Add an example rule from the rips calendar for abantecart's XSS

author: kjojo 2018-02-07 17:59:39 +0100
committer: jvoisin 2018-02-07 17:59:39 +0100
commit: 07e6e4ed521bfb61b2712631b50b3467675aedea (patch)
tree: 4b52b6a3582992ce50f776e245b42c1e3ad8386d
parent: 9c2c9d805d92c846f472f994efb50e1ad2fb60b6 (diff)
2 files changed, 13 insertions, 0 deletions
diff --git a/config/rips.rules b/config/rips.rules
new file mode 100644
index 0000000..c1e3822
--- /dev/null
+++ b/config/rips.rules
@@ -0,0 +1 @@
+sp.disable_function.function("define").filename_r("/static_pages/index.php").var("$_SERVER[PHP_SELF]").value_r("\"").drop();
diff --git a/src/tests/rips_configuration.phpt b/src/tests/rips_configuration.phpt
new file mode 100644
index 0000000..31d1266
--- /dev/null
+++ b/src/tests/rips_configuration.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Shipped configuration (rips)
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/../../config/rips.rules
+--FILE--
+<?php 
+system("echo 0");
+?>
+--EXPECTF--
+0
author	kjojo	2018-02-07 17:59:39 +0100
committer	jvoisin	2018-02-07 17:59:39 +0100
commit	07e6e4ed521bfb61b2712631b50b3467675aedea (patch)
tree	4b52b6a3582992ce50f776e245b42c1e3ad8386d
parent	9c2c9d805d92c846f472f994efb50e1ad2fb60b6 (diff)

diff --git a/config/rips.rules b/config/rips.rules new file mode 100644 index 0000000..c1e3822 --- /dev/null +++ b/config/rips.rules
@@ -0,0 +1 @@
		sp.disable_function.function("define").filename_r("/static_pages/index.php").var("$_SERVER[PHP_SELF]").value_r("\"").drop();


diff --git a/src/tests/rips_configuration.phpt b/src/tests/rips_configuration.phpt new file mode 100644 index 0000000..31d1266 --- /dev/null +++ b/src/tests/rips_configuration.phpt
@@ -0,0 +1,12 @@
	1	--TEST--
	2	Shipped configuration (rips)
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/../../config/rips.rules
	7	--FILE--
	8	<?php
	9	system("echo 0");
	10	?>
	11	--EXPECTF--
	12	0