Scuzati pentru lipsa semnalului ON a serverului ! Acesta Va REveni in curand in forta sper ca o sa ramaneti cu NOI !!!
 
AcasaPortalFAQCautareMembriGrupuriInregistrareConectare

Distribuiți | 
 

 Script

In jos 
AutorMesaj
mas
Vizitator



MesajSubiect: Script   Mier Aug 13, 2008 6:40 pm

New Script Anti SQL Injection:
Functioneaza 100% !!

In primul rand avem pagina unde este input-ul care arata ceva de genu

Cod:
form method=post action=test.php input type=text name=search  input type=submit value=ok  form


Al 2-lea fisier se numeste test.php care contine urmatorul script

Cod:
function anti_injection( $search ) { $banlist = array ( insert, select, update, delete, distinct, having, truncate, replace, handler, like, as, or, procedure, limit, order by, group by, asc, desc ); if ( eregi ( [a-zA-Z0-9]+, $search ) ) { $user = trim ( str_replace ( $banlist, '', strtolower ( $search ) ) ); } else { $user = NULL; } $array = array ( 'search' = $search ); if ( in_array ( NULL, $array ) ) { die ( 'Hacking attempt. Go play someplace else, you script kiddie.' ); } else { return $_POST['search']; } } print anti_injection ( $_POST['search'] );
Sus In jos
mass
Vizitator



MesajSubiect: Re: Script   Mier Aug 13, 2008 7:49 pm

//This prevents SQL Code injection / XSS Attacks.

function replace_meta_chars($string){
return @eregi_replace("([*])|([|])|([;]|([`])","",$string);
}

while(list($keyx,$valuex) = each($_REQUEST)){
if(eregi("([*])|([|])|([;])",$valuex)){
mail("camilo@cancun.com","Hack Alert","There's been a SQL Injection hacking attempt. $HTTP_REFERRER $REMOTE_ADDR","FROM:core@cancun.com,BCC:bernhardx@cancun.com");
}
}

reset ($_REQUEST);
while(list($keyx,$valuex) = each($_REQUEST)){
${$keyx} = replace_meta_chars($valuex);
echo "$keyx $valuex
";
}
//end anti SQL XSS script.

Note: Initially i used the escapeshellcmd() function, but we discovered it was messing with our e-commerce site, as it nukes EVERY metacharacter, included some that are used in credit card transactions; so i had to develop a little function that only nukes what i tell it to. Smile
Sus In jos
 
Script
Sus 
Pagina 1 din 1
 Subiecte similare
-
» HostName: SiGhet: The GF Server [0.3x] Address: 93.119.30.81:7777 Players: 10 / 50 Ping: 3 Mode: Unique Script v.2.1 Map: San Andreas

Permisiunile acestui forum:Nu puteti raspunde la subiectele acestui forum
CREDITELE PENTRU TUTORIALE SE ACORDA WWW.EXTREMCS.COM :: ReGiSteR DpT ForuM :: Daca vrei sa vezi celelalte categorii dai register-
Mergi direct la: