[mod-security-users] locations in windows, XSS
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] locations in windows, XSS
|
From: Daniel G. <inf...@sp...> - 2004-06-28 08:28:41
|
i have a very simple php script that has guestbook-like functionality.
it also has no input sanitation. therefore, i'd like to use one of
those XSS regex's provided to check for XSS exploits in ONLY that one
script being that I use things like javascript elsewhere on my server.
here is what i used. it doesn't prevent me from putting javascript into
the input fields, submitting it over POST, and then having it display on
the page.
SecFilterEngine DynamicOnly
SecFilterScanPOST On
...
<Location "C:\Apache2\users\www\feedback.php">
SecFilterSelective ARGS "<[[:space:]]*script"
</Location>
can anyone offer me any help? i'm obviously running windows. maybe the
path is being handled wrong? maybe the regex is wrong? winxp, apache2,
modsec 1.8.2, php4. i ran the tests included in the source for
modsecurity, they all worked.
dan
|