Ninja blog

Bugs discovered in ModSecurity and MongoDB PHP extension

Bugs are always hunting us.
Recently we found some bugs during our work, but keep calm, they're not in the BitNinja agent. 😉 Let’s see what we explored:

ModSecurity bug: empty comment line

In our WAF2.0 (beta will come soon) we implemented ModSecurity as well as the OWASP’s core ruleset. Recently, our developers found a strange bug in them.
The crs’ 913100 rule has always caught the Chinese search engine, because of suspicious user agent:

spider/4.0(+ http://www.sogou.com/docs/help/webmasters.htm#07);

After checking the code
, we didn’t understand why it has been triggered because this user agent isn’t listed as a suspicious one.
That’s why we started to dig deeper. We tested the user agent with PostMan and got the following results:

spider/4.0(+ http://www.sogou.com/docs/help/webmasters.htm#07); →trigger 913100
spider/4.0(+ http://www.sogou.com/docs/help/webmasters.htm07); →not trigger 913100

So the agent was caught because it contains a # character. In the code, # means a comment line, and @pmFromFile

should ignore them during the examination. We figured out that the problem is with those comment lines, which contain only a # and nothing else.
For solving this issue, we had to remove all the empty comment lines and reload this rule to our WAF2.0. Since then, we don’t experience any problem with this Chinese search engine.
We’ve been already reported this bug to ModSecurity, but received no reply yet, so we’ll send this bug to OWASP too.

We also found a bug in the MongoDB PHP extension too.

The MongoDB uses an object for the dates, which is an UTCDateTime class in PHP. During using the ArrayHelper* we experienced the following problem:
The helper recursively explored all the elements of the objects and when the foreach reached the UTCDateTime object, it couldn’t go over from the 1st item to the next, which resulted an infinite loop in the cycle.
* for converting the documents from MongoDB to multi-array in Yii2 PHP framework

//For example:
$document = $model::findOne(['user_id' => 12]);
foreach($document->date_created as $item){
var_dump($item);
//Infinite loop!!!!!
}

The problem occurred in the following versions of the MongoDB PHP extension: 1.3.x and 1.4.0-beta1.
The latest version where we didn’t experience this bug is the 1.2.11.
The bug has been reported and has been fixed very quickly.
Thanks for it! Hopefully, it’ll be released soon.

Defending a Million WordPress Sites Against a High-Risk Vulnerability

OpenLiteSpeed Integration: Speed Meets Security

Our 2024 Vision: Exciting Server Security Innovations and Cybersecurity Future

Quarter in Review Through Malware Statistics

How Safe Is Your Linux Server from AI-generated Malware?

Heading to CloudFest: Our Guide to Must-See Agenda and Speeches!

trial

If you have no more queries,  take the next step and sign up!

Don’t worry, the installation process is quick and straightforward!

get your free trial!

try without install

sign up for free

For Shared Webhosting For VPS providers For Small Businesses Pricing Anti-Malware WAF Realtime IP Reputation Outbound Spam Detection SiteProtection Extra Security Components

BitNinja Learn Documentation FAQs Success Stories Security Guides Reseller Partner Kit Comparisons Incident Report

About Customers Jobs at BitNinja Legal Terms Privacy Events Bug Bounty Partners Impact

Book a demo Contact us Support Product Feedback

BitNinja

Proactive server protection from a centralized, easy-to-use console. Secure your web servers and customers’ websites against all kinds of cyber threats with our multi-layered security tool