From a50e2ae239661e1cbdefbfa3caa33a4b492d8355 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Tue, 30 Aug 2016 09:04:17 +0200 Subject: [PATCH] Added "detection" of open_basedir and php:// protocol: - common way to inject php.ini settings which overrides them and then try to inject external code (remote inclusion) - don't do such things as http://host.example/script.php?bla=php://input MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- libs/lib_detector.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libs/lib_detector.php b/libs/lib_detector.php index e4d27c4..b7b50e0 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -93,6 +93,7 @@ function initCrackerTrackerArrays () { // php.ini settings 'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode', + 'open_basedir', // PHP commands/scripts 'fopen', 'fwrite', 'phpinfo()', '\', 'base64_decode', 'file_put_contents', @@ -106,7 +107,7 @@ function initCrackerTrackerArrays () { '_phplib', '__callbackparam', // Generic remote inclusion - '=http://', '=https://', + '=http://', '=https://', '=php://', 'path=', 'sql=', '=%7BQUOT%7D', '=%5C', '=%22http','=%22ftp','=%22file','=%27http','=%27ftp', '=%27file', -- 2.39.5