Bug fixes to session hijacking #8

Merged
merged 1 commit into from Dec 19, 2012

Projects

None yet

2 participants

@benwilliams

Some cookies did not match in RESPONSE_HEADERS:/Set-Cookie2?/ but did match in REQUEST_COOKIES. ie ASPSESSIONIDXXX.

Also there was a bug related to comparisons on collection keys that do
not exist. When a request contains a cookie that has not been saved to
the SESSION collection before, the intention is for tx.anomaly_score
to be incremented by 5 (critical) and the rest of the checks skipped,
but this does not happen. Any test on a collection key that does not
exist always returns false. This means the test on SESSION:VALID "!@eq
1" returns false, when the intention is for it to return true if the
session cookie has not been seen before. And the following rules in
the block are run which triggers 981059,981060,981061 to return true
since it is a new session collection withou ip_hash or ua_hash keys.

@benwilliams benwilliams Fixed asymmetric matching of cookies, ie ASPSESSIONIDXXX did not match
in RESPONSE_HEADERS:/Set-Cookie2?/ but did match in REQUEST_COOKIES.

Also there was a bug related to comparisons on collection keys that do
not exist. When a request contains a cookie that has not been saved to
the SESSION collection before, the intention is for tx.anomaly_score
to be incremented by 5 (critical) and the rest of the checks skipped,
but this does not happen. Any test on a collection key that does not
exist always returns false. This means the test on SESSION:VALID "!@eq
1" returns false, when the intention is for it to return true if the
session cookie has not been seen before.  And the following rules in
the block are run which triggers 981059,981060,981061 to return true
since it is a new session collection withou ip_hash or ua_hash keys.
36e19a1
@rcbarnett rcbarnett merged commit 044d76c into SpiderLabs:master Dec 19, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment