|
|
|
|
- Readme First! - Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 251 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
| The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
No Comments Allowed for Anonymous, please register | | | | |
I figured out why so many false positives on forums/messaging. (Score: 1) by Darby_2k4 on Friday, April 23 @ 20:21:29 CEST (User Info | Send a Message) | At least I think I have. ;)
The sid, in all those cases, contained 5 of the characters in the regular expression. If I am correct, the injection only happens with "query=" so I could just change the preg to look for the query= at the start followed by your code....?
preg_match("/(query=)([dnW5uIpb2N4VUJT0iO]{5})/", $_SERVER["QUERY_STRING"])
?
Or do I misunderstand where the attack comes from and we need to search the whole URL...? |
| Parent | | | | |
Re: After testing, about 22% produced False Positives. (Score: 1) by Zhen-Xjell on Friday, April 23 @ 21:04:16 CEST (User Info | Send a Message) http://castlecops.com | Thanks Darby, that's just what I need to hear... Sting also sent me some stuff... I'm just catching up on some sleep right now. My brain has turned to mush after the server headaches. |
| Parent | | | | | |
|