Re: [mod-security-users] about Data encoding
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2006-06-22 08:36:14
|
On 6/22/06, j liu <no...@gm...> wrote: > > sample:xss attacks > <IMG SRC=javascript:alert(String.fromCharCode(88,83,83))> > UTF-8 Unicode encode: > <IMG > SRC=javascript:alert('XSS')> > hex encode: > <IMG > SRC=javascript:alert('XSS')> > and there are other encoding method All of the above can be countered using the facilities available in ModSecurity 2.0. Here's the complete list of transformational functions: lowercase replaceNulls removeNulls compressWhitespace removeWhitespace replaceComments urlDecode urlEncode urlDecodeUni base64Encode base64Decode md5 sha1 hexDecode hexEncode htmlEntityDecode escapeSeqDecode normalisePath normalisePathWin As I said earlier, you can apply any of these as many times as you want in any order that you want. You can even have ModSecurity execute a rule after each change to the input data (the so-called multiMatch feature). -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |