Mercurial > hg > maltfilter
comparison maltfilter @ 111:4b3b1724c995
Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Tue, 23 Mar 2010 17:37:28 +0200 |
parents | 4c394e57387d |
children | ee4a55fb7d23 |
comparison
equal
deleted
inserted
replaced
110:9426920d91eb | 111:4b3b1724c995 |
---|---|
133 if ($merr =~ /\.php\?\S*?=http:\/\/([^\/]+)/) { | 133 if ($merr =~ /\.php\?\S*?=http:\/\/([^\/]+)/) { |
134 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) { | 134 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) { |
135 if ($merr =~ /\.php\?\S*?=(http:\/\/[^\&\?]+\??)/) { | 135 if ($merr =~ /\.php\?\S*?=(http:\/\/[^\&\?]+\??)/) { |
136 evidence_queue($mip, $1, $merr); | 136 evidence_queue($mip, $1, $merr); |
137 } | 137 } |
138 check_add_hit($mip, $mdate, "PHP XSS", $merr, 6, $settings{"CHK_PHP_XSS"}); | 138 check_add_hit($mip, $mdate, "PHP XSS Include", $merr, 6, $settings{"CHK_PHP_XSS"}); |
139 } | 139 } |
140 } | 140 } |
141 # (3.2) Try to match proxy scanning attempts | 141 # (3.2) Try to match proxy scanning attempts |
142 elsif ($merr =~ /^http:\/\/([^\/]+)/) { | 142 elsif ($merr =~ /^http:\/\/([^\/]+)/) { |
143 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) { | 143 if (!check_hosts($settings{"CHK_GOOD_HOSTS"}, $1)) { |
144 check_add_hit($mip, $mdate, "Proxy scan", $merr, 6, $settings{"CHK_PROXY_SCAN"}); | 144 check_add_hit($mip, $mdate, "Proxy scan", $merr, 6, $settings{"CHK_PROXY_SCAN"}); |
145 } | 145 } |
146 } | |
147 # (3.3) Match for miscellaneous PHP XSS vulnerabilities | |
148 elsif ($merr =~ /\.php\?\S*?=(phpinfo\()/) { | |
149 check_add_hit($mip, $mdate, "PHP XSS Misc", $merr, 6, $settings{"CHK_PHP_XSS"}); | |
146 } | 150 } |
147 } | 151 } |
148 } | 152 } |
149 | 153 |
150 | 154 |