] [client 122.106.28.214:52718] [client 122.106.28.214] 
 ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\b(?:t(?:able_name\\\\b|extpos[^a-zA-Z0-9_]{1,}\\\\()|
 (?:a(?:ll_objects|tt(?:rel|typ)id)|column_(?:id|name)|mb_users|object_(?:id|(?:nam|typ)e)|pg_(?:attribute|class)|rownum|s(?:ubstr(?:ing)
 {0,1}|ys(?:c(?:at|o(?:lumn|nstraint)s)|dba|ibm|(?:filegroup|o ..." at ARGS:nuSTATE. [file "/usr/local/cwaf/rules/22_SQL_SQLi.conf"] [line "17"] 
 [id  "211540"] [rev "13"] [msg "COMODO WAF: Blind SQL Injection Attack||aaaaa.xyz|F|2"] [data "Matched Data: object_id found within ARGS:nuSTATE {\\x22form_id\\x22:\\x22\\x22,\\x22redirect_form_id\\x22:\\x22\\x22,\\x22record_id\\x22:\\x22\\x22,\\x22title\\x22:\\x22\\x22,\\x22call_type\\x22:\\x
22getform\\x22,\\x22column_widths\\x22:0,\\x22forms\\x22:
[],\\x22iframe\\x22:0,\\x22lookup_id\\x22:\\x22\\x22,\\x22object_id\\x22:\\x221\\x22,\\x22page_number\\x22:0,\\x22password\\x22:\\x22\\x22,\\x22r
ows\\x22:-1,\\x22row_height\\x22:25,\\x22search\\x22:\\x22\\x22,\\x22session_id\\x22:\\x22\\x22,\\x22nosearch_columns\\x22:[],\\x22sort\\x22:\\x22-1\\x22,\\x22sort_di..."] 
[severity "CRITICAL"] [ta [hostname "aaaaa.xyz"] [uri "/nub/core/nuapi.php"] [unique_id "YzF8XheZBUWzPIp5i9TPuQABVj8"], referer: https://aaaaa.xyz/nub/
kev1n
nuBuilder Team
Posts: 3801
Joined: Sun Oct 14, 2018 6:43 pm
nuBuilder Version: 4.5
Has thanked: 2 times
Been thanked: 9 times
Contact:

Re: Alleged SQL Injection Attack error when installing

Unread post by kev1n »

Can't certain rules be disabled?
kc3302
Posts: 3
Joined: Sun Sep 25, 2022 7:29 am
nuBuilder Version: 4.5
Location: Sydney, Australia
Has thanked: 1 time

Re: Alleged SQL Injection Attack error when installing

Unread post by kc3302 »

I don't know. The purpose of posting was to see what people think the next step Would be.

You suggest I ask my webhost if they are able to disable some of the rules. I will try that.
kc3302
Posts: 3
Joined: Sun Sep 25, 2022 7:29 am
nuBuilder Version: 4.5
Location: Sydney, Australia
Has thanked: 1 time

Re: Alleged SQL Injection Attack error when installing

Unread post by kc3302 »

Huge thanks to kev1n for pointing me in the right direction. My webhost very quickly made the changes required for nuBuilder to work for me :D

Anyone else experiencing this issue, speak to your webhost to get it resolved.
Post Reply