From: Roland Häder <roland@mxchange.org>
Date: Tue, 30 Aug 2016 07:04:17 +0000 (+0200)
Subject: Added "detection" of open_basedir and php:// protocol:
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=a50e2ae239661e1cbdefbfa3caa33a4b492d8355;p=ctracker.git

Added "detection" of open_basedir and php:// protocol:
- common way to inject php.ini settings which overrides them and then try to
  inject external code (remote inclusion)
- don't do such things as http://host.example/script.php?bla=php://input

Signed-off-by: Roland Häder <roland@mxchange.org>
---

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index e4d27c4..b7b50e0 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -93,6 +93,7 @@ function initCrackerTrackerArrays () {
 
 		// php.ini settings
 		'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode',
+		'open_basedir',
 
 		// PHP commands/scripts
 		'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
@@ -106,7 +107,7 @@ function initCrackerTrackerArrays () {
 		'_phplib', '__callbackparam',
 
 		// Generic remote inclusion
-		'=http://', '=https://',
+		'=http://', '=https://', '=php://',
 		'path=', 'sql=',
 		'=%7BQUOT%7D', '=%5C', '=%22http','=%22ftp','=%22file','=%27http','=%27ftp',
 		'=%27file',