Montag, 14. April 2014

Ruleset-Update: Contao & Typo3-Signatures


- some sigs, based on a recent contao-vuln https://github.com/contao/core/issues/6855
- some generic sigs to detect config_option_injection in contao and typo3


fff

[+] new sigs:
  42000356 :: web_apps.rules       :: Contao VAR TL_* - Injection
  42000357 :: web_apps.rules       :: Contao-InstallTool-Access
  42000358 :: web_apps.rules       :: Typo3-Backend-Access
  42000359 :: web_apps.rules       :: TYPO3_CONF_* Value - Injection
  42000360 :: web_apps.rules       :: Contao-Install install.php - Access

#
# sid: 42000360 | date: 2014-04-14 - 21:23
#
# https://github.com/contao/core/issues/6855#issuecomment-39571171
#
MainRule "str:/contao/install.php" "msg:Contao-Install install.php - Access" "mz:URL" "s:$UWA:8" id:42000360  ;
     
       
#
# sid: 42000359 | date: 2014-04-14 - 21:20
#
#
#
MainRule "str:typo3_conf" "msg:TYPO3_CONF_* Value - Injection" "mz:ARGS" "s:$UWA:8" id:42000359  ;
     
       
#
# sid: 42000358 | date: 2014-04-14 - 21:15
#
#
#
MainRule "str:/typo3/" "msg:Typo3-Backend-Access" "mz:URL" "s:$UWA:8" id:42000358  ;
     
       
#
# sid: 42000357 | date: 2014-04-14 - 21:14
#
# https://github.com/contao/check
#
MainRule "str:installer" "msg:Contao-InstallTool-Access" "mz:$ARGS_VAR:c" "s:$UWA:8" id:42000357  ;
     
       
#
# sid: 42000356 | date: 2014-04-14 - 20:43
#
# https://github.com/contao/core/issues/6855
# https://github.com/contao/core/pull/6863/files
#
MainRule "str:tl_" "msg:Contao VAR TL_* - Injection" "mz:ARGS" "s:$UWA:8" id:42000356  ;


Keine Kommentare:

Kommentar veröffentlichen