projects / ctracker.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 42ff8df)
Sanitize request strings (also serialized POST data) from trickery like '//'
authorRoland Häder <roland@mxchange.org>
Thu, 28 Jul 2016 08:02:50 +0000 (10:02 +0200)
committerRoland Häder <roland@mxchange.org>
Thu, 28 Jul 2016 08:02:50 +0000 (10:02 +0200)
and '/./' where the attacker tries to circumvent checks.

Signed-off-by: Roland Häder <rhaeder@cho-time.de>
libs/lib_detector.php patch | blob | history

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 8a13ddaf271637f419fb5a4aacfb234ea92101b1..a59ae07a0cb6e6618fc558c38bd47913196f451c 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -173,8 +173,8 @@ function initCrackerTrackerArrays () {
 // Checks for worms
 function isCrackerTrackerWormDetected () {
        // Check against the whole list
-       $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerQueryString()));
-       $GLOBALS['ctracker_checked_ua']  = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', crackerTrackerUserAgent()));
+       $GLOBALS['ctracker_checked_get'] = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), crackerTrackerQueryString())));
+       $GLOBALS['ctracker_checked_ua']  = urldecode(str_ireplace($GLOBALS['ctracker_get_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), crackerTrackerUserAgent())));
 
        /*
         * If it differs to original and the *whole* request string is not in
@@ -199,7 +199,7 @@ function isCrackerTrackerPostAttackDetected () {
        $GLOBALS['ctracker_post_track'] = urldecode(implode_r('&', $_POST));
 
        // Check for suspicious POST data
-       $GLOBALS['ctracker_checked_post'] = urldecode(str_ireplace($GLOBALS['ctracker_post_blacklist'], '*', $GLOBALS['ctracker_post_track']));
+       $GLOBALS['ctracker_checked_post'] = urldecode(str_ireplace($GLOBALS['ctracker_post_blacklist'], '*', str_replace(array('//', '/./'), array('/', '/'), $GLOBALS['ctracker_post_track'])));
 
        // Is it detected?
        return ((isCrackerTrackerWormDetected()) || ($GLOBALS['ctracker_checked_post'] != $GLOBALS['ctracker_post_track']));
Cracker Tracker - Stand-alone - Extened Edition