summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/default.rules21
1 files changed, 12 insertions, 9 deletions
diff --git a/config/default.rules b/config/default.rules
index 81c4072..c528191 100644
--- a/config/default.rules
+++ b/config/default.rules
@@ -61,11 +61,20 @@ sp.disable_function.function("mail").param("additional_params").value_r("\\-").d
61@end_condition; 61@end_condition;
62 62
63# This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80 63# This one was burned in Nov 2019 - https://gist.github.com/LoadLow/90b60bd5535d6c3927bb24d5f9955b80
64sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop(); 64@condition PHP_VERSION_ID < 80000;
65 sp.disable_function.function("putenv").param("setting").value_r("GCONV_").drop()
66@condition PHP_VERSION_ID >= 80000;
67 sp.disable_function.function("putenv").param("assignment").value_r("GCONV_").drop()
68@end_condition;
65 69
66# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector 70# Since people are stupid enough to use `extract` on things like $_GET or $_POST, we might as well mitigate this vector
67sp.disable_function.function("extract").pos("0").value_r("^_").drop(); 71@condition PHP_VERSION_ID < 80000;
68sp.disable_function.function("extract").pos("1").value("0").drop(); 72sp.disable_function.function("extract").pos("0").value_r("^_").drop()
73sp.disable_function.function("extract").pos("1").value("0").drop()
74@condition PHP_VERSION_ID >= 80000;
75sp.disable_function.function("extract").param("array").value_r("^_").drop()
76sp.disable_function.function("extract").param("flags").value("0").drop()
77@end_condition;
69 78
70# This is also burned: 79# This is also burned:
71# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd')); 80# ini_set('open_basedir','..');chdir('..');…;chdir('..');ini_set('open_basedir','/');echo(file_get_contents('/etc/passwd'));
@@ -90,12 +99,6 @@ sp.disable_function.function("include").drop();
90 99
91# Prevent `system`-related injections 100# Prevent `system`-related injections
92sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop(); 101sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
93sp.disable_function.function("shell_exec").pos("0").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
94sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
95sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
96
97# Prevent `system`-related injections
98sp.disable_function.function("system").param("command").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
99@condition PHP_VERSION_ID < 80000; 102@condition PHP_VERSION_ID < 80000;
100 sp.disable_function.function("shell_exec").pos("0").value_r("[$|;&`\\n\\(\\)\\\\]").drop(); 103 sp.disable_function.function("shell_exec").pos("0").value_r("[$|;&`\\n\\(\\)\\\\]").drop();
101@condition PHP_VERSION_ID >= 80000; 104@condition PHP_VERSION_ID >= 80000;