What steps will reproduce the problem?
1. run qualys owasp-scan against an naxsi-protected website
What is the expected output? What do you see instead?
nx_util should detect the given xss parse the given error.log - line correctly,
but fails
What version of the product are you using? On what operating system?
naxsi + nx_util 0.51-1
Please provide your nginx configuration any additional information below.
logline:
2013/07/01 13:14:54 [error] 9097#0: *6584 NAXSI_FMT:
ip=64.39.111.94&server=%22%3e%3cscript%3ealert('qualys_xss_joomla_2.5.3')%3c%2fs
cript%3e&uri=/&learning=0&vers=0.51&total_processed=869&total_blocked=65&zone0=B
ODY&id0=11&var_name0=, client: 64.39.111.94, server: fump.8ack.de, request:
"POST / HTTP/1.1", host:
"%22%3E%3Cscript%3Ealert('Qualys_XSS_Joomla_2.5.3')%3C%2Fscript%3E"
the entry in dict_buf looks like this:
{'zone': 'BODY', 'ip': '64.39.111.94', 'uri': '/', 'server':
'"><script>alert(\'qualys_xss_joomla_2.5.3\')</script>', 'content': '',
'var_name': '', 'date': '2013-07-01 13:14:54', 'id': '11'}
i think the Request looks like this:
GET /
HOST: place_your_<script>(xs</script>_here
...
Original issue reported on code.google.com by lazy.dog...@gmail.com on 11 Jul 2013 at 3:22
Original issue reported on code.google.com by
lazy.dog...@gmail.comon 11 Jul 2013 at 3:22