📁
SKYSHELL MANAGER
PHP v8.2.30
Create
Create
Path:
root
/
home
/
qooetu
/
costes.qooetu.com
/
Name
Size
Perm
Actions
📁
.well-known
-
0755
🗑️
🏷️
🔒
📁
2e19d9
-
0755
🗑️
🏷️
🔒
📁
6b114
-
0755
🗑️
🏷️
🔒
📁
Modules
-
0755
🗑️
🏷️
🔒
📁
app
-
0755
🗑️
🏷️
🔒
📁
assets
-
0755
🗑️
🏷️
🔒
📁
bootstrap
-
0755
🗑️
🏷️
🔒
📁
cgi-bin
-
0755
🗑️
🏷️
🔒
📁
config
-
0755
🗑️
🏷️
🔒
📁
css
-
0755
🗑️
🏷️
🔒
📁
database
-
0755
🗑️
🏷️
🔒
📁
images
-
0755
🗑️
🏷️
🔒
📁
js
-
0755
🗑️
🏷️
🔒
📁
nbproject
-
0755
🗑️
🏷️
🔒
📁
public
-
0755
🗑️
🏷️
🔒
📁
resources
-
0755
🗑️
🏷️
🔒
📁
routes
-
0755
🗑️
🏷️
🔒
📁
storage
-
0755
🗑️
🏷️
🔒
📁
tests
-
0755
🗑️
🏷️
🔒
📁
uploads
-
0755
🗑️
🏷️
🔒
📁
vendor
-
0755
🗑️
🏷️
🔒
📁
wp-admin
-
0755
🗑️
🏷️
🔒
📁
wp-content
-
0755
🗑️
🏷️
🔒
📁
wp-includes
-
0755
🗑️
🏷️
🔒
📄
.htaccess
0.23 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
COOKIE.txt
0.2 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
X7ROOT.txt
0.27 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
defaults.php
1.29 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
engine.php
0 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
error_log
813.08 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
features.php
11.28 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
googlecfb82e09419fc0f6.html
0.05 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
index.php0
1.56 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
inputs.php
0.12 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
kurd.html
1.07 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
library.php
0 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
min.php
6.83 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
p.php
2.75 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
php.ini
0.04 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
product.php
1.78 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
qpmwztts.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
robots.txt
0.32 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
tovmbkwh.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
tyyffovi.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
veoxv.html
1.23 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
Edit: README.md
<h1 align="center"> <br> <a href="https://snuffleupagus.readthedocs.io/"> <img src="https://github.com/jvoisin/snuffleupagus/raw/master/doc/source/_static/sp.png" alt="Snuffleupagus' logo" width="200"></a> <br> Snuffleupagus <br> </h1> <h4 align="center">Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!</h4> <p align="center"> <a href="https://github.com/jvoisin/snuffleupagus/actions/workflows/distributions_php7.yml"> <img src="https://github.com/jvoisin/snuffleupagus/actions/workflows/distributions_php7.yml/badge.svg" alt="Testing PHP7 on various Linux distributions" /> </a> <a href="https://github.com/jvoisin/snuffleupagus/actions/workflows/distributions_php8.yml"> <img src="https://github.com/jvoisin/snuffleupagus/actions/workflows/distributions_php8.yml/badge.svg" alt="Testing PHP8 on various Linux distributions" /> </a> <a href="https://scan.coverity.com/projects/jvoisin-snuffleupagus"> <img src="https://scan.coverity.com/projects/13821/badge.svg?flat=1" alt="Coverity"> </a> <a href="https://bestpractices.coreinfrastructure.org/projects/1267"> <img src="https://bestpractices.coreinfrastructure.org/projects/1267/badge" alt="CII Best Practises"> </a> <a href="http://snuffleupagus.readthedocs.io/?badge=latest"> <img src="https://readthedocs.org/projects/snuffleupagus/badge/?version=latest" alt="readthedocs.org"> </a> <a href="https://coveralls.io/github/jvoisin/snuffleupagus?branch=master"> <img src="https://coveralls.io/repos/github/jvoisin/snuffleupagus/badge.svg?branch=master" alt="coveralls"> </a> <a href="https://twitter.com/dustriorg"> <img src="https://img.shields.io/badge/twitter-follow-blue.svg" alt="twitter"> </a> <a href="https://repology.org/project/php:snuffleupagus/versions"> <img src="https://repology.org/badge/tiny-repos/php:snuffleupagus.svg" alt="Packaging status"> </a> <a href="https://github.com/jvoisin/snuffleupagus"> <img src="https://github.com/jvoisin/snuffleupagus/actions/workflows/codeql-analysis.yml/badge.svg" alt="CodeQL"> </a> </p> <p align="center"> <a href="#key-features">Key Features</a> • <a href="#download">Download</a> • <a href="#examples">Examples</a> • <a href="https://snuffleupagus.readthedocs.io/">Documentation</a> • <a href="https://github.com/jvoisin/snuffleupagus/blob/master/LICENSE">License</a> • <a href="#thanks">Thanks</a> </p> Snuffleupagus is a [PHP 7+ and 8+](https://secure.php.net/) module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing administrator to fix specific vulnerabilities and audit suspicious behaviours without having to touch the PHP code. ## Key Features * No [noticeable performance impact](https://dustri.org/b/snuffleupagus-030-dentalium-elephantinum.html) * Powerful yet simple to write virtual-patching rules * Killing several classes of vulnerabilities * [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution * [`mail`-based]( https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ ) code execution * Cookie-stealing [XSS]( https://en.wikipedia.org/wiki/Cross-site_scripting ) * File-upload based code execution * Weak PRNG * [XXE]( https://en.wikipedia.org/wiki/XML_external_entity_attack ) * Filter based remote code execution and assorted shenanigans * Several hardening features * Automatic `secure` and `samesite` flag for cookies * Bundled set of rules to detect post-compromissions behaviours * Global [strict mode]( https://secure.php.net/manual/en/migration70.new-features.php#migration70.new-features.scalar-type-declarations) and type-juggling prevention * Whitelisting of [stream wrappers](https://secure.php.net/manual/en/intro.stream.php) * Preventing writeable files execution * Whitelist/blacklist for `eval` * Enforcing TLS certificate validation when using [curl](https://secure.php.net/manual/en/book.curl.php) * Request dumping capability * A relatively sane code base: * A [comprehensive](https://coveralls.io/github/jvoisin/snuffleupagus?branch=master) test suite close to 100% coverage * Every commit is tested on [several distributions](https://gitlab.com/jvoisin/snuffleupagus/pipelines) * An `clang-format`-enforced code style * A [comprehensive documentation](https://snuffleupagus.rtfd.io) * Usage of [coverity](https://scan.coverity.com/projects/jvoisin-snuffleupagus), codeql, [scan-build](https://clang-analyzer.llvm.org/scan-build.html), … ## Download We've got a [download page](https://snuffleupagus.readthedocs.io/download.html), where you can find packages for your distribution, but you can of course just `git clone` this repo, or check the releases on [github](https://github.com/jvoisin/snuffleupagus/releases). ## Examples We're providing [various example rules](https://github.com/jvoisin/snuffleupagus/tree/master/config), that are looking like this: ```python # Harden the `chmod` function sp.disable_function.function("chmod").param("mode").value_r("^[0-9]{2}[67]$").drop(); # Mitigate command injection in `system` sp.disable_function.function("system").param("command").value_r("[$|;&`\\n]").drop(); ``` Upon violation of a rule, you should see lines like this in your logs: ```python [snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in /var/www/index.php:2, because the return value (0) of the function 'strpos' matched a rule. ``` ## Documentation We've got a [comprehensive website](https://snuffleupagus.readthedocs.io/) with all the documentation that you could possibly wish for. You can of course [build it yourself](https://github.com/jvoisin/snuffleupagus/tree/master/doc). ## Thanks Many thanks to: - The [Suhosin project](https://suhosin.org) for being a __huge__ source of inspiration - [NBS System](https://www.nbs-system.com) for initially sponsoring the development - [Suhosin-ng](https://github.com/sektioneins/suhosin-ng) for their [experimentations](https://github.com/sektioneins/suhosin-ng/wiki/News) and [contributions](https://github.com/jvoisin/snuffleupagus/commits?author=bef), as well as [NLNet](https://nlnet.nl/project/Suhosin-NG/) for sponsoring it - All [our contributors](https://github.com/jvoisin/snuffleupagus/graphs/contributors)
Save