logo
down
shadow

False positive mod_security Cross Site Scripting Attack due to content of submitted form


False positive mod_security Cross Site Scripting Attack due to content of submitted form

By : Abhishek
Date : November 22 2020, 10:38 AM
seems to work fine
I would be most obliged if someone that knows about these filters could offer some suggestions on any methods that I can use to preprocess the form content before posting it from the webpage to make it more resilient to false positives.
code :


Share : facebook icon twitter icon
Cross Site Scripting Attack, troubles

Cross Site Scripting Attack, troubles


By : AwesomusPrime
Date : March 29 2020, 07:55 AM
I wish this help you remove the script tags from vector. it is put to eval function which runs javascript, not html.
Also you want your vector to be: document.getElementById('collab').innerHTML = 'test';
cross-site scripting (xss) attack

cross-site scripting (xss) attack


By : user3160912
Date : March 29 2020, 07:55 AM
it fixes the issue I just have one simple question about XSS attack. I know that you can prevent them by sanitizing the form inputs, but my question is, how about a search input (a general search on a website for example)? Should we sanitize search inputs as well? I mean, it's just a search input, the user should be able to search for anything that he/she wants on the website. Please provide me with some clarification on this. ,
I know that you can prevent them by sanitizing the form inputs
A simple example of a Cross-site scripting attack

A simple example of a Cross-site scripting attack


By : b1ack_dog
Date : March 29 2020, 07:55 AM
it should still fix some issue See http://www.insecurelabs.org and http://www.insecurelabs.org/task/
Intentionally vulnerable to XSS in the search field and several other places.
Issue regarding the XSS (Cross Site Scripting) attack

Issue regarding the XSS (Cross Site Scripting) attack


By : Ken Stibitz
Date : March 29 2020, 07:55 AM
should help you out In the email of the page we have following contents. , From your comment:
code :
// From user
str = "<img src='javascript:malicious();'>";

// Disable
str = str.replace(/&/g, "&amp;").replace(/</g, "&lt;");
emaildisclaimer-Test.html?name=test&email=test@test.com
emaildisclaimer-Test.html?r=NzZiNjFlZDAtZmRlMi0xMWUzLWEzYWMtMDgwMDIwMGM5YTY2
prevent cross site scripting attack in asp.net

prevent cross site scripting attack in asp.net


By : Louis
Date : March 29 2020, 07:55 AM
it helps some times MSDN article "How To: Prevent Cross-Site Scripting in ASP.NET" goes into a lot of details on it. Partial content below.
code :
<system.web>
  <pages buffer="true" validateRequest="true" />
</system.web>
Form fields, such as the following.
Response.Write(name.Text);
Response.Write(Request.Form["name"]);
Query Strings
Response.Write(Request.QueryString["name"]);

Query strings, such as the following:
Response.Write(Request.QueryString["username"]);

Databases and data access methods, such as the following:
SqlDataReader reader = cmd.ExecuteReader();
Response.Write(reader.GetString(1));

Be particularly careful with data read from a database if it is shared by other applications.
Cookie collection, such as the following:
Response.Write(
Request.Cookies["name"].Values["name"]);

Session and application variables, such as the following:
Response.Write(Session["name"]);
Response.Write(Application["name"]);
shadow
Privacy Policy - Terms - Contact Us © ourworld-yourmove.org