Fix XSS requesting 'capture' action v3.1/dev

emphazer · web-flow · commit 2dd3622a0afb · 2017-07-04T10:35:40.000+02:00
according to PR SpiderLabs#828 before we forget it ;-)
diff --git a/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf b/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf
@@ -1,5 +1,5 @@
 # ------------------------------------------------------------------------
-# OWASP ModSecurity Core Rule Set ver.3.0.2
+# OWASP ModSecurity Core Rule Set ver.3.1.0
 # Copyright (c) 2006-2016 Trustwave and contributors. All rights reserved.
 #
 # The OWASP ModSecurity Core Rule Set is distributed under
@@ -46,7 +46,6 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
 	t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\
 	block,\
 	ctl:auditLogParts=+E,\
-	capture,\
 	tag:'application-multi',\
 	tag:'language-multi',\
 	tag:'platform-multi',\
@@ -57,7 +56,7 @@ SecRule REQUEST_COOKIES|!REQUEST_COOKIES:/__utm/|REQUEST_COOKIES_NAMES|REQUEST_H
 	tag:'OWASP_TOP_10/A3',\
 	tag:'OWASP_AppSensor/IE1',\
 	tag:'CAPEC-242',\
-	logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
+	logdata:'Matched Data: XSS data found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
 	setvar:'tx.msg=%{rule.msg}',\
 	setvar:tx.xss_score=+%{tx.critical_anomaly_score},\
 	setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
@@ -982,4 +981,3 @@ SecRule TX:PARANOIA_LEVEL "@lt 4" "phase:2,id:941018,nolog,pass,skipAfter:END-RE
 # -= Paranoia Levels Finished =-
 #
 SecMarker "END-REQUEST-941-APPLICATION-ATTACK-XSS"
-
