Open saratoga118 opened 2 years ago
We use libinjection 3.9.2 within modsecurity 3.0.6. This is the string that causes a false positive XSS match in CRS rule 941101:
/ppfx/oNS-r3VlTC67VwnnCfx1wAd1jDbbMTSfeXRcovqQe67gIMHc8vr_T66y_0QA1rCquQ?a=V2Vidmlldw
I've compiled reader.c and that this seems to confirm the XSS match:
$ ./reader -x testfile testfile 1 True /ppfx/oNS-r3VlTC67VwnnCfx1wAd1jDbbMTSfeXRcovqQe67gIMHc8vr_T66y_0QA1rCquQ?a=V2Vidmlldw SQLI : 1 SAFE : 0 TOTAL : 1
I would like to understand why this string is causing an XSS match.
We use libinjection 3.9.2 within modsecurity 3.0.6. This is the string that causes a false positive XSS match in CRS rule 941101:
/ppfx/oNS-r3VlTC67VwnnCfx1wAd1jDbbMTSfeXRcovqQe67gIMHc8vr_T66y_0QA1rCquQ?a=V2VidmlldwI've compiled reader.c and that this seems to confirm the XSS match:
I would like to understand why this string is causing an XSS match.