Mercurial > hg > maltfilter
comparison maltfilter @ 111:4b3b1724c995
Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Tue, 23 Mar 2010 17:37:28 +0200 |
| parents | 4c394e57387d |
| children | ee4a55fb7d23 |
comparison
equal
deleted
inserted
replaced
| 110:9426920d91eb | 111:4b3b1724c995 |
|---|---|
| 133 if ($merr =~ /\.php\?\S*?=http:\/\/([^\/]+)/) { | 133 if ($merr =~ /\.php\?\S*?=http:\/\/([^\/]+)/) { |
| 134 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) { | 134 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) { |
| 135 if ($merr =~ /\.php\?\S*?=(http:\/\/[^\&\?]+\??)/) { | 135 if ($merr =~ /\.php\?\S*?=(http:\/\/[^\&\?]+\??)/) { |
| 136 evidence_queue($mip, $1, $merr); | 136 evidence_queue($mip, $1, $merr); |
| 137 } | 137 } |
| 138 check_add_hit($mip, $mdate, "PHP XSS", $merr, 6, $settings{"CHK_PHP_XSS"}); | 138 check_add_hit($mip, $mdate, "PHP XSS Include", $merr, 6, $settings{"CHK_PHP_XSS"}); |
| 139 } | 139 } |
| 140 } | 140 } |
| 141 # (3.2) Try to match proxy scanning attempts | 141 # (3.2) Try to match proxy scanning attempts |
| 142 elsif ($merr =~ /^http:\/\/([^\/]+)/) { | 142 elsif ($merr =~ /^http:\/\/([^\/]+)/) { |
| 143 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) { | 143 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) { |
| 144 check_add_hit($mip, $mdate, "Proxy scan", $merr, 6, $settings{"CHK_PROXY_SCAN"}); | 144 check_add_hit($mip, $mdate, "Proxy scan", $merr, 6, $settings{"CHK_PROXY_SCAN"}); |
| 145 } | 145 } |
| 146 } | |
| 147 # (3.3) Match for miscellaneous PHP XSS vulnerabilities | |
| 148 elsif ($merr =~ /\.php\?\S*?=(phpinfo\()/) { | |
| 149 check_add_hit($mip, $mdate, "PHP XSS Misc", $merr, 6, $settings{"CHK_PHP_XSS"}); | |
| 146 } | 150 } |
| 147 } | 151 } |
| 148 } | 152 } |
| 149 | 153 |
| 150 | 154 |