Vulnerability Command Injection

11 February 2017, 19:50
Hi Hugo..
I´m testing hiawatha as reverse proxy for secure the application DVWA, in the vulnerability command injection (;cat /etc/passwd), In my tests do not block it, the communication with the server is using POST metod:

access.log|Thu 15 Sep 2016 04:53:54 -0500|200|6752||POST /dvwa/vulnerabilities/exec/ HTTP/1.1|Host:|User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0|Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8|Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3|Accept-Encoding: gzip, deflate|Referer:|Connection: keep-alive|Upgrade-Insecure-Requests: 1|Content-Type: application/x-www-form-urlencoded|Content-Length: 40

It is possible to block this attack?

Thanks you
Hugo Leisink
11 February 2017, 20:49
Have you tried the DenyBody option yet?
This topic has been closed.