summaryrefslogtreecommitdiff
path: root/config/default.rules
diff options
context:
space:
mode:
Diffstat (limited to 'config/default.rules')
-rw-r--r--config/default.rules3
1 files changed, 3 insertions, 0 deletions
diff --git a/config/default.rules b/config/default.rules
index 1446fb8..9dfa68e 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -45,6 +45,9 @@ sp.disable_function.function("putenv").param("setting").value_r("LD_").drop()
45# This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80 45# This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80
46sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop() 46sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()
47 47
48# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector
49sp.disable_function.function("extract").param("array").value_r("^_").drop()
50
48# This is also burned: 51# This is also burned:
49# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd')); 52# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));
50# Since we have no way of matching on two parameters at the same time, we're 53# Since we have no way of matching on two parameters at the same time, we're