s/disable_functions/disable_function/g

This should close #36 and #30
author: jvoisin 2017-10-11 11:40:02 +0200
committer: jvoisin 2017-10-11 11:40:02 +0200
commit: e44b3b6b6ab1af61f9abc210546700e30aeff19c (patch)
tree: 408b7b079fc719ba686673e88daca939e0573565 /config
parent: 0e9086030f36f13a4007ae9e111fdcfbc40edbb1 (diff)
2 files changed, 54 insertions, 54 deletions
diff --git a/config/default.ini b/config/default.ini
index 0f67632..88398c1 100644
--- a/config/default.ini
+++ b/config/default.ini
@@ -1,54 +1,54 @@
 # Harden the `chmod` function
-sp.disable_functions.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
+sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
-sp.disable_functions.function("chmod").param("mode").value_r("o\\+w$").drop();
+sp.disable_function.function("chmod").param("mode").value_r("o\\+w$").drop();
 # Prevent various `mail`-related vulnerabilities
-sp.disable_functions.function("mail").param("additional_parameters").value_r("\\-").drop();
+sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
 ##Prevent various `include`-related vulnerabilities
-sp.disable_functions.function_r("^(?:require|include)_once$").value_r("\\.(?:php|php7|inc|tpl)$").allow();
+sp.disable_function.function_r("^(?:require|include)_once$").value_r("\\.(?:php|php7|inc|tpl)$").allow();
-sp.disable_functions.function_r("^require|include$").value_r("\\.(?:php|php7|inc|tpl)$").allow();
+sp.disable_function.function_r("^require|include$").value_r("\\.(?:php|php7|inc|tpl)$").allow();
-sp.disable_functions.function_r("^(?:require|include)_once$").drop();
+sp.disable_function.function_r("^(?:require|include)_once$").drop();
-sp.disable_functions.function_r("^require|include$").drop();
+sp.disable_function.function_r("^require|include$").drop();
 # Prevent `system`-related injections
-sp.disable_functions.function("system").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("system").param("command").value_r("[$|;&`\\n]").drop();
-sp.disable_functions.function("shell_exec").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n]").drop();
-sp.disable_functions.function("exec").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n]").drop();
-sp.disable_functions.function("proc_open").param("command").value_r("[$|;&`\\n]").drop();
+sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n]").drop();
 # Prevent runtime modification of interesting things
-sp.disable_functions.function("ini_set").param("var_name").value("assert.active").drop();
+sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();
-sp.disable_functions.function("ini_set").param("var_name").value("zend.assertions").drop();
+sp.disable_function.function("ini_set").param("var_name").value("zend.assertions").drop();
-sp.disable_functions.function("ini_set").param("var_name").value("memory_limit").drop();
+sp.disable_function.function("ini_set").param("var_name").value("memory_limit").drop();
-sp.disable_functions.function("ini_set").param("var_name").value("include_path").drop();
+sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();
-sp.disable_functions.function("ini_set").param("var_name").value("open_basedir").drop();
+sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
 # Detect some backdoors via environnement recon
-sp.disable_functions.function("ini_get").param("var_name").value_r("(?:allow_url_fopen|open_basedir|suhosin)").drop();
+sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_fopen|open_basedir|suhosin)").drop();
-sp.disable_functions.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop();
+sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop();
-sp.disable_functions.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
+sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
 # Ghetto sqli hardening
-sp.disable_functions.function_r("mysqli?_query").param("query").value_r("/\\*").drop();
+sp.disable_function.function_r("mysqli?_query").param("query").value_r("/\\*").drop();
-sp.disable_functions.function_r("mysqli?_query").param("query").value_r("--").drop();
+sp.disable_function.function_r("mysqli?_query").param("query").value_r("--").drop();
-sp.disable_functions.function_r("mysqli?_query").param("query").value_r("#").drop();
+sp.disable_function.function_r("mysqli?_query").param("query").value_r("#").drop();
-sp.disable_functions.function_r("mysqli?_query").param("query").value_r(";.*;").drop();
+sp.disable_function.function_r("mysqli?_query").param("query").value_r(";.*;").drop();
-sp.disable_functions.function_r("mysqli?_query").param("query").value_r("benchmark").drop();
+sp.disable_function.function_r("mysqli?_query").param("query").value_r("benchmark").drop();
-sp.disable_functions.function_r("mysqli?_query").param("query").value_r("sleep").drop();
+sp.disable_function.function_r("mysqli?_query").param("query").value_r("sleep").drop();
-sp.disable_functions.function_r("mysqli?_query").param("query").value_r("information_schema").drop();
+sp.disable_function.function_r("mysqli?_query").param("query").value_r("information_schema").drop();
-sp.disable_functions.function("PDO::query").param("query").value_r("/\\*").drop();
+sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
-sp.disable_functions.function("PDO::query").param("query").value_r("--").drop();
+sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
-sp.disable_functions.function("PDO::query").param("query").value_r("#").drop();
+sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
-sp.disable_functions.function("PDO::query").param("query").value_r(";.*;").drop();
+sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
-sp.disable_functions.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
+sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
-sp.disable_functions.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
+sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
-sp.disable_functions.function("PDO::query").param("query").value_r("information_schema").drop();
+sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop();
 # Ghetto sqli detection
-sp.disable_functions.function_r("mysqli?_query").ret("FALSE").drop();
+sp.disable_function.function_r("mysqli?_query").ret("FALSE").drop();
-sp.disable_functions.function_r("PDO::query").ret("FALSE").drop();
+sp.disable_function.function_r("PDO::query").ret("FALSE").drop();
 #File upload
-sp.disable_functions.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
+sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
-sp.disable_functions.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
+sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
diff --git a/config/examples.ini b/config/examples.ini
index d7599fb..c522f1a 100644
--- a/config/examples.ini
+++ b/config/examples.ini
@@ -1,47 +1,47 @@
 # Restrict system calls to specific file
-sp.disable_functions.function("system").filename("update.php").allow();
+sp.disable_function.function("system").filename("update.php").allow();
-sp.disable_functions.function("system").drop();
+sp.disable_function.function("system").drop();
   
 # Restrict system calls to specific file with a specific hash
-sp.disable_functions.function("system").filename("update.php").hash("d27c6c5686bc129716b6aac8dfefe2d519a80eb6cc144e97ad42c728d423eed0").allow();
+sp.disable_function.function("system").filename("update.php").hash("d27c6c5686bc129716b6aac8dfefe2d519a80eb6cc144e97ad42c728d423eed0").allow();
-sp.disable_functions.function("system").drop();
+sp.disable_function.function("system").drop();
 # AbanteCart 1.2.8 - Multiple SQL Injections <https://blog.ripstech.com/2016/abantecart-multiple-sql-injections>
-sp.disable_functions.filename("static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS");
+sp.disable_function.filename("static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS");
-sp.disable_functions.filename("core/lib/language_manager.php").function("ALanguageManager>_clone_language_rows").param("from_language").value_r("[^0-9]").drop();
+sp.disable_function.filename("core/lib/language_manager.php").function("ALanguageManager>_clone_language_rows").param("from_language").value_r("[^0-9]").drop();
-sp.disable_functions.filename("admin/model/tool/backup.php").function("ModelToolBackup>createBackupTask").param("data[table_list]").value_r("'").drop();
+sp.disable_function.filename("admin/model/tool/backup.php").function("ModelToolBackup>createBackupTask").param("data[table_list]").value_r("'").drop();
 # Redaxo 5.2.0: Remote Code Execution via CSRF <https://blog.ripstech.com/2016/redaxo-remote-code-execution-via-csrf>
 # See <http://code.vtiger.com/vtiger/vtigercrm/commit/9b5c5338f80237ae072a06e1ba4a5cfcbfe063b0> for details
-sp.disable_functions.filename("redaxo/src/addons/structure/pages/linkmap.php").function("substr").param("string").value_r("\"").drop();
+sp.disable_function.filename("redaxo/src/addons/structure/pages/linkmap.php").function("substr").param("string").value_r("\"").drop();
 # Guest Post: Vtiger 6.5.0 - SQL Injection <https://blog.ripstech.com/2016/vtiger-sql-injection/>
-sp.disable_functions.filename("modules/Calendar/Activity.php").function("save_module").param("query").value_r("[^0-9;]").drop();
+sp.disable_function.filename("modules/Calendar/Activity.php").function("save_module").param("query").value_r("[^0-9;]").drop();
 # The State of Wordpress Security <https://blog.ripstech.com/2016/the-state-of-wordpress-security>
 # All In One WP Security & Firewall
-sp.disable_functions.filename("admin/wp-security-dashboard-menu.php").function("render_tab3").var("_REQUEST[tab]]").value_r("\"").drop();
+sp.disable_function.filename("admin/wp-security-dashboard-menu.php").function("render_tab3").var("_REQUEST[tab]]").value_r("\"").drop();
 # PHPKit 1.6.6: Code Execution for Privileged Users <https://blog.ripstech.com/2016/phpkit-code-exection-for-privileged-users>
-sp.disable_functions.filename("pkinc/func/default.php").function("move_uploaded_file").param("destination").value_r("\\.ph\\.+$").drop();
+sp.disable_function.filename("pkinc/func/default.php").function("move_uploaded_file").param("destination").value_r("\\.ph\\.+$").drop();
 # Coppermine 1.5.42: Second-Order Command Execution <https://blog.ripstech.com/2016/coppermine-second-order-command-execution>
-sp.disable_functions.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop();
+sp.disable_function.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop();
-sp.disable_functions.filename("forgot_passwd.php").function("cpg_db_query").var("CLEAN[id]").value_r("[^a-z0-9]").drop();
+sp.disable_function.filename("forgot_passwd.php").function("cpg_db_query").var("CLEAN[id]").value_r("[^a-z0-9]").drop();
 # CVE-2014-1610 - Mediawiki RCE
-sp.disable_functions.filename("includes/media/DjVu.php")
+sp.disable_function.filename("includes/media/DjVu.php")
-sp.disable_functions.filename("includes/media/ImageHandler.php").var("_GET[page]").value_r("[^0-9]").drop()
+sp.disable_function.filename("includes/media/ImageHandler.php").var("_GET[page]").value_r("[^0-9]").drop()
 # CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
-sp.disable_functions.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();
+sp.disable_function.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();
-sp.disable_functions.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop();
-\ No newline at end of file
+sp.disable_function.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop();
+\ No newline at end of file
author	jvoisin	2017-10-11 11:40:02 +0200
committer	jvoisin	2017-10-11 11:40:02 +0200
commit	e44b3b6b6ab1af61f9abc210546700e30aeff19c (patch)
tree	408b7b079fc719ba686673e88daca939e0573565 /config
parent	0e9086030f36f13a4007ae9e111fdcfbc40edbb1 (diff)

diff --git a/config/default.ini b/config/default.ini index 0f67632..88398c1 100644 --- a/config/default.ini +++ b/config/default.ini
@@ -1,54 +1,54 @@
1	# Harden the `chmod` function	1	# Harden the `chmod` function
2	sp.disable_functions.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();	2	sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
3	sp.disable_functions.function("chmod").param("mode").value_r("o\\+w$").drop();	3	sp.disable_function.function("chmod").param("mode").value_r("o\\+w$").drop();
4		4
5	# Prevent various `mail`-related vulnerabilities	5	# Prevent various `mail`-related vulnerabilities
6	sp.disable_functions.function("mail").param("additional_parameters").value_r("\\-").drop();	6	sp.disable_function.function("mail").param("additional_parameters").value_r("\\-").drop();
7		7
8	##Prevent various `include`-related vulnerabilities	8	##Prevent various `include`-related vulnerabilities
9	sp.disable_functions.function_r("^(?:require\|include)_once$").value_r("\\.(?:php\|php7\|inc\|tpl)$").allow();	9	sp.disable_function.function_r("^(?:require\|include)_once$").value_r("\\.(?:php\|php7\|inc\|tpl)$").allow();
10	sp.disable_functions.function_r("^require\|include$").value_r("\\.(?:php\|php7\|inc\|tpl)$").allow();	10	sp.disable_function.function_r("^require\|include$").value_r("\\.(?:php\|php7\|inc\|tpl)$").allow();
11	sp.disable_functions.function_r("^(?:require\|include)_once$").drop();	11	sp.disable_function.function_r("^(?:require\|include)_once$").drop();
12	sp.disable_functions.function_r("^require\|include$").drop();	12	sp.disable_function.function_r("^require\|include$").drop();
13		13
14	# Prevent `system`-related injections	14	# Prevent `system`-related injections
15	sp.disable_functions.function("system").param("command").value_r("[$\|;&`\\n]").drop();	15	sp.disable_function.function("system").param("command").value_r("[$\|;&`\\n]").drop();
16	sp.disable_functions.function("shell_exec").param("command").value_r("[$\|;&`\\n]").drop();	16	sp.disable_function.function("shell_exec").param("command").value_r("[$\|;&`\\n]").drop();
17	sp.disable_functions.function("exec").param("command").value_r("[$\|;&`\\n]").drop();	17	sp.disable_function.function("exec").param("command").value_r("[$\|;&`\\n]").drop();
18	sp.disable_functions.function("proc_open").param("command").value_r("[$\|;&`\\n]").drop();	18	sp.disable_function.function("proc_open").param("command").value_r("[$\|;&`\\n]").drop();
19		19
20	# Prevent runtime modification of interesting things	20	# Prevent runtime modification of interesting things
21	sp.disable_functions.function("ini_set").param("var_name").value("assert.active").drop();	21	sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();
22	sp.disable_functions.function("ini_set").param("var_name").value("zend.assertions").drop();	22	sp.disable_function.function("ini_set").param("var_name").value("zend.assertions").drop();
23	sp.disable_functions.function("ini_set").param("var_name").value("memory_limit").drop();	23	sp.disable_function.function("ini_set").param("var_name").value("memory_limit").drop();
24	sp.disable_functions.function("ini_set").param("var_name").value("include_path").drop();	24	sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();
25	sp.disable_functions.function("ini_set").param("var_name").value("open_basedir").drop();	25	sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
26		26
27	# Detect some backdoors via environnement recon	27	# Detect some backdoors via environnement recon
28	sp.disable_functions.function("ini_get").param("var_name").value_r("(?:allow_url_fopen\|open_basedir\|suhosin)").drop();	28	sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_fopen\|open_basedir\|suhosin)").drop();
29	sp.disable_functions.function("function_exists").param("function_name").value_r("(?:eval\|exec\|system)").drop();	29	sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval\|exec\|system)").drop();
30	sp.disable_functions.function("is_callable").param("var").value_r("(?:eval\|exec\|system)").drop();	30	sp.disable_function.function("is_callable").param("var").value_r("(?:eval\|exec\|system)").drop();
31		31
32	# Ghetto sqli hardening	32	# Ghetto sqli hardening
33	sp.disable_functions.function_r("mysqli?_query").param("query").value_r("/\\*").drop();	33	sp.disable_function.function_r("mysqli?_query").param("query").value_r("/\\*").drop();
34	sp.disable_functions.function_r("mysqli?_query").param("query").value_r("--").drop();	34	sp.disable_function.function_r("mysqli?_query").param("query").value_r("--").drop();
35	sp.disable_functions.function_r("mysqli?_query").param("query").value_r("#").drop();	35	sp.disable_function.function_r("mysqli?_query").param("query").value_r("#").drop();
36	sp.disable_functions.function_r("mysqli?_query").param("query").value_r(";.*;").drop();	36	sp.disable_function.function_r("mysqli?_query").param("query").value_r(";.*;").drop();
37	sp.disable_functions.function_r("mysqli?_query").param("query").value_r("benchmark").drop();	37	sp.disable_function.function_r("mysqli?_query").param("query").value_r("benchmark").drop();
38	sp.disable_functions.function_r("mysqli?_query").param("query").value_r("sleep").drop();	38	sp.disable_function.function_r("mysqli?_query").param("query").value_r("sleep").drop();
39	sp.disable_functions.function_r("mysqli?_query").param("query").value_r("information_schema").drop();	39	sp.disable_function.function_r("mysqli?_query").param("query").value_r("information_schema").drop();
40	sp.disable_functions.function("PDO::query").param("query").value_r("/\\*").drop();	40	sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
41	sp.disable_functions.function("PDO::query").param("query").value_r("--").drop();	41	sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
42	sp.disable_functions.function("PDO::query").param("query").value_r("#").drop();	42	sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
43	sp.disable_functions.function("PDO::query").param("query").value_r(";.*;").drop();	43	sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
44	sp.disable_functions.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();	44	sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
45	sp.disable_functions.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();	45	sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
46	sp.disable_functions.function("PDO::query").param("query").value_r("information_schema").drop();	46	sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop();
47		47
48	# Ghetto sqli detection	48	# Ghetto sqli detection
49	sp.disable_functions.function_r("mysqli?_query").ret("FALSE").drop();	49	sp.disable_function.function_r("mysqli?_query").ret("FALSE").drop();
50	sp.disable_functions.function_r("PDO::query").ret("FALSE").drop();	50	sp.disable_function.function_r("PDO::query").ret("FALSE").drop();
51		51
52	#File upload	52	#File upload
53	sp.disable_functions.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();	53	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
54	sp.disable_functions.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();	54	sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();


diff --git a/config/examples.ini b/config/examples.ini index d7599fb..c522f1a 100644 --- a/config/examples.ini +++ b/config/examples.ini
@@ -1,47 +1,47 @@
1	# Restrict system calls to specific file	1	# Restrict system calls to specific file
2	sp.disable_functions.function("system").filename("update.php").allow();	2	sp.disable_function.function("system").filename("update.php").allow();
3	sp.disable_functions.function("system").drop();	3	sp.disable_function.function("system").drop();
4		4
5		5
6	# Restrict system calls to specific file with a specific hash	6	# Restrict system calls to specific file with a specific hash
7	sp.disable_functions.function("system").filename("update.php").hash("d27c6c5686bc129716b6aac8dfefe2d519a80eb6cc144e97ad42c728d423eed0").allow();	7	sp.disable_function.function("system").filename("update.php").hash("d27c6c5686bc129716b6aac8dfefe2d519a80eb6cc144e97ad42c728d423eed0").allow();
8	sp.disable_functions.function("system").drop();	8	sp.disable_function.function("system").drop();
9		9
10		10
11	# AbanteCart 1.2.8 - Multiple SQL Injections <https://blog.ripstech.com/2016/abantecart-multiple-sql-injections>	11	# AbanteCart 1.2.8 - Multiple SQL Injections <https://blog.ripstech.com/2016/abantecart-multiple-sql-injections>
12	sp.disable_functions.filename("static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS");	12	sp.disable_function.filename("static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS");
13	sp.disable_functions.filename("core/lib/language_manager.php").function("ALanguageManager>_clone_language_rows").param("from_language").value_r("[^0-9]").drop();	13	sp.disable_function.filename("core/lib/language_manager.php").function("ALanguageManager>_clone_language_rows").param("from_language").value_r("[^0-9]").drop();
14	sp.disable_functions.filename("admin/model/tool/backup.php").function("ModelToolBackup>createBackupTask").param("data[table_list]").value_r("'").drop();	14	sp.disable_function.filename("admin/model/tool/backup.php").function("ModelToolBackup>createBackupTask").param("data[table_list]").value_r("'").drop();
15		15
16		16
17	# Redaxo 5.2.0: Remote Code Execution via CSRF <https://blog.ripstech.com/2016/redaxo-remote-code-execution-via-csrf>	17	# Redaxo 5.2.0: Remote Code Execution via CSRF <https://blog.ripstech.com/2016/redaxo-remote-code-execution-via-csrf>
18	# See <http://code.vtiger.com/vtiger/vtigercrm/commit/9b5c5338f80237ae072a06e1ba4a5cfcbfe063b0> for details	18	# See <http://code.vtiger.com/vtiger/vtigercrm/commit/9b5c5338f80237ae072a06e1ba4a5cfcbfe063b0> for details
19	sp.disable_functions.filename("redaxo/src/addons/structure/pages/linkmap.php").function("substr").param("string").value_r("\"").drop();	19	sp.disable_function.filename("redaxo/src/addons/structure/pages/linkmap.php").function("substr").param("string").value_r("\"").drop();
20		20
21		21
22	# Guest Post: Vtiger 6.5.0 - SQL Injection <https://blog.ripstech.com/2016/vtiger-sql-injection/>	22	# Guest Post: Vtiger 6.5.0 - SQL Injection <https://blog.ripstech.com/2016/vtiger-sql-injection/>
23	sp.disable_functions.filename("modules/Calendar/Activity.php").function("save_module").param("query").value_r("[^0-9;]").drop();	23	sp.disable_function.filename("modules/Calendar/Activity.php").function("save_module").param("query").value_r("[^0-9;]").drop();
24		24
25		25
26	# The State of Wordpress Security <https://blog.ripstech.com/2016/the-state-of-wordpress-security>	26	# The State of Wordpress Security <https://blog.ripstech.com/2016/the-state-of-wordpress-security>
27	# All In One WP Security & Firewall	27	# All In One WP Security & Firewall
28	sp.disable_functions.filename("admin/wp-security-dashboard-menu.php").function("render_tab3").var("_REQUEST[tab]]").value_r("\"").drop();	28	sp.disable_function.filename("admin/wp-security-dashboard-menu.php").function("render_tab3").var("_REQUEST[tab]]").value_r("\"").drop();
29		29
30		30
31	# PHPKit 1.6.6: Code Execution for Privileged Users <https://blog.ripstech.com/2016/phpkit-code-exection-for-privileged-users>	31	# PHPKit 1.6.6: Code Execution for Privileged Users <https://blog.ripstech.com/2016/phpkit-code-exection-for-privileged-users>
32	sp.disable_functions.filename("pkinc/func/default.php").function("move_uploaded_file").param("destination").value_r("\\.ph\\.+$").drop();	32	sp.disable_function.filename("pkinc/func/default.php").function("move_uploaded_file").param("destination").value_r("\\.ph\\.+$").drop();
33		33
34		34
35	# Coppermine 1.5.42: Second-Order Command Execution <https://blog.ripstech.com/2016/coppermine-second-order-command-execution>	35	# Coppermine 1.5.42: Second-Order Command Execution <https://blog.ripstech.com/2016/coppermine-second-order-command-execution>
36	sp.disable_functions.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop();	36	sp.disable_function.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop();
37	sp.disable_functions.filename("forgot_passwd.php").function("cpg_db_query").var("CLEAN[id]").value_r("[^a-z0-9]").drop();	37	sp.disable_function.filename("forgot_passwd.php").function("cpg_db_query").var("CLEAN[id]").value_r("[^a-z0-9]").drop();
38		38
39		39
40	# CVE-2014-1610 - Mediawiki RCE	40	# CVE-2014-1610 - Mediawiki RCE
41	sp.disable_functions.filename("includes/media/DjVu.php")	41	sp.disable_function.filename("includes/media/DjVu.php")
42	sp.disable_functions.filename("includes/media/ImageHandler.php").var("_GET[page]").value_r("[^0-9]").drop()	42	sp.disable_function.filename("includes/media/ImageHandler.php").var("_GET[page]").value_r("[^0-9]").drop()
43		43
44		44
45	# CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html	45	# CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
46	sp.disable_functions.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();	46	sp.disable_function.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();
47	sp.disable_functions.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop(); \ No newline at end of file	47	sp.disable_function.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop(); \ No newline at end of file