Commit 7dbf6a3c authored by mh's avatar mh
Browse files

wordpress does comments in queries

parent c7f198e2
......@@ -46,7 +46,7 @@ sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_
#sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
# Ghetto sqli hardening
sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
#sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
#sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop();
......@@ -56,7 +56,7 @@ sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop
#
sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop();
sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop();
#sp.disable_function.function("mysqli_query").param("query").value_r("/\\*").drop();
sp.disable_function.function("mysqli_query").param("query").value_r("--").drop();
sp.disable_function.function("mysqli_query").param("query").value_r("#").drop();
#sp.disable_function.function("mysqli_query").param("query").value_r(";.*;").drop();
......@@ -66,10 +66,10 @@ sp.disable_function.function("mysqli_query").param("query").value_r("sleep").dro
#
sp.disable_function.function("mysqli_query").param("query").value_r("information_schema").drop();
sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
#sp.disable_function.function("PDO::query").param("query").value_r("/\\*").drop();
sp.disable_function.function("PDO::query").param("query").value_r("--").drop();
sp.disable_function.function("PDO::query").param("query").value_r("#").drop();
sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
#sp.disable_function.function("PDO::query").param("query").value_r(";.*;").drop();
sp.disable_function.function("PDO::query").param("query").value_r("benchmark\\s*\\(").drop();
sp.disable_function.function("PDO::query").param("query").value_r("sleep\\s*\\(").drop();
# some CMS and ORM's use this to predict the current schema f.e doctrine
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment