Continued:

- added a few strings that are uncommon in URLs and should not be allowed:
  + urlencode() is a PHP function
  + invokefunction should not be possible from remote

Signed-off-by: Roland Häder <roland@mxchange.org>

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 809676323605af9093d6f7c5b5a50020ceb860d2..1dc02b16b723680f9b4ef918a7918893d324a5bb 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -50,7 +50,7 @@ function initCrackerTrackerArrays () {
        $GLOBALS['ctracker_get_blacklist'] = [
                // SQL injections
                'union ', ' union', 'insert ',
-               'select ', ' like', 'like ', 'drop ', 'update ',
+               'select ', ' like', 'drop ', 'update ',
                'union(', 'union=',
 
                // $GLOBAL/$_SERVER array elements
@@ -71,7 +71,7 @@ function initCrackerTrackerArrays () {
                'passwd ', ' passwd', 'mdir ', ' mdir', 'cp ', ' cp',
                'esystem ', 'chr ', ' chr', 'wget ', ' wget', ' cmd',
                'cmd ', ' rush', 'rush ', ' echr', 'echr ', ' getenv',
-               'getenv', 'reboot ', 'halt ', 'powerdown ',
+               'getenv', 'reboot ', 'halt ', 'powerdown ', 'invokefunction',
 
                // Other Linux programs (+ brace)
                'locate(', 'grep(', 'kill(', 'mcd(', 'mrd(', 'rm(', 'mv(', 'rmdir(',
@@ -103,7 +103,7 @@ function initCrackerTrackerArrays () {
                // PHP commands/scripts
                'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
                'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
-               'call_user_func', 'set_time_limit',
+               'call_user_func', 'set_time_limit', 'urldecode',
 
                // Typical PHP script remote-inclusions and typical include file names
                '.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php',