如何将Fixvulnerableregexpinrule942490应用于规则设置以修复漏洞?
- 内容介绍
- 文章标签
- 相关推荐
本文共计151个文字,预计阅读时间需要1分钟。
我尝试对原文进行简化,不超过100字:
使用limitsubstitution从1到10测试5276个匹配项,结果与{1,2}测试完全一致。
limitsubstitution[^\w\s]from+to{1,10}itesteditagainst5276matchesandtlimit substitution [^\w\s] from + to {1,10}
i tested it against 5276 matches and the results matches are exactly the same.even {1,2} produced the same results.i think {1,10} is fairly enough.
according to #1359
1234567891011121314 time grep -P -f 942490.rule 942490.payloadreal 0m10.631suser 0m10.630ssys 0m0.001stime grep -P -f 942490.test 942490.payloadreal 0m0.072suser 0m0.069ssys 0m0.002s``
该提问来源于开源项目:SpiderLabs/owasp-modsecurity-crs
But does not this invite a bypass via 11 characters?
本文共计151个文字,预计阅读时间需要1分钟。
我尝试对原文进行简化,不超过100字:
使用limitsubstitution从1到10测试5276个匹配项,结果与{1,2}测试完全一致。
limitsubstitution[^\w\s]from+to{1,10}itesteditagainst5276matchesandtlimit substitution [^\w\s] from + to {1,10}
i tested it against 5276 matches and the results matches are exactly the same.even {1,2} produced the same results.i think {1,10} is fairly enough.
according to #1359
1234567891011121314 time grep -P -f 942490.rule 942490.payloadreal 0m10.631suser 0m10.630ssys 0m0.001stime grep -P -f 942490.test 942490.payloadreal 0m0.072suser 0m0.069ssys 0m0.002s``
该提问来源于开源项目:SpiderLabs/owasp-modsecurity-crs
But does not this invite a bypass via 11 characters?