WordPress.org
Get WordPress

Plugin Directory

Changeset 828605


Ignore:
Timestamp:
12/26/2013 09:17:54 AM (12 years ago)
Author:
6Scan
Message:

fixed analyzer bugs
No longer consider HEAD as attack

Location:
6scan-protection/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • 6scan-protection/trunk/admin/includes/common.php

    r825975 r828605  
    44    die( 'No direct access allowed' );
    55
    6 define ( 'SIXSCAN_VERSION' ,                            '3.0.5.1' );
     6define ( 'SIXSCAN_VERSION' ,                            '3.0.5.2' );
    77define ( 'SIXSCAN_HTACCESS_VERSION' ,                   '1' );
    88

  • 6scan-protection/trunk/modules/signatures/analyzer.php

    r824665 r828605  
    145145    */
    146146
     147    $triggered_vuln_type = 'None';
     148    $is_waf_enabled = True;
     149   
    147150    /* WAF is disabled */
    148151    if ( in_array( 'waf_global_enable' , $allowed_waf_rules ) == FALSE )
    149         return array('noblock','');
     152        $is_waf_enabled = False;   
    150153
    151154    /*  Filter strange requests */
    152155    if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanstrangerequest" ) ){
    153         if ( in_array( 'waf_non_standard_req_disable' , $allowed_waf_rules ) )
    154             return array('block','');
     156        if ( in_array( 'waf_non_standard_req_disable' , $allowed_waf_rules ) && $is_waf_enabled )
     157            return array('block', 'non_getpost_request');
     158        else
     159            $triggered_vuln_type = 'non_getpost_request';
    155160    }
    156161
    157162    /*  Filter SQL injection */
    158163    if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanwafsqli" ) ){
    159         if ( in_array( 'waf_sql_protection_enable' , $allowed_waf_rules ) )
    160             return array('block','sql');
     164        if ( in_array( 'waf_sql_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled )
     165            return array('block', 'sql');
     166        else
     167            $triggered_vuln_type = 'sql';
    161168    }
    162169
    163170    /*  Filter Cross Site Scripting */
    164171    if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanwafxss" ) ){
    165         if ( in_array( 'waf_xss_protection_enable' , $allowed_waf_rules ) )
    166             return array('block','xss');
     172        if ( in_array( 'waf_xss_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled )
     173            return array('block', 'xss');
     174        else
     175            $triggered_vuln_type = 'xss';
    167176    }
    168177
    169178    /*  Filter CSRF on POST */
    170179    if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanwafcsrf" ) ){
    171         if ( in_array( 'waf_post_csrf_protection_enable' , $allowed_waf_rules ) )
    172             return array('block','csrf');
     180        if ( in_array( 'waf_post_csrf_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled )
     181            return array('block', 'csrf');
     182        else
     183            $triggered_vuln_type = 'csrf';
    173184    }
    174185
    175186    /*  Filter RFI */
    176187    if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanwafrfi" ) ){
    177         if ( in_array( 'waf_rfi_protection_enable' , $allowed_waf_rules ) ){
    178             $allowed_rfi_scripts = array( '/wp-login.php' );
     188        if ( in_array( 'waf_rfi_protection_enable' , $allowed_waf_rules ) && $is_waf_enabled ){
     189            $allowed_rfi_scripts = array( '/wp-login.php', '/wp-cron.php' );
    179190
    180191            /*  If link is OK to be used with URL as mask */
     
    194205                    &&  ( sixscan_signatures_analyzer_is_rfi_by_mask( $_SERVER['QUERY_STRING'] , $current_hostname . "/" ) == FALSE ) )
    195206
    196                     return array('block','rfi');
    197 
    198                 return array('ignore','');
     207                    return array('block', 'rfi');
     208
     209                return array('ignore', '');
    199210            }
     211            else{
     212                $triggered_vuln_type = 'rfi';
     213            }
    200214
    201215            /* RFI with no exclusions - always blocking */
    202             return array('block','rfi');
     216            return array('block', 'rfi');
     217        }
     218        else{
     219            $triggered_vuln_type = 'rfi';
    203220        }
    204221    }
    205222
    206223    /* Trigger is not blocked */
    207     return array('noblock','');
     224    return array('noblock', $triggered_vuln_type);
    208225}
    209226?>

  • 6scan-protection/trunk/modules/signatures/update.php

    r584844 r828605  
    232232
    233233    $vuln_urls = "#Broad-spectrum protection: User agent/referrer injections. XSS,RFI and SQLI prevention
    234 RewriteCond %{REQUEST_METHOD} ^(OPTIONS|HEAD|PUT|DELETE|TRACE|CONNECT|PATCH|TRACK|DEBUG) [NC]\n";
     234RewriteCond %{REQUEST_METHOD} ^(OPTIONS|PUT|DELETE|TRACE|CONNECT|PATCH|TRACK|DEBUG) [NC]\n";
    235235   
    236236    if (sixscan_signatures_is_to_block_non_standard_requests())
Note: See TracChangeset for help on using the changeset viewer.