-
```
http://googleonlinesecurity.blogspot.com/2009/03/reducing-xss-by-way-of-automati
c.html
This protects against the template author making a mistake in specifying
the escaping formatter. Since JSO…
-
Hello everyone,
I'm working on a final year project for my school. The project is a simple nginx reverse proxy with modsecurity and behind it a juice shop.
The problem is that modsecurity blocks sql…
-
```
http://googleonlinesecurity.blogspot.com/2009/03/reducing-xss-by-way-of-automati
c.html
This protects against the template author making a mistake in specifying
the escaping formatter. Since JSO…
-
```
$ curl -H "x-format-output: txt-matched-rules" http://sandbox.coreruleset.org/ -d 'foo=console.log(msg)'
-- no output --
$ curl -H "x-format-output: txt-matched-rules" http://sandbox.corerule…
-
$ python3 Detection_Functions_XSS.py -u https://www.vulnweb.com/search?q=123
File "/home/kali/Vulnerability-detection-functions/Detection_Functions_XSS/Detection_Functions_XSS.py", line 27
enc…
-
### Description
The PHP `printf` rule is triggering issues on URLs like "SprintForTheCause".
### How to reproduce the misbehavior (-> curl call)
```sh
curl -H "x-format-output: txt-matched-r…
-
Name: Cyclops
Description: The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.
github:https://github.com/…
-
### Description
This is very similar to #3721. The word "left" can trigger false positives. An example is "Take a left (1 mile)".
### How to reproduce the misbehavior (-> curl call)
```sh
cu…
-
### Description
The rule `942160` seems not to trigger if the injection is followed by a `/`. It seems that, since only `REQUEST_BASENAME` is considered from the path, there's nothing to test again…
-
I'm not sure if this is a case of 'works as designed', but I work a lot with SAML-related software and I see two clear cases for rule `933120` that _to me_ are FPs:
1. URLs containing `SAMLRequest…