libinjection icon indicating copy to clipboard operation
libinjection copied to clipboard

Published 20 hours ago verified publisher icon client9

False positives

Open jzy2000 opened this issue 11 years ago • 2 comments

Nick, any idea why string (in the quotes) "on=x" is flagged as XSS?

jzy2000 avatar Jun 06 '14 20:06 jzy2000

That is weird as it definitely should not be flagged and I'm unable to reproduce using the latest version.

You got any more details?

On Sat, Jun 7, 2014 at 5:58 AM, jzy2000 [email protected] wrote:

Nick, any idea why string (in the quotes) "on=x" is flagged as XSS?

— Reply to this email directly or view it on GitHub https://github.com/client9/libinjection/issues/75.

client9 avatar Jun 07 '14 00:06 client9

I also tried this in ModSec smoke test, the first line is "973343 XSS Attack Detected via Libinjection". http://www.modsecurity.org/demo/demo-deny.html?test=on%3Dx

Yes, I use the source downloaded a week ago.

jzy2000 avatar Jun 07 '14 02:06 jzy2000