[Owasp-modsecurity-core-rule-set] XSS false negative ?

Thayyile kandy, Subin : CSO GIS sthayyilekan at BarclaycardUS.com
Thu Jul 13 01:25:11 UTC 2017


Shouldn't CRS3.0 be flagging this XSS ? I did check the XSS rules but couldn't figure out if why it wasn't getting flagged.

https://localhost/test.action?testingid=29776%27};alert(1);var%20x={%27myid%27:%2723233

Thanks
Subin
Barclaycard

www.barclaycardus.com<http://www.barclaycardus.com>

This email and any files transmitted with it may contain confidential and/or proprietary information. It is intended solely for the use of the individual or entity who is the intended recipient. Unauthorized use of this information is prohibited. If you have received this in error, please contact the sender by replying to this message and delete this material from any system it may be on.


More information about the Owasp-modsecurity-core-rule-set mailing list