-
I use sqlmap to simulate the attack, both coraza and ModSecurity return 403
But ModSecurity logs the http response_code, cozara doesn't
The ModSecurity logging is "ModSecurity: Access denied with …
-
Using Psi 1.5 under wayland leads to crashes through the focus stealing prevention code.
This code was removed from psi+ in commit e155a9d8a06f08efe35e44a56dd84f663d903bdc but this commit did not rea…
-
#### What is this feature about (expected vs actual behaviour)?
Link url https://www.geolocation.com is not passing, also https://www.history.com
#### How can I reproduce it?
insert a link with o…
-
good project!!
but, I find this rule will cause false positives:
```
(r"]*'[^>']*%(chars)s[^>']*'[^>]*>", ('\'',), "\"\", inside the tag, inside single-quotes, %(filtering)s filtering", r"(?s)")
…
-
```
So I was playing with dominator with some software seeing if it would catch
onto anything. Well it didn't but I did (in chrome).
The code flow to the domxss was something like this --->
var som…
-
```
So I was playing with dominator with some software seeing if it would catch
onto anything. Well it didn't but I did (in chrome).
The code flow to the domxss was something like this --->
var som…
-
To help us diagnose issues efficiently, please include:
[x] A short but descriptive title
[x] A detailed description of the problem including relevant software versions and steps to reproduce
O…
-
## Describe the bug
I ran dalfox on the following vulnerable application:
```
const express = require('express')
const app = express()
const port = 3000
app.get('/', (req, res) => {
res.se…
-
### Description
I've encountered some shell false positives for 932260 (PL1) , 932236 and 932239 (PL2) for commands like sudo, df, fd, and grc.
Some of these I'm obviously familiar with, but…
-
```
So I was playing with dominator with some software seeing if it would catch
onto anything. Well it didn't but I did (in chrome).
The code flow to the domxss was something like this --->
var som…