We added the @detectXSS operator in ModSecurity v2.8.0-rc1 - https://github.com/SpiderLabs/ModSecurity/releases/tag/v2.8.0-rc1
We added a new rule that uses it to the OWASP CRS v3.0.0-dev - https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/v3.0.0-dev/rules/REQUEST-41-APPLICATION-ATTACK-XSS.conf#L25-55 You can test it out in our online Demo/Smoketest here - http://www.modsecurity.org/demo/demo-deny.html?test=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E 973343 XSS Attack Detected via Libinjection Matched script>alert at ARGS:test If anyone finds any false positives or evasion issues – please open a GitHub Issue - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues Thanks. Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Rolling Stone <jzy2...@hotmail.com<mailto:jzy2...@hotmail.com>> Date: Wednesday, May 28, 2014 3:18 PM To: "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: [Owasp-modsecurity-core-rule-set] @detectXSS Hello guys. Do any of you have used this newly added @detectXSS for XSS detection, how’s the accuracy? What’s the relation of this gesture and XSS rules in Core Rule Set? Thanks, R.S. ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
