It is my understanding that out of the box, mod_security protects against SQL injections. The vulnerability in WordPress 1.5.1.1 was, in fact, a SQL injection vulnerability due to an un-cast integer variable.
Correction: out o fthe box, mod_security does nothing. You need a specific rule to protect against SQL injections. The following rule was suggested to me; but I have not tested it (I don’t use mod_security yet):
[[[
SecFilterEngine On
SecFilterScanPOST On
SecAuditLog /dev/null
SecFilterDefaultAction "deny,log,status:402"
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"
SecFilter "../"
SecFilterSelective "REQUEST_METHOD" "SEARCH"
]]]
After seeing this post I wanted to ask around for input on the effectiveness of these rules.
Instead of trying to relay the information, you should see:
http://www.gotroot.com/tiki-view_forum_thread.php?topics_offset=1&forumId=35&comments_parentId=586
If you use mod_security or are planning to do so, you should consider updating the rulesets with those provided at GotRoot.com.
