Advertisement
Guest User

Untitled

a guest
Jul 24th, 2011
252
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Block out any script trying to set a mosConfig value through the URL
  2. RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
  3.  
  4. # Block out any script trying to base64_encode crap to send via URL
  5. RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
  6. #Bypass: $a='base6'.'4_encode'; echo $$a(1234);
  7.  
  8. # Block out any script that includes a <script> tag in URL
  9. RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
  10. #Bypass: <img src=. onerror=alert(1)>
  11.  
  12. # Block out any script trying to set a PHP GLOBALS variable via URL
  13. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
  14. #Bypass: $GLOBALS=((3))
  15.  
  16. # Block out any script trying to modify a _REQUEST variable via URL
  17. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
  18. #Bypass: $_REQUEST =2
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement