diff options
| author | Luca Deri <deri@ntop.org> | 2022-10-10 22:34:26 +0200 |
|---|---|---|
| committer | Luca Deri <deri@ntop.org> | 2022-10-10 22:34:26 +0200 |
| commit | cd76bacd4aa42e0a2b97f3c8e3ff497fd3dd0495 (patch) | |
| tree | b4f182382cc1d2402a578bcfa737b89329a7a8da /src | |
| parent | 1796a1d814494fa85f75d395703edbc86ead3520 (diff) | |
Added detection of URLs starting with a dot (.)
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/protocols/http.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index f26aeaa5c..3430af942 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -632,6 +632,8 @@ static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct ndpi_set_risk(ndpi_struct, flow, NDPI_URL_POSSIBLE_RCE_INJECTION, "PHP code in URL"); else if(strncmp(url, "/shell?", 7) == 0) ndpi_set_risk(ndpi_struct, flow, NDPI_URL_POSSIBLE_RCE_INJECTION, "Possible WebShell detected"); + else if(strncmp(url, "/.", 2) == 0) + ndpi_set_risk(ndpi_struct, flow, NDPI_POSSIBLE_EXPLOIT, "URL starting with dot"); } /* ************************************************************* */ |