Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FP in sql injection and unciode code is showing as unsupported directive #1023

Open
joshi-mohit opened this issue Mar 24, 2024 · 1 comment
Open

FP in sql injection and unciode code is showing as unsupported directive #1023

joshi-mohit opened this issue Mar 24, 2024 · 1 comment

Comments

@joshi-mohit
Copy link

Description

I see this as unsupported directive. Is there is any way to set the unicode codepoint -- "secunicodemap": directiveUnsupported,

I am getting FP in
Detects concatenated basic SQL injection and SQLLFI attempts, Matched Data: शिवा ,शिवा update 19 found within ARGS:json.value: शिवा ,शिवा update 19/3/24,शिवा update ,शिवा,पुन्हा कर्तव्य \xe0\xa4

The payload look like
{"key": "recent_search", "value": "\u0936\u093f\u0935\u093e ,\u0936\u093f\u0935\u093e update 19/3/24,\u0936\u093f\u0935\u093e update ,\u0936\u093f\u0935\u093e"}

This is possibly due to Devanagri script. Some of payloads in the website has ascii charcters.
How can we set the correct unicode mapping to have this fixed

Also see this FP on rule 942100--> SQL Injection Attack Detected via libinjection, Matched Data: 1c found within REQUEST_COOKIES:
@joshi-mohit
Copy link
Author

@anuraaga
@jptosso -- is there a way to have unicode directives updated in any way. This seems to be related to that or can you provide guidance on how to move on this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@joshi-mohit