lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update the test_sql_and_script_inject function to block web-shell drops

Browse Source 
block web-whell SQL injections by blocking INTO {outfile | dumpfile} sequences
This commit is contained in:
Jean-François VIAL 2014-05-05 23:46:21 +02:00
parent af9d2d7545
commit 60fd9cf463
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
htdocs/main.inc.php
View File

@ -80,13 +80,15 @@ function test_sql_and_script_inject($val, $type)
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2)
{
$sql_inj += preg_match('/delete[\s]+from/i', $val);
$sql_inj += preg_match('/create[\s]+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert[\s]+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val);
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
$sql_inj += preg_match('/delete\s+from/i' , $val);
$sql_inj += preg_match('/create\s+table/i' , $val);
$sql_inj += preg_match('/update.+set.+=/i' , $val);
$sql_inj += preg_match('/insert\s+into/i' , $val);
$sql_inj += preg_match('/select.+from/i' , $val);
$sql_inj += preg_match('/union.+select/i' , $val);
$sql_inj += preg_match('/into\s+outfile/i' , $val);
$sql_inj += preg_match('/into\s+dumpfile/i' , $val);
$sql_inj += preg_match('/(\.\.%2f)+/i' , $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript: