Closed nadzree closed 7 years ago
Noted on the invalid. Figured out that I can add the pattern in the based rule to suit my case
Sorry for the close without justification, was just doing some cleanup. If you read a bit about naxsi, you will quickly see it's a whitelist based mecanism and without training it won't give any results. If you want OOB SQLi killer or things like this, it's probably not the tool you are looking for :)
Hi buixor, understant it now. Thank you for further explaination 👍
I'm trying to understand the behaviour of naxsi as a WAF. It works great on the GET request however when I tried a sample of SQLi:
1' OR 1=1--
In the POST request, it did not block. Is this a normal behaviour or did I wrongly setup naxsi?