HI,
I have updated my owasp core rule set to 3.3.4 but it is not working when I hit domain.com?<script>alert()</script> it not showing me 403 error msg.
here is my audit_log please check and let me know what wrong
-
I have updated my owasp core rule set to 3.3.4 but it is not working when I hit domain.com?<script>alert()</script> it not showing me 403 error msg.
here is my audit_log please check and let me know what wrong
Code:
[21/Mar/2023:15:49:03 +0530] 167934365.747496 110.26.177.65 271 domain.com 80
---bImeOdLc---B--
GET /?%3Cscript%3Ealert( HTTP/1.1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.5
connection: keep-alive
cookie: mage-cache-storage=%7B%7D; mage-cache-storage-section-invalidation=%7B%7dD; mage-cache-sessid=true; recently_viewed_product=%7B%7dD; recently_viewed_product_previous=%7B%7dD; recently_compared_product=%7B%7dD; recently_compared_product_previous=%7B%7dD; product_data_storage=%7B%7D
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
host: domain.com
Upgrade-Insecure-Requests: 1
---bImeOdLc---F--
HTTP/1.1 200
content-type: text/html; charset=UTF-8
---bImeOdLc---H--
---bImeOdLc---I--
---bImeOdLc---Z-