注入漏洞代码和分析
代码如下:
<?php function customerror($errno, $errstr, $errfile, $errline) { echo <b>error number:</b> [$errno],error on line $errline in $errfile<br />; die(); } set_error_handler(customerror,e_error); $getfilter='|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|< \\s*script\\b|\\bexec\\b|union.+?select|update.+?set|insert \\s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate) \\s+(table|database); $postfilter=\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/ \\*.+?\\*\\/|<\\s*script\\b|\\bexec \\b|union.+?select|update.+?set|insert\\s+into.+?values| (select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database); $cookiefilter=\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/ \\*.+?\\*\\/|<\\s*script\\b|\\bexec \\b|union.+?select|update.+?set|insert\\s+into.+?values| (select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database); function stopattack($strfiltkey,$strfiltvalue,$arrfiltreq) { if(is_array($strfiltvalue)) { $strfiltvalue=implode($strfiltvalue); } if (preg_match(/.$arrfiltreq./is,$strfiltvalue)==1&&!isset($_request['securitytoken'])) { slog(<br><br>操作ip: .$_server[remote_addr].<br>操作时间: .strftime(%y-%m-%d %h:%m:%s).<br>操作页面:.$_server[php_self].<br>提交方式: .$_server[request_method].<br>提交参数: .$strfiltkey.<br>提交数据: .$strfiltvalue); print result notice:illegal operation!; exit(); } } foreach($_get as $key=>$value) { stopattack($key,$value,$getfilter); } foreach($_post as $key=>$value) { stopattack($key,$value,$postfilter); } foreach($_cookie as $key=>$value) { stopattack($key,$value,$cookiefilter); } function slog($logs) { $toppath=log.htm; $ts=fopen($toppath,a+); fputs($ts,$logs.\r\n); fclose($ts); } ?> |
