View Single Post
  #5  
Old 20th May 2009, 10:43
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,717
Thanks: 820
Thanked 5,322 Times in 4,175 Posts
Default

Quote:
now that's scary enough and I am happy that mod_security blocks that type of request. or should it?
No, it should not as it is not a injection attack.

Thats a false positive in mod security rules. A controlpanel mus be able to send a post request that contains the name of a system path like /etc/, otherwise you would not be able to administer the server. And this has nothing to do with the ajax functions in ispconfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote