behtash007
April 10th, 2018, 18:33
با درود خدمت دوستان
من یه قالب وردپرس از سایت همیار وردپرس نصب کردم که ظاهرا مشکل امنیتی دارد (xss)
پیغام خطای ارسال شده از طرف هاستینگ
[Fri Apr 06 19:37:37.928865 2018] [:error] [pid 4498] [client 5.22.208.202:49593] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:<\\?(?!xml\\s)|<\\?php|\\[(?:/|\\\\)?php\\])" at ARGS:newcontent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:newcontent: <?php\x0a/\x0a * the default template for displaying header\x0a *\x0a * @package evision themes\x0a * @subpackage bizlight\x0a * @since bizlight 1.0.0\x0a */\x0a\x0a/ \x0a * bizlight_action_before_head hook\x0a * @since bizlight 1.0.0\x0a *\x0a * @hooked bizlight_set_global - 0\x0a * @hooked bizlight_doctype - 10\x0a */\x0ado_action( 'bizlight_action_before_head' );?>\x0a<head>\x0a<link href=\x22https://fonts.googleapis.com/icon?family=material icons\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTA [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "WsewYU5zX-F22KzvJVkP-gAAAAY"], referer: https://nod1.ir/wp-admin/theme-editor.php?file=header.php&theme=bizlight
[Fri Apr 06 19:38:42.949872 2018] [:error] [pid 2777] [client 5.22.208.202:49604] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:<\\?(?!xml\\s)|<\\?php|\\[(?:/|\\\\)?php\\])" at ARGS:newcontent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:newcontent: <?php\x0a/\x0a * the default template for displaying header\x0a *\x0a * @package evision themes\x0a * @subpackage bizlight\x0a * @since bizlight 1.0.0\x0a */\x0a\x0a/ \x0a * bizlight_action_before_head hook\x0a * @since bizlight 1.0.0\x0a *\x0a * @hooked bizlight_set_global - 0\x0a * @hooked bizlight_doctype - 10\x0a */\x0ado_action( 'bizlight_action_before_head' );?>\x0a<head>\x0a<link href=\x22https://fonts.googleapis.com/icon?family=material icons\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTA [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "WsewoszWHMGgXhI8rUgVPAAAABY"], referer: https://nod1.ir/wp-admin/theme-editor.php?file=header.php&theme=bizlight
[Fri Apr 06 19:54:37.220245 2018] [:error] [pid 6580] [client 5.22.208.202:49754] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customized: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/"] [unique_id "Wse0XXwP73yF2bbjv-YjhAAAAA4"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
[Fri Apr 06 19:54:37.717916 2018] [:error] [pid 7453] [client 5.22.208.202:49755] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customize_changeset_data: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:{\x22value\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wse0XWLk8BxRJLkEDkbyOgAAAAI"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
[Fri Apr 06 19:54:55.069983 2018] [:error] [pid 7021] [client 5.22.208.202:49759] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customize_changeset_data: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:{\x22value\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wse0b848P1XHHxbmtcmdGgAAAAE"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
لطفا راهنمایی کنید چطور برطرف کنم
من یه قالب وردپرس از سایت همیار وردپرس نصب کردم که ظاهرا مشکل امنیتی دارد (xss)
پیغام خطای ارسال شده از طرف هاستینگ
[Fri Apr 06 19:37:37.928865 2018] [:error] [pid 4498] [client 5.22.208.202:49593] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:<\\?(?!xml\\s)|<\\?php|\\[(?:/|\\\\)?php\\])" at ARGS:newcontent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:newcontent: <?php\x0a/\x0a * the default template for displaying header\x0a *\x0a * @package evision themes\x0a * @subpackage bizlight\x0a * @since bizlight 1.0.0\x0a */\x0a\x0a/ \x0a * bizlight_action_before_head hook\x0a * @since bizlight 1.0.0\x0a *\x0a * @hooked bizlight_set_global - 0\x0a * @hooked bizlight_doctype - 10\x0a */\x0ado_action( 'bizlight_action_before_head' );?>\x0a<head>\x0a<link href=\x22https://fonts.googleapis.com/icon?family=material icons\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTA [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "WsewYU5zX-F22KzvJVkP-gAAAAY"], referer: https://nod1.ir/wp-admin/theme-editor.php?file=header.php&theme=bizlight
[Fri Apr 06 19:38:42.949872 2018] [:error] [pid 2777] [client 5.22.208.202:49604] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:<\\?(?!xml\\s)|<\\?php|\\[(?:/|\\\\)?php\\])" at ARGS:newcontent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:newcontent: <?php\x0a/\x0a * the default template for displaying header\x0a *\x0a * @package evision themes\x0a * @subpackage bizlight\x0a * @since bizlight 1.0.0\x0a */\x0a\x0a/ \x0a * bizlight_action_before_head hook\x0a * @since bizlight 1.0.0\x0a *\x0a * @hooked bizlight_set_global - 0\x0a * @hooked bizlight_doctype - 10\x0a */\x0ado_action( 'bizlight_action_before_head' );?>\x0a<head>\x0a<link href=\x22https://fonts.googleapis.com/icon?family=material icons\x2..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTA [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "WsewoszWHMGgXhI8rUgVPAAAABY"], referer: https://nod1.ir/wp-admin/theme-editor.php?file=header.php&theme=bizlight
[Fri Apr 06 19:54:37.220245 2018] [:error] [pid 6580] [client 5.22.208.202:49754] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customized: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/"] [unique_id "Wse0XXwP73yF2bbjv-YjhAAAAA4"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
[Fri Apr 06 19:54:37.717916 2018] [:error] [pid 7453] [client 5.22.208.202:49755] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customize_changeset_data: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:{\x22value\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wse0XWLk8BxRJLkEDkbyOgAAAAI"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
[Fri Apr 06 19:54:55.069983 2018] [:error] [pid 7021] [client 5.22.208.202:49759] [client 5.22.208.202] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within ARGS:customize_changeset_data: {\x22bizlight-options[bizlight-home-service-page-icon_2]\x22:{\x22value\x22:\x22fa fa-money\x22 style=\x22font-size:24px\x22}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "nod1.ir"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wse0b848P1XHHxbmtcmdGgAAAAE"], referer: https://nod1.ir/wp-admin/customize.php?return=%2Fwp-admin%2F
لطفا راهنمایی کنید چطور برطرف کنم