+ Reply to Thread
Results 1 to 1 of 1
Like Tree1Likes
  • 1 Post By chilelabz86

Thread: class anti sql injections

  1. 06-19-2011 10:43 AM #1
    chilelabz86
    chilelabz86 is offline     x10Hosting Member chilelabz86 is an unknown quantity at this point
    Join Date
    May 2011
    Posts
    13

    class anti sql injections

    Hola espero que les sirva muchos cms usan este sistema ahora lo vamos a decir como


    primero cree un documento con el nombre

    sql_injection.class.php


    dentro de el escriba
    Code:
    <?php
/**
*
* @ Copyright: Copyright (C) DSYSTEM.ORG 
* @ Package: CMS/DST
* @ License: http://www.gnu.org/copyleft/gpl.html GNU/GPL
* 
*
*/

/****************************************************************
*****************************************************************

this class try to detect KNOWN form of SQL inject

Copyright (C) 2003  Matthieu MARY marym@ifrance.com.invalid
(remove the .invalid to write me)

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

You can found more information about GPL licence at:
http://www.gnu.org/licenses/gpl.html

for contact me: marym@ifrance.com.invalid (remove the .invalid to write me)
****************************************************************
****************************************************************/

class sql_inject
{
    /**
   * @shortdesc url to redirect if an sql inject attempt is detect. if unset, value is FALSE
   * @private
   * @type mixed
   */
    var $urlRedirect;
    /**
   * @shortdesc does the session must be destroy if an attempt is detect
   * @private
   * @type bool
   */
    var $bdestroy_session;
    /**
   * @shortdesc the SQL data currently test
   * @private
   * @type string
   */
    var $rq;
    /**
   * @shortdesc if not FALSE, the url to the log file
   * @private
   * @type mixed
   */
    var $bLog;

    /**
   * Builder
   *
   * @param bool bdestroy_session optional. does the session must be destroy if an attempt is detect?
   * @param string urlRedirect optional. url to redirect if an sql inject attempt is detect
       * @public
   * @type void
     */
    function sql_inject($mLog=FALSE,$bdestroy_session=FALSE,$urlRedirect=FALSE)
    {
        $this->bLog = (($mLog!=FALSE)?$mLog:'');
        $this->urlRedirect = ($urlRedirect);
        $this->bdestroy_session = $bdestroy_session;
        $this->rq = '';
    }

    /**
   * @shortdesc test if there is a sql inject attempt detect
   * test if there is a sql inject attempt detect
   *
   * @param string sRQ required. SQL Data to test
     * @public
   * @type bool
     */
    function test($sRQ)
    {
        $this->rq = $sRQ;
        $sRQ = strtolower(urldecode($sRQ)); // URL Decode
        $sRQ = str_replace( chr(0) , '' , $sRQ ) ;  // replace NullByte
        $aValues = array();
        $aTemp = array(); // temp array
        $aWords = array(); //
        $aSep = array(' and ',' or '); // separators for detect the
        $sConditions = '(';
        $matches = array();
        $sSep = '';
        
        $sql_inject_patterns = array(
        '--',
        '\/\*',
        '\*\/',
        '\'',
        '"',
        '(union([\s\+\(\n\r\t]+)(select|all))',
        '[\s\+\n\r\t\(]+select[\s\+\n\r\t\)\'"`]+',
        '[\s\+\n\r\t\)`]+where[\s\+\n\r\t\(`]*',
        '[\s\+\n\r\t\)\'"`]+(from|regexp|rlike|delete|update|insert|truncate|drop|create|rename)[\s\+\n\r\t\(`]+',
        'exec',
        'cmd',
        'xp_',
        'information_schema\.',
        '[\s\+\n\r\t\)\'"`]*(or|and)[\s\+\n\r\t\(\'"]+(.*?)[\s\+\n\r\t\'"]*[=<>]+[\s\+\n\r\t\'"]*(.*?)',
        '(concat|load_file|mid|like|ord|ascii|lower|lcase|find_in_set|substring|benchmark|md5)[\s\+\n\r\t]*\('
        );

        // is there an attempt to unused part of the rq?
        if (is_int((strpos($sRQ,"#")))&&$this->_in_post('#')) return $this->detect();

        ## Dogman Begin
//        if (ereg("union select",$sRQ) || ereg("union all",$sRQ))   return $this->detect();
        //if (stristr($sRQ,'/*') || stristr($sRQ,'*/')) return $this->detect();
        //if (stristr($sRQ,'%20union') || stristr($sRQ,'union%20'))   return $this->detect();
        //if (stristr($sRQ,'/union') || stristr($sRQ,'union/'))   return $this->detect();
        //if (ereg("exec",$sRQ) || ereg("cmd",$sRQ))   return $this->detect();
        //if (ereg("concat",$sRQ)) return $this->detect();
        ## etwas unglücklich mit den "--" , das geht vielleicht noch besser...

        ## I'm not happy with this "--"; could be improved....
        //if (ereg("--",$sRQ) || ereg("xp_",$sRQ))   return $this->detect();
        ## Dogman end
        
        if (preg_match('/' . implode('|', $sql_inject_patterns) . '/is', $sRQ, $regs)) return $this->detect();

        // is there a attempt to do a 2nd SQL requete ?
        ## Tja, leider kommt in einem Text auch schon mal mehr als
        ## nur ein Semikolon vor...
        ## Hier muss also noch nachgebessert werden...

        ## There can be more than just one semicolon...

        if (is_int(strpos($sRQ,';'))){
            $aTemp = explode(';',$sRQ);
            if ($this->_in_post($aTemp[1])) return $this->detect();
        }


        //$aTemp = explode(" where ",$sRQ);
        $aTemp = preg_split('/[\s\+\)]+where[\s\+\(]*/i', $sRQ, -1, PREG_SPLIT_NO_EMPTY);
        if (count($aTemp)==1) return FALSE;
        $sConditions = $aTemp[1];
        $aWords = explode(" ",$sConditions);
        if(strcasecmp($aWords[0],'select')!=0) $aSep[] = ',';
        $sSep = '('.implode('|',$aSep).')';
        $aValues = preg_split($sSep,$sConditions,-1, PREG_SPLIT_NO_EMPTY);

        // test the always true expressions
        foreach($aValues as $i => $v)
        {
            // SQL injection like 1=1 or a=a or 'za'='za'
            if (is_int(strpos($v,'=')))
            {
                 $aTemp = explode('=',$v);
                 if (trim($aTemp[0])==trim($aTemp[1])) return $this->detect();
            }

            //SQL injection like 1<>2
            if (is_int(strpos($v,'<>')))
            {
                $aTemp = explode('<>',$v);
                if ((trim($aTemp[0])!=trim($aTemp[1]))&& ($this->_in_post('<>'))) return $this->detect();
            }
        }

        if (strpos($sConditions,' null'))
        {
            if (preg_match("/null +is +null/",$sConditions)) return $this->detect();
            if (preg_match("/is +not +null/",$sConditions,$matches))
            {
                foreach($matches as $i => $v)
                {
                    if ($this->_in_post($v))return $this->detect();
                }
            }
        }

        if (preg_match("/[a-z0-9]+ +between +[a-z0-9]+ +and +[a-z0-9]+/",$sConditions,$matches))
        {
            $Temp = explode(' between ',$matches[0]);
            $Evaluate = $Temp[0];
            $Temp = explode(' and ',$Temp[1]);
            if ((strcasecmp($Evaluate,$Temp[0])>0) && (strcasecmp($Evaluate,$Temp[1])<0) && $this->_in_post($matches[0])) return $this->detect();
        }
        return FALSE;
    }

    function _in_post($value)
    {
        foreach($_POST as $i => $v)
        {
             if (is_int(strpos(strtolower($v),$value))) return TRUE;
        }
        return FALSE;
    }

    function detect()
    {
        // log the attempt to sql inject?
        if ($this->bLog)
        {
            $fp = @fopen($this->bLog,'a+');
            if ($fp)
            {
                fputs($fp,"\r\n".date("d-m-Y H:i:s").' ['.$this->rq.'] from: '.$this->sIp = getenv("REMOTE_ADDR").'; ServerName: '.$this->servAd = getenv("SERVER_NAME"));
                fclose($fp);
                
            }
        }
        // destroy session?
        if ($this->bdestroy_session) session_destroy();
        // redirect?
        if ($this->urlRedirect!=''){
             if (!headers_sent())  header("location: $this->urlRedirect");
        }
        return TRUE;
    }
}
?>
    Luego cree un documento
    sql.log y lo guarda en una carpeta llamada log

    listo en su index escriba

    Code:
    require_once('sql_inject.class.php');
if ($_SERVER["QUERY_STRING"] != "")
{
  $log = '/log/sql.log' ;
  $redirect = "sqlantihack.php" ;
  $sql = new sql_inject($log,TRUE,$redirect);
  $sql->test($_SERVER["QUERY_STRING"]);
}
    y para terminar
    creee un archivo llamado
    sqlantihack.php dentro de el escriba algo que sea interesante, recuerde este archivo sera para los atacantes.
    Last edited by chilelabz86; 06-19-2011 at 10:44 AM.
    ccr.botany20 likes this.
    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Similar Threads

  1. CLASS or ID?
    By cursedpsp in forum Programming Help
    Replies: 5
    Last Post: 06-06-2008, 06:37 AM
  2. id vs class
    By trebor in forum Scripts & 3rd Party Apps
    Replies: 1
    Last Post: 11-10-2007, 12:37 PM
  3. Anti leech - Help me
    By wormhole in forum Scripts & 3rd Party Apps
    Replies: 11
    Last Post: 11-09-2007, 09:45 AM
  4. Div Class / Div ID ??
    By mikel2k3 in forum Scripts & 3rd Party Apps
    Replies: 3
    Last Post: 10-14-2007, 10:30 AM
  5. Preventing SQL Injections with PHP
    By Woolie in forum Tutorials
    Replies: 4
    Last Post: 01-29-2007, 10:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

x10hosting free hosting for the masses
dedicated servers