summaryrefslogtreecommitdiff
path: root/config/default_php8.rules
diff options
context:
space:
mode:
authorTristan Deloche2021-04-27 20:52:42 +0100
committerGitHub2021-04-27 19:52:42 +0000
commita3feae2fb319899d13ab5013f510b51ce20b4db4 (patch)
tree0929fe626d4904ccf0ba16b00cac9331909b9fe9 /config/default_php8.rules
parent24e3f3d80a62fc32b986a2493d4d85be9aa6a6e2 (diff)
Update some parameter names which changed for PHP 8.0
Diffstat (limited to '')
-rw-r--r--config/default_php8.rules32
1 files changed, 16 insertions, 16 deletions
diff --git a/config/default_php8.rules b/config/default_php8.rules
index 5517eb7..fa3120e 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -23,7 +23,7 @@ sp.disable_xxe.enable();
23# Only allow execution of read-only files. This is a low-hanging fruit that you should enable. 23# Only allow execution of read-only files. This is a low-hanging fruit that you should enable.
24# sp.readonly_exec.enable(); 24# sp.readonly_exec.enable();
25 25
26# Php has a lot of wrappers, most of them aren't usually useful, you should 26# Php has a lot of wrappers, most of them aren't usually useful, you should
27# only enable the ones you're using. 27# only enable the ones you're using.
28# sp.wrappers_whitelist.list("file,php,phar"); 28# sp.wrappers_whitelist.list("file,php,phar");
29 29
@@ -41,14 +41,14 @@ sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").dr
41sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop(); 41sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
42 42
43# Since it's now burned, me might as well mitigate it publicly 43# Since it's now burned, me might as well mitigate it publicly
44sp.disable_function.function("putenv").param("setting").value_r("LD_").drop() 44sp.disable_function.function("putenv").param("assignment").value_r("LD_").drop()
45 45
46# This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80 46# This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80
47sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop() 47sp.disable_function.function("putenv").param("assignment").value_r("GCONV_").drop()
48 48
49# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector 49# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector
50sp.disable_function.function("extract").param("var_array").value_r("^_").drop() 50sp.disable_function.function("extract").param("array").value_r("^_").drop()
51sp.disable_function.function("extract").param("extract_type").value("0").drop() 51sp.disable_function.function("extract").param("flags").value("0").drop()
52 52
53# This is also burned: 53# This is also burned:
54# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd')); 54# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));
@@ -80,22 +80,22 @@ sp.disable_function.function("ini_set").param("option").value("memory_limit").dr
80sp.disable_function.function("ini_set").param("option").value("include_path").drop(); 80sp.disable_function.function("ini_set").param("option").value("include_path").drop();
81sp.disable_function.function("ini_set").param("option").value("open_basedir").drop(); 81sp.disable_function.function("ini_set").param("option").value("open_basedir").drop();
82 82
83# Detect some backdoors via environnement recon 83# Detect some backdoors via environment recon
84sp.disable_function.function("ini_get").param("varname").value("allow_url_fopen").drop(); 84sp.disable_function.function("ini_get").param("option").value("allow_url_fopen").drop();
85sp.disable_function.function("ini_get").param("varname").value("open_basedir").drop(); 85sp.disable_function.function("ini_get").param("option").value("open_basedir").drop();
86sp.disable_function.function("ini_get").param("varname").value_r("suhosin").drop(); 86sp.disable_function.function("ini_get").param("option").value_r("suhosin").drop();
87sp.disable_function.function("function_exists").param("function").value("eval").drop(); 87sp.disable_function.function("function_exists").param("function").value("eval").drop();
88sp.disable_function.function("function_exists").param("function").value("exec").drop(); 88sp.disable_function.function("function_exists").param("function").value("exec").drop();
89sp.disable_function.function("function_exists").param("function").value("system").drop(); 89sp.disable_function.function("function_exists").param("function").value("system").drop();
90sp.disable_function.function("function_exists").param("function").value("shell_exec").drop(); 90sp.disable_function.function("function_exists").param("function").value("shell_exec").drop();
91sp.disable_function.function("function_exists").param("function").value("proc_open").drop(); 91sp.disable_function.function("function_exists").param("function").value("proc_open").drop();
92sp.disable_function.function("function_exists").param("function").value("passthru").drop(); 92sp.disable_function.function("function_exists").param("function").value("passthru").drop();
93sp.disable_function.function("is_callable").param("var").value("eval").drop(); 93sp.disable_function.function("is_callable").param("value").value("eval").drop();
94sp.disable_function.function("is_callable").param("var").value("exec").drop(); 94sp.disable_function.function("is_callable").param("value").value("exec").drop();
95sp.disable_function.function("is_callable").param("var").value("system").drop(); 95sp.disable_function.function("is_callable").param("value").value("system").drop();
96sp.disable_function.function("is_callable").param("var").value("shell_exec").drop(); 96sp.disable_function.function("is_callable").param("value").value("shell_exec").drop();
97sp.disable_function.function("is_callable").param("var").value("proc_open").drop(); 97sp.disable_function.function("is_callable").param("value").value("proc_open").drop();
98sp.disable_function.function("is_callable").param("var").value("passthru").drop(); 98sp.disable_function.function("is_callable").param("value").value("passthru").drop();
99 99
100# Commenting sqli related stuff to improve performance. 100# Commenting sqli related stuff to improve performance.
101# TODO figure out why these functions can't be hooked at startup 101# TODO figure out why these functions can't be hooked at startup
@@ -136,7 +136,7 @@ sp.disable_function.function("curl_setopt").param("value").value("2").allow();
136sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off."); 136sp.disable_function.function("curl_setopt").param("option").value("64").drop().alias("Please don't turn CURLOPT_SSL_VERIFYCLIENT off.");
137sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off."); 137sp.disable_function.function("curl_setopt").param("option").value("81").drop().alias("Please don't turn CURLOPT_SSL_VERIFYHOST off.");
138 138
139#File upload 139# File upload
140sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop(); 140sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
141sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop(); 141sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
142 142