Menu

Topic-icon Local File Inclusion :[REQUEST:jform] / Local File Inclusion :[POST:jform]

  • dimi2015
  • dimi2015's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
2 weeks 1 day ago #8284 by dimi2015
Hi Jose,
I hope you're doing well and staying safe. I occasionally get this error when someone sends a message via the contact form, com_contact, on one of my sites. I have Easy Config enabled, but I'm still getting it. Any advice on how to filter it and allow it to go through?

Thanks,
Dimitrios

Please Log in or Create an account to join the conversation.

More
2 weeks 1 day ago #8286 by Jose
Hi Dimitrios,

I'm fine, thanks. Hope you and your family are fine too.

Uploading files into the form is allowed? Can you post a screnshot of the log generated by Securitycheck Pro when this message arise?

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • dimi2015
  • dimi2015's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
2 weeks 22 hours ago #8287 by dimi2015
Glad you're doing OK and thank you for the quick response. Uploads aren't allowed but it is an ecommerce site. Anyway, I've attached a screenshot of the logs. I think the multiple question marks may have triggered the software. Anyway, let me know what you think when you can.

Thanks again,
Dimitrios
Attachments:

Please Log in or Create an account to join the conversation.

More
2 weeks 22 hours ago #8288 by Jose
Hi Dimitrios,

Yes, this is clearly a false positive. I will do some tests to improve this firewall rule to avoid cases like this.

Regards,
Jose

Please Log in or Create an account to join the conversation.

  • dimi2015
  • dimi2015's Avatar Topic Author
  • Offline
  • Junior Boarder
  • Junior Boarder
More
2 weeks 22 hours ago #8289 by dimi2015
Oh, OK, thank you. In the meantime, is there anything I can do, or should I just wait for the update?

Please Log in or Create an account to join the conversation.

More
2 weeks 21 hours ago #8290 by Jose
Just add com_contact as exception into Waf configuration -> Filter exceptions tab -> LFI filter.

Regards,
Jose
The following user(s) said Thank You: dimi2015

Please Log in or Create an account to join the conversation.

Time to create page: 0.120 seconds
Powered by Kunena Forum

Login or Sign In