From 7f7f37f90873f7a29735f58b2271525029efdbd5 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Fri, 26 Jul 2013 19:22:10 +0000 Subject: [PATCH] Just '/group' was to restrictive (e.g. breaks StatusNet) --- libs/lib_detector.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 44d1818..e07fa7b 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -53,8 +53,10 @@ function initCrackerTrackerArrays () { 'DOCUMENT_ROOT', '_SERVER', // Sensitive files - '/environ', '/shadow', '/gshadow', '/passwd', '/group', '.htaccess', - '.htpasswd', '.htgroup', '.history', 'bash_history', 'bashrc', + '/environ', 'etc/shadow', 'etc/gshadow', 'etc/passwd', 'etc/group', + 'etc/./shadow', 'etc/./gshadow', 'etc/./passwd', 'etc/./group', + '.htaccess', '.htpasswd', '.htgroup', '.history', 'bash_history', + 'bashrc', // Other Linux/FreeBSD/??? programs (sometimes with space) 'traceroute%20', 'ping%20', 'bin/xterm', 'bin/./xterm', 'lsof%20', -- 2.39.5