Forum Discussion
2 Replies
Sort By
- hooleylistCirrostratusHi Zafer,
- Zafer_101134NimbostratusHi hoolio
i m doing Xss attack to the ASM with
ASM doesn't currently provide an option to base64 decode request components. But most web servers won't do this either so it's not a problem. If the web application does base64 decode whatever request component you're putting the base64 encoded attack string in, then you'd have a potential issue.
What kind of app are you testing?
Aaron
the customer use apache tomcat.
We tested several attack methods to the ASM and i can't find how to block encoded request based on hex and base64
regards
zafer