Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Report OWASP WAF Naxsi bypass Vulnerability
Mar 26 2013 02:00AM
safe3q gmail com
OWASP WAF Naxsi bypass Vulnerability
Certain unspecified input is not properly handed in
naxsi_src/naxsi_utils.c naxsi_unescape_uri(u_char **dst, u_char **src,
size_t size, ngx_uint_t type) before being used to filtered. This can
be exploited to bypass some WAF rules.
[ more ]
Copyright 2010, SecurityFocus