blob: c76cf91360e4ed994c39aad40904dcedcaef797f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# Harden the `chmod` function
sp.disable_function.function("chmod").param("mode").filename_r("typo3/sysext/core/Classes/Utility/GeneralUtility.php$").value_r("^[0-9]{2}6$").allow();
sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop();
##Prevent various `include`-related vulnerabilities
sp.disable_function.function("require_once").value_r("\.php$").allow();
sp.disable_function.function("include_once").value_r("\.php$").allow();
sp.disable_function.function("require").value_r("\.php$").allow();
sp.disable_function.function("include").value_r("\.php$").allow();
sp.disable_function.function("require_once").drop()
sp.disable_function.function("include_once").drop()
sp.disable_function.function("require").drop()
sp.disable_function.function("include").drop()
# Prevent `system`-related injections
sp.disable_function.function("system").drop();
sp.disable_function.function("shell_exec").param("command").value_r("[$|;&`\\n]").drop();
sp.disable_function.function("exec").param("command").filename_r("typo3/sysext/core/Classes/Utility/CommandUtility.php$").value_r("^'/usr/bin/convert' [a-zA-Z0-9_\\.'\+\\[\\] \/\\-]+ 2>&1$").allow();
sp.disable_function.function("exec").param("command").value_r("[$|;&`\\n]").drop();
sp.disable_function.function("proc_open").param("command").value_r("[$|;&`\\n]").drop();
# Prevent runtime modification of interesting things
sp.disable_function.function("ini_set").param("var_name").filename_r("typo3/sysext/core/Classes/Core/Bootstrap.php$").value("memory_limit").allow();
sp.disable_function.function("ini_set").param("var_name").value("assert.active").drop();
sp.disable_function.function("ini_set").param("var_name").value("zend.assertions").drop();
sp.disable_function.function("ini_set").param("var_name").value("memory_limit").drop();
sp.disable_function.function("ini_set").param("var_name").value("include_path").drop();
sp.disable_function.function("ini_set").param("var_name").value("open_basedir").drop();
# Detect some backdoors via environnement recon
sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/core/Classes/Cache/Backend/SimpleFileBackend.php$").value("open_basedir").allow();
sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/Check.php$").value("open_basedir").allow();
sp.disable_function.function("ini_get").param("var_name").filename_r("typo3/sysext/install/Classes/SystemEnvironment/SetupCheck.php$").value("allow_url_fopen").allow();
sp.disable_function.function("ini_get").param("var_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value("allow_url_fopen").allow();
sp.disable_function.function("ini_get").param("var_name").value_r("^(?:allow_url_fopen|open_basedir|suhosin)$").drop();
#need to be allow for example to execute Scheduled tasks
sp.disable_function.function("function_exists").param("function_name").filename_r("vendor/guzzlehttp/guzzle/src/functions.php$").value_r("^(?:curl_multi_exec|curl_exec)$").allow();
sp.disable_function.function("function_exists").param("function_name").value_r("(?:eval|exec|system)").drop();
sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
# Ghetto sqli hardening
sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("/\\*").drop();
sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("--").drop();
sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("#").drop();
sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r(";.*;").drop();
sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("benchmark").drop();
sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("sleep").drop();
sp.disable_function.function("QueryBuilder::setParameter").param("value").value_r("information_schema").drop();
#File upload
sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ph").drop();
sp.disable_function.function("move_uploaded_file").param("destination").value_r("\\.ht").drop();
|
