url parameter name attack

[kontext]

Hi

a attack "...?A<script>...</script>...b=c
will not found, thats not ok

the given referrer on netxt call with
REFFERER: http://.../..?A<script>...</script>...b=c
will be found

why is like that

Can somebody help me please.
- what must be changes so the first parameter name attak will be tetected (?A<script>...</script>...b=c)

with best wishes
kontext

ps.:
a attack "...?A=B<script>...</script>...d
will be found, thats ok

[kontext]

The Callinr test Array is

$request = array
(
'REQUEST' => $_REQUEST,
'GET' => $_GET,
'POST' => $_POST,
'COOKIE' => $_COOKIE,
'FILE' => $_FILES,
'QUERY_STRING' => $_SERVER[ 'QUERY_STRING' ]
);

Kontet

[Philip Clarke]

Try this configuration

[code=php]
$request = array();
$request['REQUEST'] = $_REQUEST;
$request['GET'] = $_GET;
$request['POST'] = $_POST;
$request['COOKIE'] = $_COOKIE;
$request['FILES'] = $_FILES;
$request['QUERY_STRING'] = rawurldecode($_SERVER['QUERY_STRING']);

$init->config['General']['scan_keys'] = true;
[/code]

[.mario]

Hi!

There's also a bug connected to this behavior. PHPIDS will have this fixed - it's been fixed in the trunk too.

Greetings,
.mario

[kontext]

Hi

Thanks for help, it works!

with best wishes
kontext