aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLuca Deri <deri@ntop.org>2022-10-10 22:34:26 +0200
committerLuca Deri <deri@ntop.org>2022-10-10 22:34:26 +0200
commitcd76bacd4aa42e0a2b97f3c8e3ff497fd3dd0495 (patch)
treeb4f182382cc1d2402a578bcfa737b89329a7a8da /src
parent1796a1d814494fa85f75d395703edbc86ead3520 (diff)
Added detection of URLs starting with a dot (.)
Diffstat (limited to 'src')
-rw-r--r--src/lib/protocols/http.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index f26aeaa5c..3430af942 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -632,6 +632,8 @@ static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct
ndpi_set_risk(ndpi_struct, flow, NDPI_URL_POSSIBLE_RCE_INJECTION, "PHP code in URL");
else if(strncmp(url, "/shell?", 7) == 0)
ndpi_set_risk(ndpi_struct, flow, NDPI_URL_POSSIBLE_RCE_INJECTION, "Possible WebShell detected");
+ else if(strncmp(url, "/.", 2) == 0)
+ ndpi_set_risk(ndpi_struct, flow, NDPI_POSSIBLE_EXPLOIT, "URL starting with dot");
}
/* ************************************************************* */