Comments on: PHPIDS 0.4.7 ”Roberta” waiting to be downloaded http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/ Sun, 18 May 2008 03:13:47 +0000 http://wordpress.org/?v=2.5.1 By: PHP Blogger: +++ Updates +++ Updates +++ - Ein PHP Blog auf deutsch http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-156 PHP Blogger: +++ Updates +++ Updates +++ - Ein PHP Blog auf deutsch Mon, 17 Mar 2008 14:09:03 +0000 http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-156 [...] PHPIDS 0.4.7: Die Dame “Roberta” möchte vom Infostand gedownloaded werden ;) Sie wartet dort bereits seit 20. Februar, also nix wie hin: Neben verschiedenen Optimierungen wurde die Unterstützung für UTF7 und BASE64 hinzugefügt und verbessert. Die API hat keine Veränderungen erfahren - ein Update ist also problemlos möglich. [...] [...] PHPIDS 0.4.7: Die Dame “Roberta” möchte vom Infostand gedownloaded werden ;) Sie wartet dort bereits seit 20. Februar, also nix wie hin: Neben verschiedenen Optimierungen wurde die Unterstützung für UTF7 und BASE64 hinzugefügt und verbessert. Die API hat keine Veränderungen erfahren - ein Update ist also problemlos möglich. [...]

]]> By: .mario http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-149 .mario Thu, 13 Mar 2008 08:30:47 +0000 http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-149 @fragge: First of all this input string results in an impact of 4 - not 11. Please test before posting. http://demo.php-ids.org/?test=%3Cb%3E%3Ci%3EHello%3C/i%3E%3C/b%3E Second: What application would allow you to pass input strings as such per GET/POST if it's no WYSIWYG editor? If you allow HTML for certain fields then don't use the PHPIDS on them - it makes no sense and was discussed over and over again in the forum, the group and son sla.ckers.org. If you don't such a string can be cosidered a XSS probing - and should be detected with a small impact - which exactly happens. Greetings, .mario @fragge: First of all this input string results in an impact of 4 - not 11. Please test before posting.

http://demo.php-ids.org/?test=%3Cb%3E%3Ci%3EHello%3C/i%3E%3C/b%3E

Second: What application would allow you to pass input strings as such per GET/POST if it’s no WYSIWYG editor? If you allow HTML for certain fields then don’t use the PHPIDS on them - it makes no sense and was discussed over and over again in the forum, the group and son sla.ckers.org. If you don’t such a string can be cosidered a XSS probing - and should be detected with a small impact - which exactly happens.

Greetings,
.mario

]]> By: fragge http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-148 fragge Thu, 13 Mar 2008 02:52:09 +0000 http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-148 <b><i>Hello</i></b> still causes a false positive of 11. How on earth is that 99% accuracy? Considering the usage of said tags, I'm fairly certain your IDS will consistently bring false positives, because you've blacklisted anything that has to do with the internet. :\ <b><i>Hello</i></b> still causes a false positive of 11. How on earth is that 99% accuracy? Considering the usage of said tags, I’m fairly certain your IDS will consistently bring false positives, because you’ve blacklisted anything that has to do with the internet. :\

]]> By: .mario http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-147 .mario Tue, 11 Mar 2008 08:23:45 +0000 http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-147 That's fine - so how can we help you? That’s fine - so how can we help you?

]]> By: roopa http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-146 roopa Tue, 11 Mar 2008 06:22:18 +0000 http://php-ids.org/2008/02/20/phpids-047-%e2%80%9droberta%e2%80%9d-waits-to-be-downloaded/#comment-146 sir, I required algorithm to detect & prevent SQL injection attacks I required a dataflow diagram regarding this sir,

I required algorithm to detect & prevent SQL injection attacks

I required a dataflow diagram regarding this

]]>