Mercurial > hg > maltfilter
changeset 111:4b3b1724c995
Added check for miscellaneous PHP XSS vulnerabilities, and renamed PHP XSS class to "PHP XSS Include", because it checks for include type XSS vulnerability scans.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Tue, 23 Mar 2010 17:37:28 +0200 |
| parents | 9426920d91eb |
| children | ee4a55fb7d23 |
| files | maltfilter |
| diffstat | 1 files changed, 5 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/maltfilter Thu Nov 12 15:11:34 2009 +0200 +++ b/maltfilter Tue Mar 23 17:37:28 2010 +0200 @@ -135,7 +135,7 @@ if ($merr =~ /\.php\?\S*?=(http:\/\/[^\&\?]+\??)/) { evidence_queue($mip, $1, $merr); } - check_add_hit($mip, $mdate, "PHP XSS", $merr, 6, $settings{"CHK_PHP_XSS"}); + check_add_hit($mip, $mdate, "PHP XSS Include", $merr, 6, $settings{"CHK_PHP_XSS"}); } } # (3.2) Try to match proxy scanning attempts @@ -144,6 +144,10 @@ check_add_hit($mip, $mdate, "Proxy scan", $merr, 6, $settings{"CHK_PROXY_SCAN"}); } } + # (3.3) Match for miscellaneous PHP XSS vulnerabilities + elsif ($merr =~ /\.php\?\S*?=(phpinfo\()/) { + check_add_hit($mip, $mdate, "PHP XSS Misc", $merr, 6, $settings{"CHK_PHP_XSS"}); + } } }