Hi Marc,
It's dead easy with Lua script but you will have to do the legwork and
find the bits from my project,
https://www.owasp.org/index.php/Category:OWASP_Securing_WebGoat_using_ModSecurity_Project.
For example, from the file 'rewards-request_03-5.lua', here is an
excerpt (cleaned up a bit):
local d = m.getvars("ARGS"); -- can also use 'ARGS_POST'
-- Loop through the parameters.
for i = 1, #d do
-- Examine parameter value. d[i].name, d[i].value,
if (string.find(d[i].name, "check")) then
if d[i].value == "on" then
-- modify and add code here
end
end
end
You should get the idea... add each 'name' to an array; when
processing a new name/value pair, see if the name is in the array and
block if yes.
Stephen
[Drum-roll here: Ready for Ryan to step in with a super-duper legacy
solution :-)]
--
http://www.linkedin.com/in/stephencraigevans
On Tue, Jun 16, 2009 at 5:39 PM, Marc Stern<mar...@ap...> wrote:
> Information about a particular case of HTTP Parameter Pollution -
> duplicate arguments - is described here:
> http://www.securityfocus.com/archive/1/504240/30/0/threaded
>
> Do anyone sees how to find duplicate argument names, without knowing the
> names in advance?
> The goal is to forbid, for GET & POST, two arguments with the same name
>
> I tried to play with chained rules, but I would need recursive macro
> expansion, like "TX:%{TX:...}"
>
> Thanks
>
> Marc
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> http://www.modsecurity.org/breach/index.html
>
--
http://www.linkedin.com/in/stephencraigevans
|
