Product: Mod_security Author: Rafay Baloch Status: Fixed Details: The Mod_Security firewall is one of the most known WAF around, It has an online smoke test where we can check if a vector bypassed the regular expressions. Payload: It was though detecting null bytes, but it was generating a false positive marking an xss attack as a SQL Injection attack. The payload that was injected was: confirm(0); I changed alert/eval to confirm, because alert was being detected but prompt and confirm were not being detected. Fix: The ModSecurity has updated the rule set and it now the detects the vector as an xss vector. More details can be found in the following tweet: https://twitter.com/ModSecurity/status/347364390737178625 -- Warm Regards, Rafay Baloch http://rafayhackingarticles.net http://techlotips.com