theMiddle
### Describe the bug when 942100 rule matches it doesn't write the rule msg on the audit log when Nginx is used. ### Steps to reproduce ```shell curl -s 'https://sandbox.coreruleset.org/?a=1+OR+1=1--foo'...
from the ModSecurity wiki: **multiMatch** If enabled, ModSecurity will perform multiple operator invocations for every target, before and after every anti-evasion transformation is performed. Action Group: Non-disruptive Example: ``` SecRule...
is there any chance to get the wire format as a result of `query()` ?
### Description The following research show how to call a javascript function with the syntax ```javascript [].sort.call.`${alert}1` ``` https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses It seems that we don't block this payload at PL2/PL3 ###...
### Is there an existing issue for this? - [X] I have searched the existing issues ### Kong version (`$ kong version`) 3.4.0.0 ### Current Behavior during the bazel build...
Hello everyone, **Description:** I've come across an issue while working with different versions of ModSecurity (v2 and v3) and their respective variable names when parsing JSON bodies using the JSON...
### Description WordPress has an autosave function while creating a new post or page. It sends an HTTP request with the content of the excerpt to `/wp-admin.php` that can contains...
https://github.com/coreruleset/coreruleset/blob/34e672c337498334201b1632c80529af6d25403b/tests/regression/tests/REQUEST-942-APPLICATION-ATTACK-SQLI/942210.yaml#L518-L534 the payload after transformation function should be: ``` pay=1 OR 2+ ``` it should match the 942210 rule regex on ARGS_NAMES, but the test has the output: ``` no_log_contains:...
### Description In my logs, I have seen a false positive on a request to a PrestaShop e-commerce: `GET /themes/control/cache/v_716_db8a1bc0baf2b785f3106c4d91c790e2_all.css HTTP/1.1` that triggered the Rule ID 941100 (XSS Attack Detected...
**This PR is a draft** Referring to #1513 I think we've 2 different kinds of RCE bypass in PL1 (at least with bash/dash like interpreters): - Uninitialized variables - Globbing...