Comments (8)
@enygma Have not tested the below, but would using array_walk_recursive() suffice for the above? We may want to also check that recursion is being done in other areas as well.
[ DEMO ]
src/Expose/Manager.php
// try to clean up standard filter bypass methods
array_walk_recursive($data, [new \Expose\Converter\Converter, 'runAllConversions']);
$path = array();
// ...
src/Expose/Converter/Converter.php
public function runAllConversions(&$value)
{
// ...
// return $value;
Might I suggest running the rules against https://github.com/minimaxir/big-list-of-naughty-strings as part of the unit tests?
Also on a side-note, would you be interested in a Python3 port of Expose?
from expose.
@yehgdotnet what was the downvote for? Did the code not work or is the rule itself broken?
from expose.
Yes, it should detect SQLi as per filter_rules.json#L517-L529. If not, then the filter may have gotten broken. I had opened #58 in hopes of having better quality checks on new/old/modified rules.
from expose.
Because this rule does not include ' char?
from expose.
@tranba quotes are normalized here src/Expose/Converter/ConvertMisc.php#L80-L94 if that is not done then the patterns would be overly complex with having to match each and every variation of quote use.
from expose.
@quantumpacket I've found a problem in the run function:
Lines 125 to 129 in 07ee1eb
Convert only apply to the first level of data array, then for example
$data = array(
'POST' = array('dirty' => " a ' or 1 = 1")
)
will bypass
from expose.
Seems anything' OR '1'='1 doesn't match with rules
Below are matched:
a' or 1=1;#
a' or 1=1;--
from expose.
@yehgdotnet what was the downvote for? Did the code not work or is the rule itself broken?
wrong click, was too sleepy, cheers
from expose.
Related Issues (20)
- How to use expose? HOT 8
- Extra backslash in filter rules HOT 1
- Cached entries always have an impact 0 HOT 1
- Bug? Regex issue with input of 1,11,11,11,120< HOT 7
- Impact rating HOT 2
- symfony/console v3 HOT 3
- Improve potential XSS attack
- Test Rules Against Known List Of Attack Strings & False Positives
- Fatal error: Class 'Expose\FilterCollection' not found HOT 6
- why convertFromNestedBase64() check only strings longer than 50 characters?
- Bypassing ConvertSQL->convertFromSQLHex() 1/2
- Bypassing ConvertSQL->convertFromSQLHex() 2/2
- Bypassing ConvertSQL->convertFromSQLKeywords() HOT 1
- Rules 11 and 73: incomplete rules
- Manager::setException() problem
- Performance improvement HOT 2
- Uncaught exception: Class 'Mongo' not found HOT 1
- Fatal error: Uncaught Error: Class 'Mongo' not found HOT 1
- Is somebody using this package with Symfony 4 or newer? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from expose.