From 704b65a2facb1d48422f65188cf3cc4434ae2e8b Mon Sep 17 00:00:00 2001
From: niekt0 <niekt0@kyberia.cz>
Date: Tue, 25 Jan 2011 17:00:30 +0100
Subject: [PATCH] SQL ids

---
 wwwroot/inc/database.inc | 47 ++++++++++++++++++++++++++++------------
 1 file changed, 33 insertions(+), 14 deletions(-)

diff --git a/wwwroot/inc/database.inc b/wwwroot/inc/database.inc
index e20b5fa..6566ce9 100644
--- a/wwwroot/inc/database.inc
+++ b/wwwroot/inc/database.inc
@@ -63,25 +63,44 @@ function closeMysql() {
 
 function query($sql) {
 
-		$this->_linkId = false;
-		$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
-		$this->Master = true;
-
-		$this->_queryId = mysql_query($sql,$this->_linkId);
+	$this->_linkId = false;
+	$this->connect(DB_HOST,DB_USER,DB_PASS,DB_DATABASE);
+	$this->Master = true;
+
+	// Simple IDS, against automats
+	// When possible attack is detected, 
+	// query & session information is stored into log
+	// Looking for following string in SQL query:
+	// - "user()" (get cur. user)
+	// - "@@version" (get mysql version)
+	// - "AND 1=1" (blind sqli) (too many false positives?)
+	// - "information_schema" (for listing of tables, columns...)
+
+	// - "/*" (comment) (too many false positives?)
+	// - "--" (comment) (too many false positives?)
+
+	if (preg_match('/user\(\)/',$sql) || preg_match('/@@version/',$sql)
+	|| preg_match('/information_schema/',$sql)|| preg_match('/AND 1=1/',$sql)
+	) {
+		logger::log('SQL ALARM',$sql);
+		
+	}
 
-		if (isset($_SESSION['debugging'])) {
-			echo $sql;
-			global $timer_start;
-			echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
-		}
+	$this->_queryId = mysql_query($sql,$this->_linkId);
 
-		if ($this->_queryId == false) {
-	      		$this->exception("query failed ::$sql::");
-		}
+	if (isset($_SESSION['debugging'])) {
+		echo $sql;
+		global $timer_start;
+		echo "<BR>".SubStr((Time()+SubStr(MicroTime(),0,8)-$timer_start),0,7);
+	}
 
-		return new result($this->_queryId, $sql);
+	if ($this->_queryId == false) {
+      		$this->exception("query failed ::$sql::");
 	}
 
+	return new result($this->_queryId, $sql);
+}
+
 
 function executequery($sql) {
 	return($this->query($sql));
-- 
2.30.2