From a50e2ae239661e1cbdefbfa3caa33a4b492d8355 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Tue, 30 Aug 2016 09:04:17 +0200
Subject: [PATCH] Added "detection" of open_basedir and php:// protocol: -
 common way to inject php.ini settings which overrides them and then try to  
 inject external code (remote inclusion) - don't do such things as
 http://host.example/script.php?bla=php://input
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Roland Häder <roland@mxchange.org>
---
 libs/lib_detector.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index e4d27c4..b7b50e0 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -93,6 +93,7 @@ function initCrackerTrackerArrays () {
 
 		// php.ini settings
 		'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode',
+		'open_basedir',
 
 		// PHP commands/scripts
 		'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
@@ -106,7 +107,7 @@ function initCrackerTrackerArrays () {
 		'_phplib', '__callbackparam',
 
 		// Generic remote inclusion
-		'=http://', '=https://',
+		'=http://', '=https://', '=php://',
 		'path=', 'sql=',
 		'=%7BQUOT%7D', '=%5C', '=%22http','=%22ftp','=%22file','=%27http','=%27ftp',
 		'=%27file',
-- 
2.39.2