X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;ds=sidebyside;f=wwwroot%2Finc%2Fdatabase.inc;h=8fcef4eda017d344ca0b7bba3f6e2f3337c6a3d9;hb=a1e1fcead4644a1142a593aac616098415822336;hp=e20b5fac2766133640550d4e8ebbf82baf0a92dd;hpb=a3be90c67dddac260c8267cf61ccd0a6b758cb35;p=mirrors%2FKyberia-bloodline.git
diff --git a/wwwroot/inc/database.inc b/wwwroot/inc/database.inc
index e20b5fa..8fcef4e 100644
--- a/wwwroot/inc/database.inc
+++ b/wwwroot/inc/database.inc
@@ -63,25 +63,44 @@ function closeMysql() {
function query($sql) {
- $this->_linkId = false;
- $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
- $this->Master = true;
-
- $this->_queryId = mysql_query($sql,$this->_linkId);
+ $this->_linkId = false;
+ $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
+ $this->Master = true;
+
+ // Simple IDS, against automats
+ // When possible attack is detected,
+ // query & session information is stored into log
+ // Looking for following string in SQL query:
+ // - "user()" (get cur. user)
+ // - "@@version" (get mysql version)
+ // - "AND 1=1" (blind sqli) (too many false positives?)
+ // - "information_schema" (for listing of tables, columns...)
+
+ // - "/*" (comment) (too many false positives?)
+ // - "--" (comment) (too many false positives?)
+
+ if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
+ || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
+ ) {
+ logger::log('SQL ALARM',$sql);
+
+ }
- if (isset($_SESSION['debugging'])) {
- echo $sql;
- global $timer_start;
- echo "
".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
- }
+ $this->_queryId = mysql_query($sql,$this->_linkId);
- if ($this->_queryId == false) {
- $this->exception("query failed ::$sql::");
- }
+ if ((isset($_SESSION['debugging']) && $_SESSION['debugging'])) {
+ echo $sql;
+ global $timer_start;
+ echo "
".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
+ }
- return new result($this->_queryId, $sql);
+ if ($this->_queryId == false) {
+ $this->exception("query failed ::$sql::");
}
+ return new result($this->_queryId, $sql);
+}
+
function executequery($sql) {
return($this->query($sql));