Darkness
Постоялец
- Регистрация
- 21 Янв 2013
- Сообщения
- 146
- Реакции
- 76
- Автор темы
- #1
Нигде не нашел готового решения, решил написать сам, писал под PHP 5.3
Предлагаю обсудить код.
Предлагаю обсудить код.
PHP:
<?php
if(gc_enabled() !== true) {
gc_enable();
}
function attackerexit() {
header("X-Attacker: Access denied");
echo "Attacker: Access denied";
flush();
exit();
}
$querychrfilter = Array("\0", "%00", chr(0), "1--", "1++", "1=0", "1=1", "0=1", "0=0", "/*", "*/", "0x", "!=", "UNION", "NULL", "FROM", "WHERE", "LIMIT", "HAVING", "ORDER BY", "NOT");
$querysqlfilter = Array("AND", "OR", "NOT");
$queryfilter = "/information_schema|SELECT\b|SELECT\(\)|COUNT\b|COUNT\(\)|AND\b|OR\b|database\(\)|group_concat\(\)|substring\(\)|mid\(\)|instr\(\)|show_source\(\)|system\(\)|exec\(\)|shell_exec\(\)|passthru\(\)|popen\(\)|proc_open\(\)|curl_exec\(\)|curl_multi_exec\(\)|fsockopen\(\)|pfsockopen\(\)|pcntl_exec\(\)|chmod\(\)|chown\(\)|chgrp\(\)|unlink\(\)|ftruncate\(\)|touch\(\)|realpath\(\)|rename\(\)|rmdir\(\)|symlink\(\)/i";
$queryfilterbool = Array(false, false, 0);
foreach($querychrfilter as $cquerychrfilter) {
$queryfilterbool[0] = stripos($_SERVER['QUERY_STRING'], $cquerychrfilter);
if ($queryfilterbool[0] !== false) {
break;
}
}
foreach($querysqlfilter as $cquerysqlfilter) {
$queryfilterbool[1] = strpos($_SERVER['QUERY_STRING'], $cquerysqlfilter);
if ($queryfilterbool[1] !== false) {
break;
}
}
$queryfilterbool[2] = preg_match($queryfilter, $_SERVER['QUERY_STRING']);
if ($queryfilterbool[0] !== false || $queryfilterbool[1] !== false || $queryfilterbool[2] !== 0) {
attackerexit();
}
unset($querychrfilter, $querysqlfilter, $queryfilter, $queryfilterbool);
?>