blob: d7599fb3092de0e4d6b8bc8bed9a22fbc3888145 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# Restrict system calls to specific file
sp.disable_functions.function("system").filename("update.php").allow();
sp.disable_functions.function("system").drop();
# Restrict system calls to specific file with a specific hash
sp.disable_functions.function("system").filename("update.php").hash("d27c6c5686bc129716b6aac8dfefe2d519a80eb6cc144e97ad42c728d423eed0").allow();
sp.disable_functions.function("system").drop();
# AbanteCart 1.2.8 - Multiple SQL Injections <https://blog.ripstech.com/2016/abantecart-multiple-sql-injections>
sp.disable_functions.filename("static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS");
sp.disable_functions.filename("core/lib/language_manager.php").function("ALanguageManager>_clone_language_rows").param("from_language").value_r("[^0-9]").drop();
sp.disable_functions.filename("admin/model/tool/backup.php").function("ModelToolBackup>createBackupTask").param("data[table_list]").value_r("'").drop();
# Redaxo 5.2.0: Remote Code Execution via CSRF <https://blog.ripstech.com/2016/redaxo-remote-code-execution-via-csrf>
# See <http://code.vtiger.com/vtiger/vtigercrm/commit/9b5c5338f80237ae072a06e1ba4a5cfcbfe063b0> for details
sp.disable_functions.filename("redaxo/src/addons/structure/pages/linkmap.php").function("substr").param("string").value_r("\"").drop();
# Guest Post: Vtiger 6.5.0 - SQL Injection <https://blog.ripstech.com/2016/vtiger-sql-injection/>
sp.disable_functions.filename("modules/Calendar/Activity.php").function("save_module").param("query").value_r("[^0-9;]").drop();
# The State of Wordpress Security <https://blog.ripstech.com/2016/the-state-of-wordpress-security>
# All In One WP Security & Firewall
sp.disable_functions.filename("admin/wp-security-dashboard-menu.php").function("render_tab3").var("_REQUEST[tab]]").value_r("\"").drop();
# PHPKit 1.6.6: Code Execution for Privileged Users <https://blog.ripstech.com/2016/phpkit-code-exection-for-privileged-users>
sp.disable_functions.filename("pkinc/func/default.php").function("move_uploaded_file").param("destination").value_r("\\.ph\\.+$").drop();
# Coppermine 1.5.42: Second-Order Command Execution <https://blog.ripstech.com/2016/coppermine-second-order-command-execution>
sp.disable_functions.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop();
sp.disable_functions.filename("forgot_passwd.php").function("cpg_db_query").var("CLEAN[id]").value_r("[^a-z0-9]").drop();
# CVE-2014-1610 - Mediawiki RCE
sp.disable_functions.filename("includes/media/DjVu.php")
sp.disable_functions.filename("includes/media/ImageHandler.php").var("_GET[page]").value_r("[^0-9]").drop()
# CVE-2017-1001000 - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
sp.disable_functions.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_GET[id]").value_r("[^0-9]").drop();
sp.disable_functions.filename("wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php").function("register_routes").var("_POST[id]").value_r("[^0-9]").drop();
|
