Hi,
We have a secrule like this :
'SecRule REQUEST_FILENAME|ARGS_NAMES|ARGS|XML:/*
"(fromcharcode|alert|eval)\s*\(" \
"phase:2,rev:'2.0.10',id:'973307',capture,t:none,t:htmlEntityDecode,t:jsDecode,t:lowercase,pass,nolog,auditlog,msg:'XSS
Attack
Detected',logdata:'%{TX.0}',setvar:'tx.msg=%{rule.msg}',setvar:tx.xss_score=+%{tx.critical_anomaly_score},setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{
rule.id}-WEB_ATTACK/XSS-%{matched_var_name}=%{tx.0}"'
When user supplies url like this :
<hostname>?param1=test%27,alert(document.cookie),%27test¶m2
Its not being blocked. Please suggest
--
Thanks,
Venki
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
