Commit 9de60a14 authored by mh's avatar mh
Browse files

wp really wants to put in comments

parent 2b8afb4b
......@@ -46,12 +46,13 @@ sp.disable_function.function("ini_get").param("var_name").value_r("(?:allow_url_
#sp.disable_function.function("is_callable").param("var").value_r("(?:eval|exec|system)").drop();
# Ghetto sqli hardening
# cms like wordpress do include them
#sp.disable_function.function("mysql_query").param("query").value_r("/\\*").drop();
sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
#sp.disable_function.function("mysql_query").param("query").value_r("--").drop();
#sp.disable_function.function("mysql_query").param("query").value_r("#").drop();
#sp.disable_function.function("mysql_query").param("query").value_r(";.*;").drop();
sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop();
sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop();
#sp.disable_function.function("mysql_query").param("query").value_r("benchmark").drop();
#sp.disable_function.function("mysql_query").param("query").value_r("sleep").drop();
# some CMS and ORM's use this to predict the current schema f.e doctrine
#
sp.disable_function.function("mysql_query").param("query").value_r("information_schema").drop();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment