# HG changeset patch # User Matti Hamalainen # Date 1269358648 -7200 # Node ID 4b3b1724c99570d6f365ad3f1f24bca56eccad67 # Parent 9426920d91ebed8ec8a0c3c55d46c797e49635bf Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans. diff -r 9426920d91eb -r 4b3b1724c995 maltfilter --- a/maltfilter Thu Nov 12 15:11:34 2009 +0200 +++ b/maltfilter Tue Mar 23 17:37:28 2010 +0200 @@ -135,7 +135,7 @@ if ($merr =~ /\.php\?\S*?=(http:\/\/[^\&\?]+\??)/) { evidence_queue($mip, $1, $merr); } - check_add_hit($mip, $mdate, "PHP XSS", $merr, 6, $settings{"CHK_PHP_XSS"}); + check_add_hit($mip, $mdate, "PHP XSS Include", $merr, 6, $settings{"CHK_PHP_XSS"}); } } # (3.2) Try to match proxy scanning attempts @@ -144,6 +144,10 @@ check_add_hit($mip, $mdate, "Proxy scan", $merr, 6, $settings{"CHK_PROXY_SCAN"}); } } + # (3.3) Match for miscellaneous PHP XSS vulnerabilities + elsif ($merr =~ /\.php\?\S*?=(phpinfo\()/) { + check_add_hit($mip, $mdate, "PHP XSS Misc", $merr, 6, $settings{"CHK_PHP_XSS"}); + } } }