LoFP / javascripts,css files and png files

Techniques

t1189

Sample rules

Cross Site Scripting Strings

source: sigma
technicques:
- t1189

Description

Detects XSS attempts injected via GET requests in access logs

Detection logic

condition: select_method and keywords and not filter
filter:
  sc-status: 404
keywords:
- =<script>
- =%3Cscript%3E
- =%253Cscript%253E
- '<iframe '
- '%3Ciframe '
- '<svg '
- '%3Csvg '
- document.cookie
- document.domain
- ' onerror='
- ' onresize='
- ' onload="'
- onmouseover=
- ${alert
- javascript:alert
- javascript%3Aalert
select_method:
  cs-method: GET