WAF Attack Signature Level
Hi,
I have a specific URL defined in the ASM Allowed URLs ("/path01/page.aspx" for our example), which has "Check attack signatures" checked.
In the Parameters we have only Wildcard with Ignore Value set.
We found this melicious attempt request wasn't detected:
/path01/page.aspx?a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd
which decodes to this:
/path01/page.aspx?a=<script>alert("XSS");</script>&b=UNION SELECT ALL FROM information_schema AND ' or SLEEP(5) or '&c=../../../../etc/passwd
So I understand the melicious code is in the parameter context, so it's not checked due to the wildcard settings.
But on the other hand, under the specific URL context, there are several "XSS (parameters)" signatures enabled.
Doesn't that mean that under that specific URL it should check for XSS in parameters signatures?
Thanks