1 files changed, 1 insertions, 28 deletions
diff --git a/config/default_php8.rules b/config/default_php8.rules
index fa3120e..427dcaf 100644
--- a/config/default_php8.rules
+++ b/config/default_php8.rules
@@ -97,34 +97,7 @@ sp.disable_function.function("is_callable").param("value").value("shell_exec").d
 sp.disable_function.function("is_callable").param("value").value("proc_open").drop();
 sp.disable_function.function("is_callable").param("value").value("passthru").drop();
-# Commenting sqli related stuff to improve performance.
+# Ghetto error-based sqli detection
-# TODO figure out why these functions can't be hooked at startup
-# Ghetto sqli hardening
-# sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
-# sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
-# sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
-# sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop();
-# sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop();
-# sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop();
-# sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop();
-# sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop();
-# sp.disable_function.function("mysqli_query").param("query").value_r("--").drop();
-# sp.disable_function.function("mysqli_query").param("query").value_r("#").drop();
-# sp.disable_function.function("mysqli_query").param("query").value_r(";.*;").drop();
-# sp.disable_function.function("mysqli_query").param("query").value_r("benchmark").drop();
-# sp.disable_function.function("mysqli_query").param("query").value_r("sleep").drop();
-# sp.disable_function.function("mysqli_query").param("query").value_r("information_schema").drop();
-# sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
-# sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
-# sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
-# sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
-# sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
-# sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
-# sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop();
-# Ghetto sqli detection
 # sp.disable_function.function("mysql_query").ret("FALSE").drop();
 # sp.disable_function.function("mysqli_query").ret("FALSE").drop();
 # sp.disable_function.function("PDO::query").ret("FALSE").drop();

diff --git a/config/default_php8.rules b/config/default_php8.rules index fa3120e..427dcaf 100644 --- a/config/default_php8.rules +++ b/config/default_php8.rules
@@ -97,34 +97,7 @@ sp.disable_function.function("is_callable").param("value").value("shell_exec").d
97	sp.disable_function.function("is_callable").param("value").value("proc_open").drop();	97	sp.disable_function.function("is_callable").param("value").value("proc_open").drop();
98	sp.disable_function.function("is_callable").param("value").value("passthru").drop();	98	sp.disable_function.function("is_callable").param("value").value("passthru").drop();
99		99
100	# Commenting sqli related stuff to improve performance.	100	# Ghetto error-based sqli detection
101	# TODO figure out why these functions can't be hooked at startup
102	# Ghetto sqli hardening
103	# sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
104	# sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
105	# sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
106	# sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop();
107	# sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop();
108	# sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop();
109	# sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop();
110
111	# sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop();
112	# sp.disable_function.function("mysqli_query").param("query").value_r("--").drop();
113	# sp.disable_function.function("mysqli_query").param("query").value_r("#").drop();
114	# sp.disable_function.function("mysqli_query").param("query").value_r(";.*;").drop();
115	# sp.disable_function.function("mysqli_query").param("query").value_r("benchmark").drop();
116	# sp.disable_function.function("mysqli_query").param("query").value_r("sleep").drop();
117	# sp.disable_function.function("mysqli_query").param("query").value_r("information_schema").drop();
118
119	# sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
120	# sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
121	# sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
122	# sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
123	# sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
124	# sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
125	# sp.disable_function.function("PDO::query").param("query").value_r("information_schema").drop();
126
127	# Ghetto sqli detection
128	# sp.disable_function.function("mysql_query").ret("FALSE").drop();	101	# sp.disable_function.function("mysql_query").ret("FALSE").drop();
129	# sp.disable_function.function("mysqli_query").ret("FALSE").drop();	102	# sp.disable_function.function("mysqli_query").ret("FALSE").drop();
130	# sp.disable_function.function("PDO::query").ret("FALSE").drop();	103	# sp.disable_function.function("PDO::query").ret("FALSE").drop();