Re: testing the ASCIIZ vulnerability test

Without seeing your exact rules we can't help you much.

Which version of ModSecurity are you running? If it's in the 2.x
branch then you should upgrade to the latest stable version (2.5.5).
If it is in the 1.9.x branch you should upgrade to 1.9.5, which fixes
the ASCIIZ evasion issue.

On Wed, Jul 2, 2008 at 5:18 AM, Rashmi Badan <rashmi.badan <at> gmail.com> wrote:
> Hi,
>
> I'm trying to test the fix for this vunerability in a mod_security version <
> 2.1 - basically I am trying a before and after test as mentioned here -
> http://www.php-security.org/MOPB/BONUS-12-2007.html  but do not see any 'XSS
> attack' related message in the error log. Are there any specific
> mod_security directives that need to be configured to trigger this error ?
>
> Would appreciate any inputs on this.
>
> Thanks,
> Rashmi
> -------------------------------------------------------------------------
> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
> Studies have shown that voting for your favorite open source project,
> along with a healthy diet, reduces your potential for chronic lameness
> and boredom. Vote Now at http://www.sourceforge.net/community/cca08
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>

--

-- 
Ivan Ristic

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08