Description
Preconditions (*)
- Run Magento with Nginx + Modsecurity with Core OWASP rules enabled Or Run Cloudflare with Managed OWASP rules enabled.
Steps to reproduce (*)
- Goto any place with page builder enabled
- Try to save content
Expected result (*)
- Product / Category / Cms Page should save
Actual result (*)
- Firewall presents 403.
Cloudflare detects the follows rules are violated:
960024 · Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters OWASP Generic Attacks
981231 · SQL Comment Sequence Detected OWASP SQL Injection Attacks
981319 · SQL Injection Attack: SQL Operator Detected OWASP SQL Injection Attacks
981244 · Detects basic SQL authentication bypass attempts 1/3 OWASP SQL Injection Attacks
981257 · Detects MySQL comment-/space-obfuscated injections and backtick termination OWASP SQL Injection Attacks
981245 · Detects basic SQL authentication bypass attempts 2/3 OWASP SQL Injection Attacks
981240 · Detects MySQL comments, conditions and ch(a)r injections OWASP SQL Injection Attacks
981242 · Detects classic SQL injection probings 1/2 OWASP SQL Injection Attacks
981246 · Detects basic SQL authentication bypass attempts 3/3 OWASP SQL Injection Attacks
981243 · Detects classic SQL injection probings 2/2 OWASP SQL Injection Attacks
973338 · XSS Filter - Category 3: Javascript URI Vector OWASP XSS Attacks
973300 · Possible XSS Attack Detected - HTML Tag Handler OWASP XSS Attacks
973304 · XSS Attack Detected OWASP XSS Attacks
973306 · XSS Attack Detected OWASP XSS Attacks
973315 · IE XSS Filters - Attack Detected OWASP XSS Attacks
973333 · IE XSS Filters - Attack Detected OWASP XSS Attacks
973344 · IE XSS Filters - Attack Detected OWASP XSS Attacks
973332 · IE XSS Filters - Attack Detected OWASP XSS Attacks