> The example you gave did he 2 meta characters (< and >) however they were
> repetitive.
Hi Ryan,
I am not sure whether my example was escaped or not at your end.
I my example I used & lt ; and & gt ; and not the '<' and '>'.
In such case, there are 2 ';' + 2 '&', all together makes 4.
however, such an input is fairly legitimate, and properly escaped, so
I wonder what's the solution?
> >> return
> >> rex_pcre.new([====[([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\´\’\‘\`\<\>].*){4,}]====]):exec("<script>")
> > 1 14 table: 0x907d80
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
