https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
20 views
Skip to first unread message
mex
May 5, 2017, 7:44:37 AM5/5/17
to naxsi-discuss
General Question:
would it make sense to check the HOST-Header for a ^[a-z0-9-]\.[a-z]$ pattern
to prevent any attacks in such style?
is there any case where a HOST-header would differ from any of given
pattern above?
we could the have a generic sig that would protect from any
HOST-header based attacks
would it make sense to check the HOST-Header for a ^[a-z0-9-]\.[a-z]$ pattern
to prevent any attacks in such style?
is there any case where a HOST-header would differ from any of given
pattern above?
we could the have a generic sig that would protect from any
HOST-header based attacks
mex
May 5, 2017, 7:56:33 AM5/5/17
to naxsi-discuss
i'd propose the following: rx:^[a-zA-Z\d-]+\.[a-zA-Z]+$
comments?
comments?
Reply all
Reply to author
Forward
0 new messages