search

nbs-system / nxtool-ng

Because life is too short to waste your time transforming naxsi logs to rules by hand
42 stars 13 forks source link

Double-quotes aren't escaped #12

Closed jvoisin closed 7 years ago

jvoisin commented 7 years ago 
jvoisin@mim 18:00 ~/Dev/nxtool python3 ./nxtool.py --elastic --whitelist www.example.com                                                                                                [master] git:nxtool
/home/jvoisin/.local/lib/python3.5/site-packages/elasticsearch/connection/http_urllib3.py:70: UserWarning: Connecting to 10.0.9.25 using SSL with verify_certs=False is insecure.
  'Connecting to %s using SSL with verify_certs=False is insecure.' % host)
[+] Generating Google analytics rules
[+] Generating Image 1002 rules
[+] Generating array-like variable name rules
[+] Generating cookies rules
[+] Generating var + zone rules
[+] Generating url rules
[+] Generating var + zone rules
[+] Generating zone rules
[+] Generating site rules

Generated whitelists:
    BasicRule wl:1015 "mz:$URL:/poll/8|$BODY_VAR:ajax_page_state[libraries]" "msg:Variable zone-wide on a specific url";
    BasicRule wl:1001,1311,1310,1303 "mz:$URL:/politique/<img src="https:/s372.example.net/bb-mx/prime|$ARGS_VAR:tm" "msg:Variable zone-wide on a specific url";
    BasicRule wl:1302 "mz:$URL:/<img" "msg:url-wide ID whitelist";
    BasicRule wl:1302 "mz:$URL:/politique/<img src="https:/s372.example.net/bb-mx/prime" "msg:url-wide ID whitelist";
    BasicRule wl:1009,18 "mz:ARGS:" width" "msg:Variable zone-wide";
    BasicRule wl:1011,1010 "mz:ARGS" "msg:zone-wide ID whitelist"

jvoisin@mim 18:00 ~/Dev/nxtool

The " width variable isn't properly escaped.

jvoisin commented 7 years ago

Done in da536e9.