1 Reply by modsec

(8 replies, posted in PunBB 1.2 troubleshooting)

Okm I found it in a file called :

jitp.conf

There is an entry like :

#PunBB version <= 1.2.2 auth bypass exploit
SecFilterSelective REQUEST_URI "profile\.php\?section=admin\&id=.*\&action=foo"
SecFilterSelective COOKIE_punbb_cookie "a\:2\:\{i\:0\;s\:.*\;i\:1\;b\:1\;\}"

Reming this out worked great.

Chrs...

Go to forum: PunBB 1.2 troubleshooting

2 Reply by modsec

(8 replies, posted in PunBB 1.2 troubleshooting)

Hello,

Can you publish the rightmodsecurity settings (exclusion.conf) for punbb so we can easely adjust it ?

Rgds..

Go to forum: PunBB 1.2 troubleshooting