From: niekt0 Date: Tue, 25 Jan 2011 16:00:30 +0000 (+0100) Subject: SQL ids X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=704b65a2facb1d48422f65188cf3cc4434ae2e8b;p=mirrors%2FKyberia-bloodline.git SQL ids --- diff --git a/wwwroot/inc/database.inc b/wwwroot/inc/database.inc index e20b5fa..6566ce9 100644 --- a/wwwroot/inc/database.inc +++ b/wwwroot/inc/database.inc @@ -63,25 +63,44 @@ function closeMysql() { function query($sql) { - $this->_linkId = false; - $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE); - $this->Master = true; - - $this->_queryId = mysql_query($sql,$this->_linkId); + $this->_linkId = false; + $this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE); + $this->Master = true; + + // Simple IDS, against automats + // When possible attack is detected, + // query & session information is stored into log + // Looking for following string in SQL query: + // - "user()" (get cur. user) + // - "@@version" (get mysql version) + // - "AND 1=1" (blind sqli) (too many false positives?) + // - "information_schema" (for listing of tables, columns...) + + // - "/*" (comment) (too many false positives?) + // - "--" (comment) (too many false positives?) + + if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql) + || preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql) + ) { + logger::log('SQL ALARM',$sql); + + } - if (isset($_SESSION['debugging'])) { - echo $sql; - global $timer_start; - echo "
".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); - } + $this->_queryId = mysql_query($sql,$this->_linkId); - if ($this->_queryId == false) { - $this->exception("query failed ::$sql::"); - } + if (isset($_SESSION['debugging'])) { + echo $sql; + global $timer_start; + echo "
".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7); + } - return new result($this->_queryId, $sql); + if ($this->_queryId == false) { + $this->exception("query failed ::$sql::"); } + return new result($this->_queryId, $sql); +} + function executequery($sql) { return($this->query($sql));