Hi all,
When a user try's to register with a password like: 123!@# it gives an error.
ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'novc'
Normally, I would check the error id & ARGS to whitelist like so:
SecRuleUpdateTargetById 932105 !ARGS:title
The issue is XenForo is using a hash as the name for the password field ARGS:f9bd18566cc2cb5b4e3344e7370007e25eb286cd:
Because the hash is different each time it's impossible for me to whitelist it.
When a user try's to register with a password like: 123!@# it gives an error.
ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'novc'
Normally, I would check the error id & ARGS to whitelist like so:
SecRuleUpdateTargetById 932105 !ARGS:title
The issue is XenForo is using a hash as the name for the password field ARGS:f9bd18566cc2cb5b4e3344e7370007e25eb286cd:
Because the hash is different each time it's impossible for me to whitelist it.
Last edited: