From cd76bacd4aa42e0a2b97f3c8e3ff497fd3dd0495 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 10 Oct 2022 22:34:26 +0200 Subject: Added detection of URLs starting with a dot (.) --- src/lib/protocols/http.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/lib/protocols') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index f26aeaa5c..3430af942 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -632,6 +632,8 @@ static void ndpi_check_http_url(struct ndpi_detection_module_struct *ndpi_struct ndpi_set_risk(ndpi_struct, flow, NDPI_URL_POSSIBLE_RCE_INJECTION, "PHP code in URL"); else if(strncmp(url, "/shell?", 7) == 0) ndpi_set_risk(ndpi_struct, flow, NDPI_URL_POSSIBLE_RCE_INJECTION, "Possible WebShell detected"); + else if(strncmp(url, "/.", 2) == 0) + ndpi_set_risk(ndpi_struct, flow, NDPI_POSSIBLE_EXPLOIT, "URL starting with dot"); } /* ************************************************************* */ -- cgit v1.2.3