Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Block out any script trying to set a mosConfig value through the URL
- RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
- # Block out any script trying to base64_encode crap to send via URL
- RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
- #Bypass: $a='base6'.'4_encode'; echo $$a(1234);
- # Block out any script that includes a <script> tag in URL
- RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
- #Bypass: <img src=. onerror=alert(1)>
- # Block out any script trying to set a PHP GLOBALS variable via URL
- RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
- #Bypass: $GLOBALS=((3))
- # Block out any script trying to modify a _REQUEST variable via URL
- RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
- #Bypass: $_REQUEST =2
RAW Paste Data
