Not signed in (Sign In)

  • Subscribe

    • Feed

PHPIDS filters: False positives with the apostrophe

Bottom of Page

1 to 2 of 2

  1.  
    • CommentAuthorstefano
    • CommentTimeJan 1st 2010
     
    False positives with the apostrophe

    Hello, I obtained false positives with strings that contain the apostrophe (') sign. I get the same results with my installation of PHPIDS and with the Smoketest demo form of the PHPIDS site. Here's the strings I tried and the results associated with them:

    L'orem ipsum 4 dolor sit amet!

    Impact: 12
    Affected tags: sqli id lfi


    L'orem ipsum 7 dolor sit amet?

    Impact: 26
    Affected tags: sqli id lfi xss csrf rfe


    'Lorem ipsum 8 dolor sit amet?

    Impact: 14
    Affected tags: xss csrf id rfe lfi


    The following strings give a negative result instead:

    Lorem' ipsum 2 dolor sit amet
    Lorem' ipsum 3 dolor sit amet!
    Lorem' ipsum 5 dolor sit amet?
    Lorem' ipsum 6 dolor à sit amet?


    Why these different results?

    Thanks
    • CommentAuthorKeilaron
    • CommentTimeJan 22nd 2010
     
    Definitely false positives. The first one can even be shorted to:
    L'or!
    It's seeing an apostrophe (for some reason, only in the second place does it matter), the word OR, and a punctuation mark. Weird.
    Some of the other ones can be shorted too.

1 to 2 of 2

  1.