Elxis CMS Forum
Extensions => Tools => Topic started by: datahell on October 08, 2006, 23:05:39
-
Elxis Defender protects your Elxis site against XSS and SQL injection attacks. It is also an IP blocker tool.
Click here (http://www.mamboclub.net/forum/showthread.php?t=1942)for more (in Greek)
-
Hello,
I want some explanation with the filter in defender
Wich is the importent filter for security?
Example Filters
SELECT UNION UNION SELECT BENCHMARK( ASCII( SUBSTRING(
CONCAT( CONCAT ( CONCAT_WS CHAR( INNER JOIN
FROM elx_ ' OR ' " OR " INSERT( INSERT (
LEFT JOIN RIGHT JOIN JOIN elx_ SELECT * FIELD(
DROP elx_ alert( alert ( SUBSTRING_INDEX( FIND_IN_SET(
DROP haico_elxis SELECT IF haico_elxis.elx_ mosConfig_ ADODB
ENCODE( MD5( UNION ALL '-- /**/
I hope you have a FAQ for this?
-
Defender purpose is to block XSS attacks by filtering user input data. In these fields you add which words or phrases you do NOT wish to be accepted. It works just like apache's mod_security. If you search on the internet for how these attacks are performed you will find useful information on the way hackers usually use to attack to a site. There are two categories: attack to the database by adding words such as BENCHMARK, DROP, UNION, JOIN etc and attacking to the php/file system (for example by trying to overwrite global variables).