Hi,

we receive quite an amount of alerts, when one specific user with a strange cookie visits our site. The mail send is

Impact: 16
Affected tags: xss csrf id rfe lfi
Affected parameters: BCSI-ACP-2C8EFBA3EB2FA6C8=19C1BBCF000000138Cf2LGQ4uJYzUmuC7e6UthdH7qzEBgAAEwAAAAYGsQAQDgAAmwEAAP/KEAA=,
Request URI: /images/bg_verlauf.gif


Do you have any idea what this could be? Is it a false positive or could I unharmfully ignore this key?

cheers,
kaspar

Actually this one is quite hard to ignore. The 3rd part is variable, so I cannot exlude the parameter via exceptionlist.
This leads to the question, whether it could be possible, to use wildcards in the exceptions. It would affect performance, but it would increase felxibility. Actually we receive so many false positives with this pattern, that we consider not to use phpids any more, as we cannot rely on it any more.

Could you please discuss the option?

Cheers
Kaspar

Do you suggest that I extend the string comparision function or that you do the change?
If I should do it, could you please assist, which method to override, as otherwise I have to dig in the code quite deeply.

If your suggestion is, that you implement it in the core than I would be grateful, as this would indeed allow wildcards to be used and would solve my problem.
But I don't know the performance or security impacts and I don't have the framework at hand to test it.

This is great news! I look forward it. Thank you