*/
session_start();
require_once "libs/db.inc.php";
require_once "libs/waf_report.class.php";
$WR=new WafReport;
if($WR->isEditor()==false)die("No Access");
$filename=$_SERVER['DOCUMENT_ROOT']."/.htaccess";
$folder=trim(substr($_SERVER['PHP_SELF'],1,strrpos($_SERVER['PHP_SELF'],"/")-1));
if(isset($_POST['op'])&&isset($_POST['content']))
{
$f=fopen($filename,"w");
fwrite($f,$_POST['content']);
fclose($f);
}
$opts=array('file_e'=>file_exists($filename)?true:false,
'file_w'=>is_writable($filename)?true:false
);
$injection_code='##### WAF INJECTION BOF #####
RewriteEngine On
SetEnvIf WAF_KEY "(.*)" HTTP_WAF_KEY='.$WR->waf_security_key.'
RewriteCond $1 !\.(gif|GIF|jpg|JPG|jpeg|JPEG|png|PNG|ico|ICO|css|CSS|js|JS|swf|SWF|wav|WAV|mp3|MP3|less|LESS|cur|CUR|ttf|TTF|pdf|PDF)
RewriteCond %{HTTP:WAF_KEY2} !'.$WR->waf_security_key2.'
RewriteCond %{REQUEST_URI} !'.$folder.'
RewriteRule ^(.*)$ '.$folder.'/waf.php? [N,L]
##### WAF INJECTION EOF #####';
$htaccess_code=file_exists($filename)?file_get_contents($filename):"";
$code_injected=(strstr($htaccess_code,$injection_code)?true:false);
?>
Edit .htaccess for redirect code injection
Code already injected!
| File exists: |
Yes':'No';?> |
| File writeble: |
Yes':'No';?> |
Impossible inject to .htaccess code, because one of the reasons above.
- Backup origin .htaccess file
- Copy the code from upper window to lower window to be last record
- Save
Code for injection
Content of your .htaccess file