[Release] Anti SQL Injeced

MorgaN

Active Member
Joined
Apr 23, 2008
Messages
714
Reaction score
101
Some codes

This anti sql injection no mine is the one I do not know how he thought
1.
Code:
//This prevents SQL Code injection / XSS Attacks.

function replace_meta_chars($string){
return @eregi_replace("([*])|([|])|([;]|([`])","",$string);
}

while(list($keyx,$valuex) = each($_REQUEST)){
if(eregi("([*])|([|])|([;])",$valuex)){
mail("[email protected]","Hack Alert","There's been a SQL Injection hacking attempt. $HTTP_REFERRER $REMOTE_ADDR","FROM:[email protected],BCC:[email protected]");
}
}

reset ($_REQUEST);
while(list($keyx,$valuex) = each($_REQUEST)){
${$keyx} = replace_meta_chars($valuex);
echo "$keyx $valuex
";
}
//end anti SQL XSS script.

Note: Initially i used the escapeshellcmd() function, but we discovered it was messing with our e-commerce site, as it nukes EVERY metacharacter, included some that are used in credit card transactions; so i had to develop a little function that only nukes what i tell it to. :)

#############################################

First of all we have is the page where the input that shows something menu
1.
Code:
form method=post action=test.php input type=text name=search  input type=submit value=ok  form

2nd file is called test.php, which contains the following script

Code:
function anti_injection( $search ) { $banlist = array ( insert, select, update, delete, distinct, having, truncate, replace, handler, like, as, or, procedure, limit, order by, group by, asc, desc ); if ( eregi ( [a-zA-Z0-9]+, $search ) ) { $user = trim ( str_replace ( $banlist, '', strtolower ( $search ) ) ); } else { $user = NULL; } $array = array ( 'search' = $search ); if ( in_array ( NULL, $array ) ) { die ( 'Hacking attempt. Go play someplace else, you script kiddie.' ); } else { return $_POST['search']; } } print anti_injection ( $_POST['search'] );

Credits: MorgaN
 
Last edited:

ludlud

Active Member
Joined
Jun 27, 2008
Messages
917
Reaction score
101
И вие не знаете за кво става дума нали ? Ако знаете някой който е написал 10/10 да ми каже ! ;)
 
  • Like
Reactions: Milanoob

RhysFox

New Member
Joined
Jun 30, 2008
Messages
918
Reaction score
299
Става дума, че защитава... Просто прочрти заглавието и си го преведи :sun:.
 
  • Like
Reactions: Milanoob