From d6d33e2e0bc5fd8a041bad14040819f438cfa71f Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Thu, 28 Jul 2016 11:53:13 +0200 Subject: [PATCH] Only for testing purposes the string is being sanitized, else http:// becomes http:/ and cannot be compared with http:// anymore MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Roland Häder --- ctracker.php | 3 -- libs/lib_ | 3 -- libs/lib_connect.php | 3 -- libs/lib_detector.php | 17 ++++------ libs/lib_general.php | 79 ++++++++++++++++++++++++++++++++----------- libs/lib_updates.php | 3 -- 6 files changed, 67 insertions(+), 41 deletions(-) diff --git a/ctracker.php b/ctracker.php index 8dc66da..b9f04d6 100644 --- a/ctracker.php +++ b/ctracker.php @@ -65,6 +65,3 @@ if (isCrackerTrackerWormDetected()) { // Close any open database links crackerTrackerCloseDatabaseLink(); - -// [EOF] -?> diff --git a/libs/lib_ b/libs/lib_ index 61077ca..0f877be 100644 --- a/libs/lib_ +++ b/libs/lib_ @@ -20,6 +20,3 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ - -// [EOF] -?> diff --git a/libs/lib_connect.php b/libs/lib_connect.php index 05a7de9..4885b2f 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -415,6 +415,3 @@ function freeCrackerTrackerResult (mysqli_result $result) { // Free result $result->free(); } - -// [EOF] -?> diff --git a/libs/lib_detector.php b/libs/lib_detector.php index 49b3976..02e4683 100644 --- a/libs/lib_detector.php +++ b/libs/lib_detector.php @@ -173,8 +173,8 @@ function initCrackerTrackerArrays () { // Checks for worms function isCrackerTrackerWormDetected () { // Check against the whole list - $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), crackerTrackerQueryString()))); - $GLOBALS['ctracker_checked_ua'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), crackerTrackerUserAgent()))); + $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString(TRUE))); + $GLOBALS['ctracker_checked_ua'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerUserAgent(TRUE))); /* * If it differs to original and the *whole* request string is not in @@ -182,12 +182,12 @@ function isCrackerTrackerWormDetected () { */ $isWorm = ( ( - $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString() && (!in_array(crackerTrackerQueryString(), $GLOBALS['ctracker_whitelist'])) + $GLOBALS['ctracker_checked_get'] != crackerTrackerQueryString(TRUE) && (!in_array(crackerTrackerQueryString(TRUE), $GLOBALS['ctracker_whitelist'])) ) || ( - $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent() + $GLOBALS['ctracker_checked_ua'] != crackerTrackerUserAgent(TRUE) ) ); - //* DEBUG-DIE: */ die('isWorm='.intval($isWorm).PHP_EOL.'get="'.$GLOBALS['ctracker_checked_get'].'"'.PHP_EOL.'"'.crackerTrackerQueryString().'"'.PHP_EOL.'ua="'.$GLOBALS['ctracker_checked_ua'].'"'.PHP_EOL.'"'.crackerTrackerUserAgent().'"'.PHP_EOL); + //* DEBUG-DIE: */ die('isWorm='.intval($isWorm).PHP_EOL.'get='.PHP_EOL.'"'.$GLOBALS['ctracker_checked_get'].'"'.PHP_EOL.'"'.crackerTrackerQueryString().'"'.PHP_EOL.'ua='.PHP_EOL.'"'.$GLOBALS['ctracker_checked_ua'].'"'.PHP_EOL.'"'.crackerTrackerUserAgent().'"'.PHP_EOL); // Return it return $isWorm; @@ -199,10 +199,10 @@ function isCrackerTrackerPostAttackDetected () { $GLOBALS['ctracker_post_track'] = urldecode(implode_r('&', $_POST)); // Check for suspicious POST data - $GLOBALS['ctracker_checked_post'] = urldecode(str_ireplace($GLOBALS['ctracker_post_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), $GLOBALS['ctracker_post_track']))); + $GLOBALS['ctracker_checked_post'] = urldecode(str_ireplace($GLOBALS['ctracker_post_blacklist'], '*', crackerTrackerSanitize($GLOBALS['ctracker_post_track']))); // Is it detected? - return ((isCrackerTrackerWormDetected()) || ($GLOBALS['ctracker_checked_post'] != $GLOBALS['ctracker_post_track'])); + return ((isCrackerTrackerWormDetected()) || ($GLOBALS['ctracker_checked_post'] != crackerTrackerSanitize($GLOBALS['ctracker_post_track']))); } // Prepares a mail and send it out @@ -393,6 +393,3 @@ function crackerTrackerAlertCurrentUser () { // And stop here die(); } - -// [EOF] -?> diff --git a/libs/lib_general.php b/libs/lib_general.php index 4180c9d..c13a569 100644 --- a/libs/lib_general.php +++ b/libs/lib_general.php @@ -143,7 +143,7 @@ function isCrackerTrackerProxyUsed () { } // Detects the user-agent string -function crackerTrackerUserAgent () { +function crackerTrackerUserAgent ($sanitize = FALSE) { // Default is 'unknown' $ua = 'unknown'; @@ -153,48 +153,81 @@ function crackerTrackerUserAgent () { $ua = crackerTrackerSecureString(urldecode($_SERVER['HTTP_USER_AGENT'])); } // END - if + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $ua = crackerTrackerSanitize($ua); + } // END - if + // Return it return $ua; } // Detects the script name -function crackerTrackerScriptName () { +function crackerTrackerScriptName ($sanitize = FALSE) { + // Default is NULL + $scriptName = NULL; + // Is it there? - if (!isset($_SERVER['SCRIPT_NAME'])) { + if (!empty($_SERVER['SCRIPT_NAME'])) { // Return NULL - return NULL; + $scriptName = crackerTrackerSecureString($_SERVER['SCRIPT_NAME']); } // END - if - // Should always be there! - return crackerTrackerSecureString($_SERVER['SCRIPT_NAME']); + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $scriptName = crackerTrackerSanitize($scriptName); + } // END - if + + // Return + return $scriptName; } // Detects the query string -function crackerTrackerQueryString () { +function crackerTrackerQueryString ($sanitize = FALSE) { + // Default is NULL + $query = NULL; + // Is it there? - if (!isset($_SERVER['QUERY_STRING'])) { + if (!empty($_SERVER['QUERY_STRING'])) { // Return NULL - return NULL; + $query = crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING'])); } // END - if - // Should always be there! - return crackerTrackerEscapeString(urldecode($_SERVER['QUERY_STRING'])); + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $query = crackerTrackerSanitize($query); + } // END - if + + // Return it + return $query; } // Detects the server's name -function crackerTrackerServerName () { +function crackerTrackerServerName ($sanitize = FALSE) { + // Default is NULL + $serverName = NULL; + // Is it there? - if (!isset($_SERVER['SERVER_NAME'])) { + if (!empty($_SERVER['SERVER_NAME'])) { // Return NULL - return NULL; + $serverName = crackerTrackerSecureString($_SERVER['SERVER_NAME']); } // END - if - // Should always be there! - return crackerTrackerSecureString($_SERVER['SERVER_NAME']); + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $serverName = crackerTrackerSanitize($serverName); + } // END - if + + // Return it + return $serverName; } // Detects the referer -function crackerTrackerReferer () { +function crackerTrackerReferer ($sanitize = FALSE) { // Default is a dash $referer = '-'; @@ -204,6 +237,12 @@ function crackerTrackerReferer () { $referer = crackerTrackerSecureString(urldecode($_SERVER['HTTP_REFERER'])); } // END - if + // Sanitize it? + if ($sanitize === TRUE) { + // Sanitize ... + $referer = crackerTrackerSanitize($referer); + } // END - if + // Return it return $referer; } @@ -545,5 +584,7 @@ function unsetCtrackerData () { } // END - foreach } -// [EOF] -?> +// Sanitizes string +function crackerTrackerSanitize ($str) { + return str_replace(array('//', '/./'), array('/', '/'), $str); +} diff --git a/libs/lib_updates.php b/libs/lib_updates.php index dc0cd67..72b8e23 100644 --- a/libs/lib_updates.php +++ b/libs/lib_updates.php @@ -101,6 +101,3 @@ function runCrackerTrackerUpdates ($update) { runCrackerTrackerSql($sql, __FUNCTION__, __LINE__); } // END - foreach } - -// [EOF] -?> -- 2.39.5