-
Name: Cyclops
Description: The Cyclops is a web browser with XSS detection feature, it is chromium-based xss detection that used to find the flows from a source to a sink.
github:https://github.com/…
-
Hi,
I am one of the authors of the ALPACA attack from 2021. I am currently revisiting the evaluated implementations to see how widespread our suggested countermeasures were. See [the paper](https:/…
-
"m-XSS vectors bypassed widely deployed server-side XSS protection techniques (like HTML Purifier, kses, htmlLawed, Blueprint and Google Caja), client-side filters (XSS Auditor, IE XSS Filter), Web Ap…
-
when trying
`
const attackDetection = require('xss-attack-detection');
const xss_detect = new attackDetection.xssAttackDetection();
xss_detect.detect("{}");
`
get following error:
`Uncaugh…
-
### Description
### How to reproduce the misbehavior (-> curl call)
`curl -H "x-format-output: txt-matched-rules" "https://sandbox.coreruleset.org/?bla=time%20express"`
however "time" (which …
-
I'm not sure if this is a case of 'works as designed', but I work a lot with SAML-related software and I see two clear cases for rule `933120` that _to me_ are FPs:
1. URLs containing `SAMLRequest…
-
The "exhibit" result format was abandoned in 2012 and is no longer working. I guess it should be removed from the code base.
-
## Environment
- `chromium` Version: `126.0.0`
- `playwright-core` Version: `1.45.2`
- Node.js Version: `nodejs20.x`
- Lambda Runtime: `nodejs20.x`
## Expected Behavior
Launch the browser,…
-
...with rails_xss plugin - which will be default in Rails 3, but many switches now already.
-
## To Do (de base)
- Détecter les ports par default utilisé par Metasploit et les bloquers (4444 et 4445)
- Serveur SMTP qui alert par mail l'utilisateur sur une requête malveillante
- Détecter e…