Skip to content

Commit

Permalink
Set HTTP status to 403 on HTTP_USER_AGENT SQL injection attack
Browse files Browse the repository at this point in the history
  • Loading branch information
nigelhorne committed Aug 20, 2023
1 parent baaf695 commit 4666f0d
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 1 deletion.
3 changes: 3 additions & 0 deletions Changes
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
Revision history for CGI-Info

0.78
Set HTTP status to 403 on HTTP_USER_AGENT SQL injection attack

0.77 Tue Aug 15 16:49:51 EDT 2023
Reduce the size of the cache
Added Dreamhost monitor as a robot
Expand Down
12 changes: 12 additions & 0 deletions lib/CGI/Info.pm
Original file line number Diff line number Diff line change
Expand Up @@ -1348,6 +1348,18 @@ sub is_robot {
return 0;
}

if($agent =~ /SELECT.+AND.+/) {
$self->status(403);
$self->{is_robot} = 1;
if($self->{logger}) {
if($ENV{'REMOTE_ADDR'}) {
$self->{logger}->warn($ENV{'REMOTE_ADDR'}, ": SQL injection attempt blocked for '$agent'");
} else {
$self->{logger}->warn("SQL injection attempt blocked for '$agent'");
}
}
return 1;
}
if($agent =~ /.+bot|bytespider|msnptc|is_archiver|backstreet|spider|scoutjet|gingersoftware|heritrix|dodnetdotcom|yandex|nutch|ezooms|plukkie|nova\.6scan\.com|Twitterbot|adscanner|python-requests|Mediatoolkitbot|NetcraftSurveyAgent|Expanse|serpstatbot|DreamHost SiteMonitor 1.0/i) {
$self->{is_robot} = 1;
return 1;
Expand Down
9 changes: 8 additions & 1 deletion t/is_robot.t
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

use strict;
use warnings;
use Test::Most tests => 30;
use Test::Most tests => 34;
use Test::NoWarnings;
use Data::Dumper;
use lib 't/lib';
Expand Down Expand Up @@ -100,4 +100,11 @@ ROBOT: {
]);
$i->set_logger(MyLogger->new());
ok($i->is_robot() == 1);
cmp_ok($i->status(), '==', 200, 'Default HTTP status is 200');

$ENV{'HTTP_USER_AGENT'} = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; zh) AppleWebKit/522.11.3 (KHTML, like Gecko) Version/3.0 Safari/522.11.3\") OR EXTRACTVALUE(2534,CONCAT(0x5c,0x7170767871,(SELECT (ELT(2534=2534,1))),0x716b627171)) AND (\"OqXr\"=\"OqXr';
delete $ENV{'HTTP_REFERER'};
$i = new_ok('CGI::Info');
ok($i->is_robot());
cmp_ok($i->status(), '==', 403, 'Check HTTP_USER_AGENT SQL Injection is blocked');
}

0 comments on commit 4666f0d

Please sign in to comment.