Closed shaddai closed 7 years ago
Hello,
There are a few glitches in the whitelists generated by nxtool. At the moment, I noticed two of them :
You can't mix BODY_VAR and ARGS_VAR in the same rule:
BODY_VAR
ARGS_VAR
BasicRule wl:1310,1311 "mz:$BODY_VAR_X:data\[.+\]|$ARGS_VAR_X:data\[.+\]" "msg:Array-like variable name";
You should use to rules, on with "mz:$URL:/url|$BODY_VAR:data"; and the other with s/BODY/ARGS/
"mz:$URL:/url|$BODY_VAR:data";
The args or body var name whitelist is incorrectly set:
BasicRule wl:1000 "mz:ARGS|NAME:yes" "msg:Variable zone-wide";
Should be :
BasicRule wl:1000 "mz:$ARGS_VAR:yes|NAME" "msg:Variable zone-wide";
Hello,
There are a few glitches in the whitelists generated by nxtool. At the moment, I noticed two of them :
1
You can't mix
BODY_VARandARGS_VARin the same rule:You should use to rules, on with
"mz:$URL:/url|$BODY_VAR:data";and the other with s/BODY/ARGS/2
The args or body var name whitelist is incorrectly set:
Should be :