---PQY8ayun---A--
[19/May/2023:00:21:35 +0500] 168443769577.460185 127.0.0.1 35074 127.0.0.1 80
---PQY8ayun---B--
GET /?doc=/bin/ls HTTP/1.1
Host: localhost
User-Agent: curl/7.81.0
Accept: */*
---PQY8ayun---D--
---PQY8ayun---E--
\x0d\x0a403 Forbidden\x0d\x0a\x0d\x0a403 Forbidden
\x0d\x0a
nginx/1.24.0\x0d\x0a\x0d\x0a\x0d\x0a
---PQY8ayun---F--
HTTP/1.1 403
Server: nginx/1.24.0
Date: Thu, 18 May 2023 19:21:35 GMT
Content-Length: 153
Content-Type: text/html
Connection: keep-alive
---PQY8ayun---H--
ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `unix-shell.data' against variable `ARGS:doc' (Value: `/bin/ls' ) [file "/usr/local/nginx/conf/owasp-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "496"] [id "932160"] [rev ""] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: bin/ls found within ARGS:doc: /bin/ls"] [severity "2"] [ver "OWASP_CRS/3.2.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "127.0.0.1"] [uri "/"] [unique_id "168443769577.460185"] [ref "o1,6v10,7t:urlDecodeUni,t:cmdLine,t:normalizePath,t:lowercase"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/usr/local/nginx/conf/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.2.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/"] [unique_id "168443769577.460185"] [ref ""]
---PQY8ayun---I--
---PQY8ayun---J--
---PQY8ayun---Z--