InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

[Resolved] XSS Exspression for Server Running On Local IP

https://forums.informaction.com/viewtopic.php?t=12420

Page 1 of 1

[Resolved] XSS Exspression for Server Running On Local IP

Posted: Thu Feb 07, 2013 8:23 pm
by Jahzoone
Hi,

I am hoping someone can help me figure out how to write an XSS Expression or find away to view my own web site when I am at home. I have an Apache Web Server running on my local home net work and when I'm at one of my local worksations NoScript will not let me view the site, it pops up a warning that ABE or one of the advanced setting is preventing the page for loading. The only way to get around it is to Disable it or allow Global Scripts (Dangerous). I want to keep as many of the protections offered by NoScript running but still be able to upload, download and perform maintenance to the the site. Any suggestion or recommendations will be great appreciated.

Thank You,

Jay Kinkade

Re: XSS Exspression for Server Running On Local IP

Posted: Thu Feb 07, 2013 11:04 pm
by Giorgio Maone
Could you please post here the exact message(s) you get from ABE?

Re: XSS Exspression for Server Running On Local IP

Posted: Fri Feb 08, 2013 11:19 pm
by Jahzoone
Thanks for your quick response, sorry I should have been more clear. Here is the warning message I get when I try to load my forum page:
'Request {GET https://www.tictoctunes.com/forum/index.php?sid=somesid <<< https://www.tictoctunes.com/forum/ -6} filtered by ABE: <LOCAL> Deny'
The CSS style sheet does not load. Can I just put 'accept from local' under the User tab of the ABE options? It seems to be listed for System ?

Thanks Again for your help.

Jay

Re: XSS Exspression for Server Running On Local IP

Posted: Sat Feb 09, 2013 6:24 am
by Thrawn
Jahzoone wrote:Thanks for your quick response, sorry I should have been more clear. Here is the warning message I get when I try to load my forum page:
'Request {GET https://www.tictoctunes.com/forum/index.php?sid=somesid <<< https://www.tictoctunes.com/forum/ -6} filtered by ABE: <LOCAL> Deny'
The CSS style sheet does not load. Can I just put 'accept from local' under the User tab of the ABE options? It seems to be listed for System ?
No, 'Accept from local' won't work, because as you say, it's already in the system ruleset. ABE must be getting confused about what is and isn't local.

You could try changing the system rule to:

Code: Select all

Site LOCAL
Accept from LOCAL
Accept from https://www.tictoctunes.com
Deny
or possibly (if that doesn't work):

Code: Select all

Site LOCAL https://www.tictoctunes.com
Accept from LOCAL
Accept from https://www.tictoctunes.com
Deny

Re: XSS Exspression for Server Running On Local IP

Posted: Mon Feb 11, 2013 4:12 pm
by Jahzoone
OK, I'll give that a try tonight when I get home and post the results tomorrow. Thanks for the sugeestion :)

Re: XSS Exspression for Server Running On Local IP

Posted: Tue Feb 12, 2013 1:14 pm
by Jahzoone
I am pleased to report that adding the line 'Accept from https://www.tictoctunes.com' to the ABE System Rules did the trick. Now the pages load and I have no warning messages. Thank you to everyone who help with this thread :D

Best Regards,

Jay Kinkade
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited