seckb*

PHP IDS Bypass via Vulnerable Regular Expression: https://sitewat.ch/en/files/Bypassing%20PHPIDS%200.6.5.pdf Lesson Learnt: It has been clear that applications whose inputs are processed from loosely defined regular expression fail to achieve their primary intended workflow.  We've seen code execution vulnerabilities in  applications (e107, AEF) that derive from flawed regular expressions.

Advisory Joint Trustwave's SpiderLabs Security Advisory TWSL2009-001 and EnableSecurity Advisory ES-20090500: Profense Web Application Firewall and Load Balancer multiple vulnerabilities Published: 2009-05-19 Version: 1.0 https://www.trustwave.com/spiderlabs/advisories/TWSL2009-001.txt Analysis We noted that researchers from Trustwave and EnableSecurity were able to bypass the protection of Profense Web Application Firewall. The following words caught our attention: "Inserting extra characters in the JavaScript close tag" </script ByPass>) "pattern matching in multi line mode matches any non-hostile line and marks the whole request as legitimate . by making use of a URL-encoded new line character" (Logic Flaw) Sample exploits that bypass the defense: xss.php?var=abcdef%3Cembed%3Eaaaaaaa%3Cscript%3Ealert(document.cookie)%3C/script%20ByPass%3E xss.php?var=%3CEvil%20script%20goes%20here%3E=%0AByPass     Check   It's necessary to test web application fi...