I’ve whitelisted it in the actual firewall alerts, but the problem with this is that the whitelist is too specific and even narrowed to the theme I’m using. Since I’m working with a lot of sites this solution is not effective because each whitelist is different.
Whitelist I’ve tried:
Param: POST Body
Param name: request.body[request.body[schema][mts_header_code]] (too specific schema is the theme I was using on that website)
I’ve also tried obfuscating the JS code with no sucess. I’m very thankful for any insights and suggestions you guys do, thank you very much.
Posted Thu Mar 23 2017 8:45pm by mkhunt