Thread: [Phpida-cvs] plugins 006.php, 1.4, 1.5 008.php, 1.5, 1.6 004.php, 1.4, 1.5 011.php, 1.4, 1.5 010.ph
Status: Alpha
Brought to you by:
xqus
Menu
▾
▴
phpida-cvs
Update of /cvsroot/phpida/plugins In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11033 Modified Files: 006.php 008.php 004.php 011.php 010.php 005.php 002.php 009.php 012.php 007.php 003.php Log Message: - Updated plugins to work with the new module structure thingie. - Code cleanups Index: 012.php =================================================================== RCS file: /cvsroot/phpida/plugins/012.php,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** 012.php 19 Aug 2007 20:09:47 -0000 1.3 --- 012.php 21 Aug 2007 18:09:28 -0000 1.4 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,31 **** */ ! function ida_012($requestInfo) { $pluginObj = new plugins(); ! $requestInfo['info'] = "The User-Agent is reported as bad"; $requestInfo['risk'] = "high"; $requestInfo['break'] = 0; $requestInfo['type'] = "Misc"; ! if($pluginObj->getUaType($requestInfo['agent'])==2) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! return $requestInfo; } ?> \ No newline at end of file --- 14,33 ---- */ ! class ida_012 extends plugin { ! static public function checkRequest($requestInfo) { $pluginObj = new plugins(); ! $requestInfo['info'] = "The User-Agent is reported as bad"; $requestInfo['risk'] = "high"; $requestInfo['break'] = 0; $requestInfo['type'] = "Misc"; ! if($pluginObj->getUaType($requestInfo['agent'])==2) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 007.php =================================================================== RCS file: /cvsroot/phpida/plugins/007.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** 007.php 19 Aug 2007 20:09:47 -0000 1.4 --- 007.php 21 Aug 2007 18:09:28 -0000 1.5 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,19 **** */ ! function ida_007($requestInfo) { ! $requestInfo['info'] = "The request contains a backtick (`), this may be an attempt to retrive private information trough a poorly written web application."; $requestInfo['risk'] = "medium"; --- 14,20 ---- */ ! class ida_007 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "The request contains a backtick (`), this may be an attempt to retrive private information trough a poorly written web application."; $requestInfo['risk'] = "medium"; *************** *** 23,32 **** $inString = strpos(rawurldecode($requestInfo['request']), "`"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 24,34 ---- $inString = strpos(rawurldecode($requestInfo['request']), "`"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 009.php =================================================================== RCS file: /cvsroot/phpida/plugins/009.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** 009.php 19 Aug 2007 20:09:47 -0000 1.4 --- 009.php 21 Aug 2007 18:09:28 -0000 1.5 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,32 **** */ ! function ida_009($requestInfo) { ! $requestInfo['info'] = "This looks like a W32.Nimda.A@mm attack.\n This worm can only infetct unpatched IIS servers."; $requestInfo['risk'] = "low"; $requestInfo['break'] = 1; $requestInfo['type'] = "Misc"; ! $inString = strpos(rawurldecode($requestInfo['request']), "/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 14,34 ---- */ ! class ida_009 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "This looks like a W32.Nimda.A@mm attack.\n This worm can only infetct unpatched IIS servers."; $requestInfo['risk'] = "low"; $requestInfo['break'] = 1; $requestInfo['type'] = "Misc"; ! $inString = strpos(rawurldecode($requestInfo['request']), "/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 006.php =================================================================== RCS file: /cvsroot/phpida/plugins/006.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** 006.php 19 Aug 2007 20:09:47 -0000 1.4 --- 006.php 21 Aug 2007 18:09:28 -0000 1.5 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,19 **** */ ! function ida_006($requestInfo) { ! $requestInfo['info'] = "The request contains \"../\", this may be an attempt to retrive private information trough a poorly written web application."; $requestInfo['risk'] = "low"; --- 14,20 ---- */ ! class ida_006 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "The request contains \"../\", this may be an attempt to retrive private information trough a poorly written web application."; $requestInfo['risk'] = "low"; *************** *** 23,32 **** $inString = strpos(rawurldecode($requestInfo['request']), "../"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 24,34 ---- $inString = strpos(rawurldecode($requestInfo['request']), "../"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 003.php =================================================================== RCS file: /cvsroot/phpida/plugins/003.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** 003.php 19 Aug 2007 20:09:47 -0000 1.4 --- 003.php 21 Aug 2007 18:09:28 -0000 1.5 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,19 **** */ ! function ida_003($requestInfo) { ! $requestInfo['info'] = "The request contains a null byte (%00). It can be used to fool a web application into thinking a different file type has been requested. "; $requestInfo['risk'] = "medium"; --- 14,20 ---- */ ! class ida_003 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "The request contains a null byte (%00). It can be used to fool a web application into thinking a different file type has been requested. "; $requestInfo['risk'] = "medium"; *************** *** 23,32 **** $inString = strpos($requestInfo['request'], "%00"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 24,34 ---- $inString = strpos($requestInfo['request'], "%00"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 010.php =================================================================== RCS file: /cvsroot/phpida/plugins/010.php,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** 010.php 19 Aug 2007 20:09:47 -0000 1.2 --- 010.php 21 Aug 2007 18:09:28 -0000 1.3 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,38 **** */ ! function ida_010($requestInfo) { ! $requestInfo['info'] = "The request type is not GET, POST or HEAD. This may be a DOS attack."; $requestInfo['risk'] = "low"; $requestInfo['break'] = 1; $requestInfo['type'] = "Denial of Service"; ! $isOk=1; $requestParts = explode(" ", trim($requestInfo['request'])); $requestType = $requestParts[0]; if(($requestType != "GET") && ($requestType != "POST") && ($requestType != "HEAD")) { ! $isOk=0; } ! if ($isOk==0) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 14,40 ---- */ ! class ida_010 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "The request type is not GET, POST or HEAD. This may be a DOS attack."; $requestInfo['risk'] = "low"; $requestInfo['break'] = 1; $requestInfo['type'] = "Denial of Service"; ! $isOk=1; $requestParts = explode(" ", trim($requestInfo['request'])); $requestType = $requestParts[0]; if(($requestType != "GET") && ($requestType != "POST") && ($requestType != "HEAD")) { ! $isOk=0; } ! if ($isOk==0) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 005.php =================================================================== RCS file: /cvsroot/phpida/plugins/005.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** 005.php 19 Aug 2007 20:09:47 -0000 1.4 --- 005.php 21 Aug 2007 18:09:28 -0000 1.5 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,19 **** */ ! function ida_005($requestInfo) { ! $requestInfo['info'] = "The request contains a !, this may be an XSS attack attempt."; $requestInfo['risk'] = "low"; --- 14,20 ---- */ ! class ida_005 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "The request contains a !, this may be an XSS attack attempt."; $requestInfo['risk'] = "low"; *************** *** 23,32 **** $inString = strpos(rawurldecode($requestInfo['request']), "!"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 24,34 ---- $inString = strpos(rawurldecode($requestInfo['request']), "!"); if ($inString !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 011.php =================================================================== RCS file: /cvsroot/phpida/plugins/011.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** 011.php 19 Aug 2007 20:09:47 -0000 1.4 --- 011.php 21 Aug 2007 18:09:28 -0000 1.5 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,32 **** */ ! function ida_011($requestInfo) { ! $requestInfo['info'] = "The user-agent contains HTML code.\n This may be an XSS attempt."; $requestInfo['risk'] = "low"; $requestInfo['break'] = 0; $requestInfo['type'] = "Cross-site Scripting"; ! $inString = strpos(rawurldecode($requestInfo['agent']), "<"); $inString2 = strpos(rawurldecode($requestInfo['agent']), ">"); if ($inString !== false || $inString2 !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! return $requestInfo; } ?> \ No newline at end of file --- 14,34 ---- */ ! class ida_011 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "The user-agent contains HTML code.\n This may be an XSS attempt."; $requestInfo['risk'] = "low"; $requestInfo['break'] = 0; $requestInfo['type'] = "Cross-site Scripting"; ! $inString = strpos(rawurldecode($requestInfo['agent']), "<"); $inString2 = strpos(rawurldecode($requestInfo['agent']), ">"); if ($inString !== false || $inString2 !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 004.php =================================================================== RCS file: /cvsroot/phpida/plugins/004.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** 004.php 19 Aug 2007 20:09:47 -0000 1.4 --- 004.php 21 Aug 2007 18:09:28 -0000 1.5 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,19 **** */ ! function ida_004($requestInfo) { ! $requestInfo['info'] = "The request contains a < or a > character, this may be an XSS attack attempt."; $requestInfo['risk'] = "medium"; --- 14,20 ---- */ ! class ida_004 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "The request contains a < or a > character, this may be an XSS attack attempt."; $requestInfo['risk'] = "medium"; *************** *** 24,33 **** $inString2 = strpos(rawurldecode($requestInfo['request']), ">"); if ($inString !== false || $inString2 !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 25,35 ---- $inString2 = strpos(rawurldecode($requestInfo['request']), ">"); if ($inString !== false || $inString2 !== false) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 008.php =================================================================== RCS file: /cvsroot/phpida/plugins/008.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** 008.php 19 Aug 2007 20:09:47 -0000 1.5 --- 008.php 21 Aug 2007 18:09:28 -0000 1.6 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 14,31 **** */ ! function ida_008($requestInfo) { ! $requestInfo['info'] = "A 400 (Bad request) code was returned from the server.\n This may be an attemt to crash your server."; $requestInfo['risk'] = "medium"; $requestInfo['break'] = 0; $requestInfo['type'] = "Unknown"; ! if ($requestInfo['status'] == 400) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 14,33 ---- */ ! class ida_008 extends plugin { ! static public function checkRequest($requestInfo) { ! $requestInfo['info'] = "A 400 (Bad request) code was returned from the server.\n This may be an attemt to crash your server."; $requestInfo['risk'] = "medium"; $requestInfo['break'] = 0; $requestInfo['type'] = "Unknown"; ! if ($requestInfo['status'] == 400) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file Index: 002.php =================================================================== RCS file: /cvsroot/phpida/plugins/002.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** 002.php 19 Aug 2007 20:09:47 -0000 1.4 --- 002.php 21 Aug 2007 18:09:28 -0000 1.5 *************** *** 1,4 **** <?php ! /** * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen --- 1,4 ---- <?php ! /** $Id$ * This is Ida, Intrusion Detection for Apache * Copyright 2004 - 2006 by Audun Larsen *************** *** 13,18 **** * E-Mail: aud...@lk... */ ! ! function ida_002($requestInfo) { $requestInfo['info'] = "formmail.pl is a web2e-mail gateway.\n It has a vulnerability that allows unauthorized users to send spam anonymously.\n Someone was searching for a copy on your site and FOUND IT! Yuor should NOT use FormMail."; $requestInfo['risk'] = "medium"; --- 13,18 ---- * E-Mail: aud...@lk... */ ! class ida_001 extends plugin { ! static public function checkRequest($requestInfo) { $requestInfo['info'] = "formmail.pl is a web2e-mail gateway.\n It has a vulnerability that allows unauthorized users to send spam anonymously.\n Someone was searching for a copy on your site and FOUND IT! Yuor should NOT use FormMail."; $requestInfo['risk'] = "medium"; *************** *** 24,33 **** $inString2 = strpos($requestInfo['request'], "formmail"); if (($inString !== false || $inString1 !== false || $inString2 !== false) && $requestInfo['status']==200) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! return $requestInfo; } ?> \ No newline at end of file --- 24,34 ---- $inString2 = strpos($requestInfo['request'], "formmail"); if (($inString !== false || $inString1 !== false || $inString2 !== false) && $requestInfo['status']==200) { ! $requestInfo[0] = 1; } else { ! $requestInfo[0] = 0; } ! ! self::$res = $requestInfo; ! } } ?> \ No newline at end of file |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X