Skip to content

zpettry/mod_security-xss-bypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

fuzzdbxss.txt

fuzzdbxss.txt

 
 

fuzzdbxssoutput.txt

fuzzdbxssoutput.txt

 
 

login.php

login.php

 
 

script.html

script.html

 
 

seclistsxss.txt

seclistsxss.txt

 
 

sedlistsxssoutput.txt

sedlistsxssoutput.txt

 
 

xssbypasstest.py

xssbypasstest.py

 
 

Repository files navigation

I wanted to do some research in the cybersecurity domain that piqued my interest. I decided to test what XSS strings in the FuzzDB and SecLists lists bypassed mod_security OWASP ruleset on a standard Apache2 web server.

I combined all separate XSS lists within FuzzDB as well as SecLists. I then proceeded to run these on the login parameter of a quick PHP login script I acquired for testing.

As you can see from the preceding Python code, I would print out the string that received a 200 response code from the Apache2 server. This shows that the string is not being filtered by the WAF and thus not receiving a 403 Forbidden response from the server.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages