Elxis CMS Forum

Extensions => Tools => Topic started by: datahell on October 08, 2006, 23:05:39

Title: Elxis Defender
Post by: datahell on October 08, 2006, 23:05:39

Elxis Defender protects your Elxis site against XSS and SQL injection attacks. It is also an IP blocker tool.

Click here (http://www.mamboclub.net/forum/showthread.php?t=1942)for more (in Greek)

Title: Re: Elxis Defender
Post by: Haic on November 05, 2006, 00:00:12

Hello,

I want some explanation with the filter in defender
Wich is the importent filter for security?

Example Filters
SELECT UNION   UNION SELECT   BENCHMARK(   ASCII(   SUBSTRING(
CONCAT(   CONCAT (   CONCAT_WS   CHAR(   INNER JOIN
FROM elx_   ' OR '   " OR "   INSERT(   INSERT (
LEFT JOIN   RIGHT JOIN   JOIN elx_   SELECT *   FIELD(
DROP elx_   alert(   alert (   SUBSTRING_INDEX(   FIND_IN_SET(
DROP haico_elxis   SELECT IF   haico_elxis.elx_   mosConfig_   ADODB
ENCODE(   MD5(   UNION ALL   '--   /**/

I hope you have a FAQ for this?

Title: Re: Elxis Defender
Post by: datahell on November 05, 2006, 08:30:26

Defender purpose is to block XSS attacks by filtering user input data. In these fields you add which words or phrases you do NOT wish to be accepted. It works just like apache's mod_security. If you search on the internet for how these attacks are performed you will find useful information on the way hackers usually use to attack to a site. There are two categories: attack to the database by adding words such as BENCHMARK, DROP, UNION, JOIN etc and attacking to the php/file system (for example by trying to overwrite global variables).