Some announcements for PHPIDS 0.5
5 views
Skip to first unread message
Mario Heiderich
Jun 4, 2008, 3:42:09 AM6/4/08
to PHPIDS » Web Application Security 2.0
Hi,
Since it's been a while that we released a new version and|or posted
into the group I'd like to present you some news. PHPIDS 0.5 is closer
than we thought - and we will probably skip 0.4.8 and release a RC1 of
the PHPIDS 0.5 as soon as possible. Before that I will post a demo/
test link here - since there's a lot of data we have to put through
the new algorithms before releasing them.
Thing is: we finally found a possible solution to enable monitoring
user input containing legal HTML by the PHPIDS. This means that you
can define in the Config.ini which fields are allowed to contain HTML
and should get special treatment by the PHPIDS - no more exclusions
for WYSIWYG editors and comparable fields. The first testing will
inside a closed circle of testers and depending on the results the
demo link will be published publicly.
Furthermore a lot of false alerts have been removed as usual and
Gareth and David found some very interesting rule and Centrifuge
circumventions which were fixed. If you want to have a look at those
vectors check here: http://sla.ckers.org/forum/read.php?12,8085,22761,page=20.
The converter was optimized too and several problems with the
conversion method order have been fixed.
Well - besides some other minor issues that was basically it - I will
post in this topic as soon as there are more news about the upcoming
release.
Greetings,
.mario
Since it's been a while that we released a new version and|or posted
into the group I'd like to present you some news. PHPIDS 0.5 is closer
than we thought - and we will probably skip 0.4.8 and release a RC1 of
the PHPIDS 0.5 as soon as possible. Before that I will post a demo/
test link here - since there's a lot of data we have to put through
the new algorithms before releasing them.
Thing is: we finally found a possible solution to enable monitoring
user input containing legal HTML by the PHPIDS. This means that you
can define in the Config.ini which fields are allowed to contain HTML
and should get special treatment by the PHPIDS - no more exclusions
for WYSIWYG editors and comparable fields. The first testing will
inside a closed circle of testers and depending on the results the
demo link will be published publicly.
Furthermore a lot of false alerts have been removed as usual and
Gareth and David found some very interesting rule and Centrifuge
circumventions which were fixed. If you want to have a look at those
vectors check here: http://sla.ckers.org/forum/read.php?12,8085,22761,page=20.
The converter was optimized too and several problems with the
conversion method order have been fixed.
Well - besides some other minor issues that was basically it - I will
post in this topic as soon as there are more news about the upcoming
release.
Greetings,
.mario
Mario Heiderich
Jun 6, 2008, 8:06:16 AM6/6/08
to PHPIDS » Web Application Security 2.0
The HTML demo is online - no extra link - just the normal demo with a
checkbox. Have fun! (but don't expect wonders - it's the very first
testing version ;) )
Example:
http://demo.php-ids.org/?test=%3Ca+href%3D%22http%3A%2F%2Fwww.google.de%2F%22%3EGoogle%3C%2Fa%3E&html=on
HTML allowed
http://demo.php-ids.org/?test=%3Ca+href%3D%22http%3A%2F%2Fwww.google.de%2F%22%3EGoogle%3C%2Fa%3E
HTML not allowed
http://demo.php-ids.org/?test=%3Ca+onmouseover=alert(1)+href%3D%22http%3A%2F%2Fwww.google.de%2F%22%3EGoogle%3C%2Fa%3E&html=on
HTML allowed (with vector)
http://demo.php-ids.org/?test=%3Ca+onmouseover=alert(1)+href%3D%22http%3A%2F%2Fwww.google.de%2F%22%3EGoogle%3C%2Fa%3E
HTML not allowed (with vector)
On 4 Jun., 09:42, Mario Heiderich <Mario.Heider...@googlemail.com>
wrote:
checkbox. Have fun! (but don't expect wonders - it's the very first
testing version ;) )
Example:
http://demo.php-ids.org/?test=%3Ca+href%3D%22http%3A%2F%2Fwww.google.de%2F%22%3EGoogle%3C%2Fa%3E&html=on
HTML allowed
http://demo.php-ids.org/?test=%3Ca+href%3D%22http%3A%2F%2Fwww.google.de%2F%22%3EGoogle%3C%2Fa%3E
HTML not allowed
http://demo.php-ids.org/?test=%3Ca+onmouseover=alert(1)+href%3D%22http%3A%2F%2Fwww.google.de%2F%22%3EGoogle%3C%2Fa%3E&html=on
HTML allowed (with vector)
http://demo.php-ids.org/?test=%3Ca+onmouseover=alert(1)+href%3D%22http%3A%2F%2Fwww.google.de%2F%22%3EGoogle%3C%2Fa%3E
HTML not allowed (with vector)
On 4 Jun., 09:42, Mario Heiderich <Mario.Heider...@googlemail.com>
wrote:
Reply all
Reply to author
Forward
0 new messages