--- layout: post status: publish published: true title: PHP IDS wordpress_id: 287 wordpress_url: http://pro.grammatic.org/post-php-ids-12.aspx date: !binary |- MjAwNy0wNS0xNiAxMToxODowMCArMDIwMA== date_gmt: !binary |- MjAwNy0wNS0xNiAxMToxODowMCArMDIwMA== categories: - Technology - InfoSec - PHP tags: - information security - PHP - XSS comments: [] ---
For those who haven't yet seen this, .mario and christ1an over at sla.ckers has been working on a PHP Intrusion Detection System and the results are fairly promising! The system is based on regular expressions and seems to catch everything I've jammed into it so far. Here's an example of catching a JavaScript event handler:
rule: (on\w+\s*=.*\\?([("|'|`)]|\>)?)
rule-description: detects possible event handlers
impact: 4
Check out the Google Group and the live sandbox for more.