WordPress.org
Get WordPress

Plugin Directory

Changeset 829751


Ignore:
Timestamp:
12/29/2013 01:23:24 PM (12 years ago)
Author:
6Scan
Message:
  • Now correctly detects CSRF with www. prefix
  • Logs non POST/GET requests
Location:
6scan-protection/trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • 6scan-protection/trunk/admin/includes/common.php

    r828605 r829751  
    44    die( 'No direct access allowed' );
    55
    6 define ( 'SIXSCAN_VERSION' ,                            '3.0.5.2' );
     6define ( 'SIXSCAN_VERSION' ,                            '3.0.5.3' );
    77define ( 'SIXSCAN_HTACCESS_VERSION' ,                   '1' );
    88

  • 6scan-protection/trunk/modules/signatures/analyzer.php

    r828605 r829751  
    100100                                    'time' => $current_time));
    101101
    102     @file_put_contents( SIXSCAN_ANALYZER_LOG_FILEPATH , $data_log ,  FILE_APPEND );
     102    @file_put_contents( SIXSCAN_ANALYZER_LOG_FILEPATH , $data_log . "\n" ,  FILE_APPEND );
    103103
    104104    if ( $analyze_action == 'block' )
     
    155155    if ( sixscan_signatures_analyzer_is_env_flag_on( "sixscanstrangerequest" ) ){
    156156        if ( in_array( 'waf_non_standard_req_disable' , $allowed_waf_rules ) && $is_waf_enabled )
    157             return array('block', 'non_getpost_request');
    158         else
    159             $triggered_vuln_type = 'non_getpost_request';
     157            return array('block', 'request_type_' . $_SERVER['REQUEST_METHOD']);
     158        else
     159            $triggered_vuln_type = 'request_type_' . $_SERVER['REQUEST_METHOD'];
    160160    }
    161161

  • 6scan-protection/trunk/modules/signatures/update.php

    r828605 r829751  
    230230    /*  Escape the dot of current hostname for regexps */
    231231    $current_hostname = str_replace( "." , "\." , $mixed_site_address[ 'host' ] );
    232 
     232    if ( substr( $current_hostname, 0, 4) === 'www.' )
     233        $current_hostname = substr($current_hostname, 4);
     234       
    233235    $vuln_urls = "#Broad-spectrum protection: User agent/referrer injections. XSS,RFI and SQLI prevention
    234236RewriteCond %{REQUEST_METHOD} ^(OPTIONS|PUT|DELETE|TRACE|CONNECT|PATCH|TRACK|DEBUG) [NC]\n";
     
    246248RewriteCond %{REQUEST_METHOD} ^(POST) [NC]
    247249RewriteCond %{HTTP_REFERER} !^$
    248 RewriteCond %{HTTP_REFERER} !^https?://" . $current_hostname . " [NC]
     250RewriteCond %{HTTP_REFERER} !^https?://(www.)?" . $current_hostname . " [NC]
    249251RewriteRule .*  - [E=sixscansecuritylog:1,E=sixscanwafcsrf:1] -
    250252
Note: See TracChangeset for help on using the changeset viewer.