[Owasp-modsecurity-core-rule-set] Fw: Fw: Encoding

Tue, 04 Sep 2012 02:31:12 -0700 


Sorry, my bad, the character is "ۨ" it uses ";" at the end of the 
characters as a delimiter,  and we all know how modsecurity treat with ";"

~IMAN

----- Forwarded Message -----
From: Iman Vakili <ivak...@yahoo.com>
To: "owasp-modsecurity-core-rule-set@lists.owasp.org" 
<owasp-modsecurity-core-rule-set@lists.owasp.org> 
Sent: Tuesday, September 4, 2012 1:39 PM
Subject: [Owasp-modsecurity-core-rule-set] Fw:  Encoding
 



I want to complete my question, when I send a character in iso-8859 , something 
like "&#1768" will transfer and I don't know how to make modsecurity to 
understand this (decode it), it seems that I have to change iso-8859 to utf-8 
maybe by t.urldecodeuni but I don't know how to transform it, also I don't know 
what is the meaning of codes in the unicode.mapping somethng like 01e5:67, 
anyone can explain their procedure? first I thought it is mapping 01e5 to 67 
but when I was testing it my hypothesis rejected, even if it can map characters 
what should we do with "&#"?

Sincerely yours

~IMAN


----- Forwarded Message -----
From: Iman Vakili <ivak...@yahoo.com>
To: "owasp-modsecurity-core-rule-set@lists.owasp.org" 
<owasp-modsecurity-core-rule-set@lists.owasp.org> 
Sent: Tuesday, September 4, 2012 8:36 AM
Subject: [Owasp-modsecurity-core-rule-set] Encoding
 

Hi friends,

I have set parameter matching in UTF8 encoding on modsecurity, but there is a 
web application which using iso-8859-1 for its encoding, and the thing is 
modsecurity will detect every parameter encoded in iso-8859-1 in the post and 
get parameters as an attack, that is natural behavior but I wonder how we can 
support other encoding such as iso-8859-1, also there are some functions which 
I think are ambiguous, like t:urlDecodeUni,  I couldn't detect any 
transformation by this function, also SecUnicodeCodePage and SecUnicodeMapFile, 
the thing is it is not clear what exactly mapping do, 
I will be so thankful if you can guide me, do you think I have to change in the 
developing level to support other encodings?

Thanks a lot,
All the best

~Iman
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set



_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

Reply via email to