Continued:

- esystem is, well, system is better to look for
- block content-type header-insertion

Signed-off-by: Roland Häder <rhaeder@cho-time.de>

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index 5ed9917842e8886f5390ce17cfb0c246078fb631..8a13ddaf271637f419fb5a4aacfb234ea92101b1 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -73,7 +73,7 @@ function initCrackerTrackerArrays () {
                // Other Linux programs (+ brace)
                'locate(', 'grep(', 'kill(', 'mcd(', 'mrd(', 'rm(', 'mv(', 'rmdir(',
                'chmod(', 'chmod(', 'chown(', 'chgrp(', 'passwd(', 'vi(', 'cp(',
-               'mdir(', 'esystem(', 'chr(', 'wget(', 'rush(', 'echr(',
+               'mdir(', 'system(', 'chr(', 'wget(', 'rush(', 'echr(',
 
                // Other Linux programs (+ equal)
                'mcd=', 'mrd=', 'chmod=', 'chr=', 'rush=', 'echr=',
@@ -135,6 +135,9 @@ function initCrackerTrackerArrays () {
                // Attempts to insert links into a badly secured URL
                '%3E%3C',
 
+               // Request header being inserted
+               'content-type',
+
                // /proc/ and other forbidden paths
                'proc/self/environ',