Walter Hop
Walter Hop
As a CRS maintainer, I agree that a fix for this problem would be very interesting. Our users regularly turn up false positives due to generic `onfoo=` matching. Some examples:...
build passed 🎉
@client9 Thanks a lot. They may be silly but I'm trying to get a feel for what types of things libinjection is aimed to detect.
Nice work @attackercan! By the way did you look at my new regexps in CRS 3? ;) (scared now) I did a complete rewrite of the PHP/RCE rules and always...
Great work 🥳
Hi @LINUXpos , thanks for your issue. Unfortunately, we need a bit more information to help you fix it. Do you have access to the ModSecurity audit log? (usually in...
> I noticed that many SSRF/RFI rules are only evaluated against query parameters. Perhaps including XML, headers, and other common injection points is also a good idea? I agree. Our...
`ldaps` is also a protocol (secure LDAP), `ldapi` is also there. Could we try to come up with an exhaustive list of protocols? I think there were also a bunch...
I think `this['constructor']` will also work, or not? Should the regexp be updated to catch this as well?
I don't think the base64Decode is a must, and I have no problems if you remove it. I remember adding it defensively, because I've seen a lot of PHP code...