Add parameters and null byte to bypass protection

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author fullworks

    (@fullworks)

    If you have solutions I’ll happily incorporate them

    Thread Starter Interference

    (@interference)

    Suggested fix:

    File name: stop-user-enumeration.php
    On line 38 add the below mentioned code:

    if(isset($_REQUEST["author"]))
      ll_kill_enumeration();

    Plugin Author fullworks

    (@fullworks)

    That may well work nicely. Its a long time since I coded this, so I can’t recall why I was using preg_match rather than looking at the queries.

    It could be because I coded it based on published htaccess solution e.g.
    RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)

    Which work to some extent (although they break admin)

    I changed the regex to '/[\?&]author(%00[0%]*)?=([0-9]*)(\/*)/' and now that technique no longer bypasses it.

    It could be because I coded it based on published htaccess solution e.g.
    RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)

    Which work to some extent (although they break admin)

    Could you please elaborate a bit about the “although they break admin” statement?
    What is the possible issue/downside with the .htaccess-solution with regard to the admin section?

    Thanks!

    Plugin Author fullworks

    (@fullworks)

    Yes, the generally published htaccess doesn’t take into consideration any queries when you are logged in, so when inside admin certain actions like sorting post by author will fail.

    Also the .htaccess solution doesn’t deal with POST queries,which is a technique employed by some hacking tools.

    Plugin Author fullworks

    (@fullworks)

    New release should have removed bypasses

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Add parameters and null byte to bypass protection’ is closed to new replies.