From 1f2c7e9951db9028ce88dc7a48384219d70de988 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sat, 6 Jun 2020 13:40:11 +0200 Subject: [PATCH] Continued: - added a few strings that are uncommon in URLs and should not be allowed: + urlencode() is a PHP function + invokefunction should not be possible from remote MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- libs/lib_detector.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 8096763..1dc02b1 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -50,7 +50,7 @@ function initCrackerTrackerArrays () { $GLOBALS['ctracker_get_blacklist'] = [ // SQL injections 'union ', ' union', 'insert ', - 'select ', ' like', 'like ', 'drop ', 'update ', + 'select ', ' like', 'drop ', 'update ', 'union(', 'union=', // $GLOBAL/$_SERVER array elements @@ -71,7 +71,7 @@ function initCrackerTrackerArrays () { 'passwd ', ' passwd', 'mdir ', ' mdir', 'cp ', ' cp', 'esystem ', 'chr ', ' chr', 'wget ', ' wget', ' cmd', 'cmd ', ' rush', 'rush ', ' echr', 'echr ', ' getenv', - 'getenv', 'reboot ', 'halt ', 'powerdown ', + 'getenv', 'reboot ', 'halt ', 'powerdown ', 'invokefunction', // Other Linux programs (+ brace) 'locate(', 'grep(', 'kill(', 'mcd(', 'mrd(', 'rm(', 'mv(', 'rmdir(', @@ -103,7 +103,7 @@ function initCrackerTrackerArrays () { // PHP commands/scripts 'fopen', 'fwrite', 'phpinfo()', '\', 'base64_decode', 'file_put_contents', 'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru', - 'call_user_func', 'set_time_limit', + 'call_user_func', 'set_time_limit', 'urldecode', // Typical PHP script remote-inclusions and typical include file names '.inc.php', '.lib.php', '.class.php', 'config.php', '.inc', '_php', -- 2.39.5