Skip to content
Snippets Groups Projects
Commit 60fd9cf4 authored by Jean-François VIAL's avatar Jean-François VIAL
Browse files

Update the test_sql_and_script_inject function to block web-shell drops 

block web-whell SQL injections by blocking INTO {outfile | dumpfile} sequences
parent af9d2d75
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 9 additions and 7 deletions
htdocs/main.inc.php
+ 9
7
View file @ 60fd9cf4
...@@ -80,12 +80,14 @@ function test_sql_and_script_inject($val, $type) ...@@ -80,12 +80,14 @@ function test_sql_and_script_inject($val, $type)
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests) // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2) if ($type != 2)
{ {
$sql_inj += preg_match('/delete[\s]+from/i', $val); $sql_inj += preg_match('/delete\s+from/i' , $val);
$sql_inj += preg_match('/create[\s]+table/i', $val); $sql_inj += preg_match('/create\s+table/i' , $val);
$sql_inj += preg_match('/update.+set.+=/i' , $val); $sql_inj += preg_match('/update.+set.+=/i' , $val);
$sql_inj += preg_match('/insert[\s]+into/i', $val); $sql_inj += preg_match('/insert\s+into/i' , $val);
$sql_inj += preg_match('/select.+from/i' , $val); $sql_inj += preg_match('/select.+from/i' , $val);
$sql_inj += preg_match('/union.+select/i' , $val); $sql_inj += preg_match('/union.+select/i' , $val);
$sql_inj += preg_match('/into\s+outfile/i' , $val);
$sql_inj += preg_match('/into\s+dumpfile/i' , $val);
$sql_inj += preg_match('/(\.\.%2f)+/i' , $val); $sql_inj += preg_match('/(\.\.%2f)+/i' , $val);
} }
// For XSS Injection done by adding javascript with script // For XSS Injection done by adding javascript with script
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment