azurit
azurit
Hey @aus-coder, would you like to check this out?
It's different from current phpmyadmin RE plugin. I didn't post it anywhere yet because i decided to integrate it into current phpmyadmin RE plugin (phpmyadmin version will be configurable). Attaching...
Please look here: https://github.com/coreruleset/phpmyadmin-rule-exclusions-plugin/pull/5
Can i close this?
> but I don't know what is the Lua support in Coraza. Unfortunately, none. :)
I'm very close to a working solution (which uses Lua) but it's going to be a little more complex. Not sure if it's worth it.
Not exactly, it will probably be too complex and take much time to implement it correctly. I don't have a working prototype yet but i was able to resolve all...
Good news everyone! Attaching first, buggy, incomplete BUT working version of XXE plugin: [xxe.tar.gz](https://github.com/coreruleset/coreruleset/files/8533545/xxe.tar.gz) Needs LuaExpat library (Debian/Ubuntu: `apt install lua-expat`). ``` $ cat xxe2.xml John union select $ curl...
@studersi > Does your Lua script simply replace the ModSecurity body processor to keep the `REQUEST_BODY` target populated while still extracting the elements from the XML body? Yes, exactly. >...
> Would it be possible to store the content of the `REQUEST_BODY` collection in a transient collection (e.g. `tx.request_body`), use this transient variable for the XXE rules, and then run...