Go Back   vb.org Archive > Community Discussions > Modification Requests/Questions (Unpaid)
  #1  
Old 12-16-2004, 03:51 AM
|Jordan|'s Avatar
|Jordan| |Jordan| is offline
 
Join Date: Nov 2004
Posts: 479
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default REQ: SQL Injection Prevention

I manage a large forum with over 3000 members.

Recently a member did an SQL Injection to a game in the arcade. I tried adding code which blocks Union, Clicke, and String based attacks but ended up messing the forum up because i didn't completely know what i was doing.

Can anyone make a modification that blocks these attacks?

I was using code from Raven's SQL Injection PHP Nuke Hack and Nuke Sentinel (Which has code based on Ravens stuff)

Snippets of code below:

PHP Code:
// Raven http://ravenphpscripts.com
$queryString strtolower($HTTP_SERVER_VARS['QUERY_STRING']);
if (
strstr($queryString,'%20union%20') OR strstr($queryString,'/*')) {
    
header("Location: hackattempt.php?$queryString");
    die();
}

// Check for UNION attack
// Copyright 2004(c) Raven PHP Scripts
$blocker_row abget_blocker("union");
if(
$blocker_row['activate'] > 0) {
  
$reason $blocker_row['blocker'];
  if (
stristr($querystring,'%20union%20') OR stristr($querystring,'*/union/*') OR stristr($querystringBase64,'%20union%20') OR stristr($querystringBase64,'*/union/*') OR stristr($querystringBase64,' union ')) {
    
block_ip($ip$banuser$bantime$blocker_row);
  }
}

// Check for CLIKE attack
// Copyright 2004(c) Raven PHP Scripts
$blocker_row abget_blocker("clike");
if(
$blocker_row['activate'] > 0) {
  
$reason $blocker_row['blocker'];
  if (
stristr($querystring,'/*') OR stristr($querystringBase64,'/*')) {
    
block_ip($ip$banuser$bantime$blocker_row);
  }
}

// Check for SCRIPTING attack
// Copyright 2004(c) ChatServ
$blocker_row abget_blocker("script");
if(
$blocker_row['activate'] > 0) {
  
$reason $blocker_row['blocker'];
  foreach (
$_GET as $secvalue) {
    
$secvalue strtolower($secvalue);
    
str_replace("%3c""<"$secvalue);
    
str_replace("%3e"">"$secvalue);
    if ((
eregi("<[^>]script*\"?[^>]*>"$secvalue)) || (eregi("<[^>]*object*\"?[^>]*>"$secvalue)) || (eregi("<[^>]*iframe*\"?[^>]*>"$secvalue)) || (eregi("<[^>]*applet*\"?[^>]*>"$secvalue)) || (eregi("<[^>]*meta*\"?[^>]*>"$secvalue)) || (eregi("<[^>]*style*\"?[^>]*>"$secvalue)) || (eregi("<[^>]*form*\"?[^>]*>"$secvalue)) || (eregi("\([^>]*\"?[^)]*\)"$secvalue)) || (eregi("\""$secvalue))) {
      
block_ip($ip$banuser$bantime$blocker_row);
    }
  }
  foreach (
$_POST as $secvalue) {
    
$secvalue strtolower($secvalue);
    
str_replace("%3c""<"$secvalue);
    
str_replace("%3e"">"$secvalue);
    if ((
eregi("<[^>]script*\"?[^>]*>"$secvalue)) || (eregi("<[^>]style*\"?[^>]*>"$secvalue))) {
      
block_ip($ip$banuser$bantime$blocker_row);
    }
  }
}

// DOS Attack Blocker
if($ab_config['prevent_dos'] == AND !stristr($_SERVER['SCRIPT_NAME'], "backend.php")) {
  if (
$_SERVER['HTTP_USER_AGENT'] == "" || $_SERVER['HTTP_USER_AGENT'] == "-" || !isset($_SERVER['HTTP_USER_AGENT'])) {
    die(
_AB_GETOUT);
  }

In Ravens hack a page was displayed and email sent to admin when a user tried to hack.
Attached Files
File Type: zip Ravens SQL Injection Preventer.zip (22.2 KB, 7 views)
File Type: php sentinel.php (43.6 KB, 5 views)
Reply With Quote
  #2  
Old 12-20-2004, 11:25 PM
|Jordan|'s Avatar
|Jordan| |Jordan| is offline
 
Join Date: Nov 2004
Posts: 479
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

*Bump*
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04283 seconds
  • Memory Usage 2,215KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (2)post_thanks_box
  • (2)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit_info
  • (2)postbit
  • (2)postbit_attachment
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete