ucinc / naxsi

Automatically exported from code.google.com/p/naxsi
Other
0 stars 0 forks source link

nx_util fails to parse xss in header_var HOST #81

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. run qualys owasp-scan against an naxsi-protected website

What is the expected output? What do you see instead?
nx_util should detect the given xss parse the given error.log - line correctly, 
but fails

What version of the product are you using? On what operating system?
naxsi + nx_util 0.51-1

Please provide your nginx configuration any additional information below.

logline:
2013/07/01 13:14:54 [error] 9097#0: *6584 NAXSI_FMT: 
ip=64.39.111.94&server=%22%3e%3cscript%3ealert('qualys_xss_joomla_2.5.3')%3c%2fs
cript%3e&uri=/&learning=0&vers=0.51&total_processed=869&total_blocked=65&zone0=B
ODY&id0=11&var_name0=, client: 64.39.111.94, server: fump.8ack.de, request: 
"POST / HTTP/1.1", host: 
"%22%3E%3Cscript%3Ealert('Qualys_XSS_Joomla_2.5.3')%3C%2Fscript%3E"

the entry in dict_buf looks like this:

{'zone': 'BODY', 'ip': '64.39.111.94', 'uri': '/', 'server': 
'"><script>alert(\'qualys_xss_joomla_2.5.3\')</script>', 'content': '', 
'var_name': '', 'date': '2013-07-01 13:14:54', 'id': '11'}

i think the Request looks like this:

GET /
HOST: place_your_<script>(xs</script>_here
... 

Original issue reported on code.google.com by lazy.dog...@gmail.com on 11 Jul 2013 at 3:22