I haven't added XSS tests yet. Will do that in next release. Ryan Barnett Lead Security Researcher, SpiderLabs
Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Oct 3, 2013, at 10:03 PM, "Rolling Stone" <jzy2...@hotmail.com<mailto:jzy2...@hotmail.com>> wrote: Hi, I am looking at sub-folder util/regression-tests/tests/ for XSS test cases, unlike other .tests files including 1 test case for each CRS rule; modsecurity_crs_41_xss_attacks.tests has only one test template with empty payload “%var xss=”. Did I miss anything? Thanks, R.S. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set@lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
