当前位置 : 主页 > 网络编程 > 其它编程 >

Fixvulnerableregexpinrule942490

来源:互联网 收集:自由互联 发布时间:2023-07-02
limitsubstitution[^\w\s]from+to{1,10}itesteditagainst5276matchesandt limit substitution [^\w\s] from + to {1,10} i tested it against 5276 matches and the results matches are exactly the same.even {1,2} produced the same results.i think {1,10
limitsubstitution[^\w\s]from+to{1,10}itesteditagainst5276matchesandt

limit substitution [^\w\s] from + to {1,10}

i tested it against 5276 matches and the results matches are exactly the same.even {1,2} produced the same results.i think {1,10} is fairly enough.

according to #1359

1234567891011121314 time grep -P -f 942490.rule 942490.payloadreal    0m10.631suser    0m10.630ssys 0m0.001stime grep -P -f 942490.test 942490.payloadreal    0m0.072suser    0m0.069ssys 0m0.002s

``

该提问来源于开源项目:SpiderLabs/owasp-modsecurity-crs

But does not this invite a bypass via 11 characters?

网友评论