This should also not be used in URLs

author Roland Haeder <roland@mxchange.org>

Sat, 15 May 2010 07:37:33 +0000 (07:37 +0000)

committer Roland Haeder <roland@mxchange.org>

Sat, 15 May 2010 07:37:33 +0000 (07:37 +0000)
author Roland Haeder <roland@mxchange.org>
Sat, 15 May 2010 07:37:33 +0000 (07:37 +0000)
committer Roland Haeder <roland@mxchange.org>
Sat, 15 May 2010 07:37:33 +0000 (07:37 +0000)
diff --git a/libs/lib_detector.php b/libs/lib_detector.php

index c9ea38d027f9cf18741a341e9d65a2c4b89b436e..9ba34320582811687ea1474e0d863ed300440cae 100644 (file)
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -67,7 +67,7 @@ function initCrackerTrackerArrays () {
                 'div style=', 'overflow: auto', 'height: 1px', 'cc%20', 'admin_action=', 'path=', 'action=http',
                 'page=http', 'module=http', 'op=http', 'id=http', 'id%3Dhttp', 'action%3Dhttp', 'page%3Dhttp',
                 'module%3Dhttp', 'op%3Dhttp', 'starhack', '../../', 'directory=http', 'dir=http', 'busca', 'uol.com',
-               '=http://', '=https://','=ftp://'
+               '=http://', '=https://','=ftp://','_SESSION'
         );
  
         // Block these words found in POST requests
author	Roland Haeder <roland@mxchange.org>
	Sat, 15 May 2010 07:37:33 +0000 (07:37 +0000)
committer	Roland Haeder <roland@mxchange.org>
	Sat, 15 May 2010 07:37:33 +0000 (07:37 +0000)