store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Sun May 19, 2013 11:50 pm

View unanswered posts | View active topics


Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]



Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
breun
 Post subject: Non-alphanumeric JavaScript
Unread postPosted: Sat Aug 11, 2012 7:13 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
Quote:
Quote:
What do you know about non-alphanumeric XSS?


The other day one of my friends asked me that question on IRC, pointing me to some articles on sla.ckers.org where they tried to create some scripts like alert(1) with non-alphanumeric characters.

As a security researcher and a penetration tester, he insisted that extending that concept to any javascript source would be really useful for bypassing IDSs, IPSs and WAFs. So challange accepted!


http://patriciopalladino.com/blog/2012/ ... cript.html

_________________
Lemonbit Internet Dedicated Server Management

Top
 Profile  
 
mikeshinn
 Post subject: Re: Non-alphanumeric JavaScript
Unread postPosted: Sat Aug 11, 2012 11:47 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3243
Location: Chantilly, VA
In the words of the character Wanda from "In Living Colour", "I got you!"

No need to worry, you are already protected against this if you are using either ASL or the real time rules (and your rules are kept up to date).

Rule 331029 in the advanced rules (MODSEC_11_ADV_RULES) detects this kind of obfuscation:

[modsecurity] [client 127.0.0.1] [domain localhost] [403] [/20120811/20120811-1137/20120811-113706-O4nFGsCoAfkAAEqZhSAAAAAA] [file "/etc/httpd/modsecurity.d/11_asl_adv_rules.conf"] [line "91"] [id "331029"] [rev "10"] [msg "Atomicorp.com WAF Rules: Possible Obfuscated Javascript injection."] Access denied with code 403 (phase 2).

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic Share/Bookmark  Page 1 of 1
  [ 2 posts ] 

Board index » Customer Support Forums » Security Alerts

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group