'bin/./tclsh', 'bin/nasm', 'bin/./nasm', '/perl', 'perl ', 'cmd.exe',
'nc.exe', 'ftp.exe',
+ // php.ini settings
+ 'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode',
+
// PHP commands/scripts
'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>',
// Windows XP (?) hacks
'xp_enumdsn', 'xp_availablemedia', 'xp_filelist', 'xp_cmdshell',
+ // Attempts to insert links into a badly secured URL
+ '%3E%3C',
+
+ // /proc/ and other forbidden paths
+ 'proc/self/environ',
+
// @TODO Misc/unsorted
'cgi-', '.eml', '$_request', '$_get', '$request', '$get', '.system',
'&aim', 'new_password', '&icq', '.conf', 'motd ', 'HTTP/1.',
'wwwacl', '.js', '.jsp', 'server-info', 'server-status',
'secure_site, ok', 'chunked', 'org.apache', '/servlet/con',
'<script', 'mod_gzip_status', '.system', 'http_',
- 'uol.com', ',0x', '(0x',
+ 'uol.com', ',0x', '(0x'
);
// Block these words found in POST requests
if (isset($GLOBALS['ctracker_last_suspicious_entry'])) {
// Does the user have a ticket?
if (ifCrackerTrackerIpHasTicket()) {
- // Should we continue?
- if (isset($_POST['ctracker_continue'])) {
- // Set cookie
- sendCrackerTrackerCookie();
-
- // And redirect to same URL
- crackerTrackerRedirectSameUrl();
- } elseif (ifCrackerTrackerCookieIsSet()) {
- // Return here to normal program
- return;
- } else {
- // Load "Thank you" template
- crackerTrackerLoadTemplate('add_ticket_thanks');
- }
+ // Load "Thank you" template
+ crackerTrackerLoadTemplate('add_ticket_thanks');
} elseif ((isset($_POST['ctracker_add_ticket'])) && (!empty($_POST['name'])) && (!empty($_POST['email']))) {
// Add the ticket
addCrackerTrackerTicket($_POST);