diff options
| author | jvoisin | 2018-02-22 10:53:15 +0100 |
|---|---|---|
| committer | jvoisin | 2018-02-22 10:53:15 +0100 |
| commit | 4ce02663339b6b0976b69f041904b8610dd90cea (patch) | |
| tree | 413f8689a2ba8d8fa09da6825220a4ad22ee832b /config/rips.rules | |
| parent | 696ebc4ae68f4c7c2b803c917de365b98621b3a8 (diff) | |
Refactor a bit our rules
Diffstat (limited to 'config/rips.rules')
| -rw-r--r-- | config/rips.rules | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/config/rips.rules b/config/rips.rules index 9497528..52e3f27 100644 --- a/config/rips.rules +++ b/config/rips.rules | |||
| @@ -1,4 +1,33 @@ | |||
| 1 | sp.disable_function.function("define").filename_r("/static_pages/index.php").var("$_SERVER[PHP_SELF]").value_r("\"").drop(); | 1 | # AbanteCart 1.2.8 - Multiple SQL Injections <https://blog.ripstech.com/2016/abantecart-multiple-sql-injections> |
| 2 | sp.disable_function.function("ModelToolBackup::createBackupTask").filename_r("/admin/model/tool/backup.php").param("data[table_list]").value_r("'").drop(); | 2 | sp.disable_function.function("define").filename_r("/static_pages/index\\.php$").var("$_SERVER[PHP_SELF]").value_r("\"").drop(); |
| 3 | sp.disable_function.function("ALanguageManager::_clone_language_rows").filename_r("/core/lib/language_manager.php").param("from_language").value_r("[^0-9]").drop(); | 3 | sp.disable_function.function("ModelToolBackup::createBackupTask").filename_r("/admin/model/tool/backup\\.php$").param("data[table_list]").value_r("'").drop(); |
| 4 | sp.disable_function.function("ALanguageManager::_clone_language_rows").filename_r("/core/lib/language_manager\\.php$").param("from_language").value_r("[^0-9]").drop(); | ||
| 5 | |||
| 6 | |||
| 7 | # Redaxo 5.2.0: Remote Code Execution via CSRF <https://blog.ripstech.com/2016/redaxo-remote-code-execution-via-csrf> | ||
| 8 | # See <http://code.vtiger.com/vtiger/vtigercrm/commit/9b5c5338f80237ae072a06e1ba4a5cfcbfe063b0> for details | ||
| 9 | sp.disable_function.filename("/redaxo/src/addons/structure/pages/linkmap.php").function("substr").param("string").value_r("\"").drop(); | ||
| 10 | |||
| 11 | |||
| 12 | # Guest Post: Vtiger 6.5.0 - SQL Injection <https://blog.ripstech.com/2016/vtiger-sql-injection/> | ||
| 13 | sp.disable_function.filename("/modules/Calendar/Activity.php").function("save_module").param("query").value_r("[^0-9;]").drop(); | ||
| 14 | |||
| 15 | |||
| 16 | # The State of Wordpress Security <https://blog.ripstech.com/2016/the-state-of-wordpress-security> | ||
| 17 | # All In One WP Security & Firewall | ||
| 18 | sp.disable_function.filename("/admin/wp-security-dashboard-menu.php").function("render_tab3").var("_REQUEST[tab]").value_r("\"").drop(); | ||
| 19 | |||
| 20 | |||
| 21 | # PHPKit 1.6.6: Code Execution for Privileged Users <https://blog.ripstech.com/2016/phpkit-code-exection-for-privileged-users> | ||
| 22 | sp.disable_function.filename("/pkinc/func/default.php").function("move_uploaded_file").param("destination").value_r("\\.ph\\.+$").drop(); | ||
| 23 | |||
| 24 | |||
| 25 | # Coppermine 1.5.42: Second-Order Command Execution <https://blog.ripstech.com/2016/coppermine-second-order-command-execution> | ||
| 26 | sp.disable_function.filename("/include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]").value_r("[^a-z0-9]").drop(); | ||
| 27 | sp.disable_function.filename("/forgot_passwd.php").function("cpg_db_query").var("CLEAN[id]").value_r("[^a-z0-9]").drop(); | ||
| 28 | |||
| 29 | |||
| 30 | # CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html | ||
| 31 | sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop(); | ||
| 32 | sp.disable_function.filename("/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop(); | ||
| 4 | 33 | ||