How to correct the regular expression in rule 942490 for fixing vulnerabilities?
- 内容介绍
- 文章标签
- 相关推荐
本文共计179个文字,预计阅读时间需要1分钟。
我尝试简化这段文字,不超过100个字:
进行了限制替换测试,范围从1到10,与5276个匹配项进行编辑,结果完全一致。即使范围缩小到1到2,结果也相同。我认为1到10的测试结果无误。
limitsubstitution[^\w\s]from+to{1,10}itesteditagainst5276matchesandtlimit substitution [^\w\s] from + to {1,10}
i tested it against 5276 matches and the results matches are exactly the same.even {1,2} produced the same results.i think {1,10} is fairly enough.
according to #1359
1234567891011121314 time grep -P -f 942490.rule 942490.payloadreal 0m10.631suser 0m10.630ssys 0m0.001stime grep -P -f 942490.test 942490.payloadreal 0m0.072suser 0m0.069ssys 0m0.002s``
该提问来源于开源项目:SpiderLabs/owasp-modsecurity-crs
But does not this invite a bypass via 11 characters?
本文共计179个文字,预计阅读时间需要1分钟。
我尝试简化这段文字,不超过100个字:
进行了限制替换测试,范围从1到10,与5276个匹配项进行编辑,结果完全一致。即使范围缩小到1到2,结果也相同。我认为1到10的测试结果无误。
limitsubstitution[^\w\s]from+to{1,10}itesteditagainst5276matchesandtlimit substitution [^\w\s] from + to {1,10}
i tested it against 5276 matches and the results matches are exactly the same.even {1,2} produced the same results.i think {1,10} is fairly enough.
according to #1359
1234567891011121314 time grep -P -f 942490.rule 942490.payloadreal 0m10.631suser 0m10.630ssys 0m0.001stime grep -P -f 942490.test 942490.payloadreal 0m0.072suser 0m0.069ssys 0m0.002s``
该提问来源于开源项目:SpiderLabs/owasp-modsecurity-crs
But does not this invite a bypass via 11 characters?