Felipe Zimmerle

icon indicating a website link https://felipe.wtf icon indicating an email [email protected]

icon location Ontario, Canada icon location Security Researcher || libModSecurity author || PhD

Results 168 comments of Felipe Zimmerle

Rework Pullrequest #122, avoid xss false positives starting with 'on.*'

> @client9 is this project abandoned? You may want to look here: libinjection/libinjection#7 we are giving o followup on that discussion there.

multiple heap out of bounds reads in libinjection_xss()

@invd is there any way for us to communicate _out-of-band_? [email protected]. Thank you.

multiple heap out of bounds reads in libinjection_xss()

Hi, @client9 It will be a pleasure.

multiple heap out of bounds reads in libinjection_xss()

### Status update #### invd's report I have received an e-mail from @invd with the details on the issue. I am currently analyzing the information. @invd congrats on your work...

multiple heap out of bounds reads in libinjection_xss()

Thank you @invd! I am going to update the code to clarify those aspects, therefore, prevent one to use it in a manner that may lead to a security issue.

multiple heap out of bounds reads in libinjection_xss()

Indeed a good question @migueldemoura. Your concern is about the comment itself or about the fact that the library expect the length to be informed, yet, demands the string to...

Python 3 binding

@oxr463 working on it at: libinjection/libinjection#4

Specify Python version explicitly in shebangs

Merged here: [libinjection](https://github.com/libinjection/libinjection). Thank you @WGH-.

Having the exactly same results for apache version 2 and version 3 while running the OWASP CRS

Instead of the logging utility, we can use FTW for that end.

Smallfixes

Hi @airween, You mentioned that it depends on the patched libModSecurity. Do you mind to share the exact patches that you are referring to?