痛苦的信仰
可以结合这个文章看一下:/Article/201102/83165.html
最近做毕业论文,是关于注入漏洞的攻击方法的。一个以前帮朋友弄得PHP防注入,觉得搞防御还是很习惯,当个素材记录下。
<?php
Class StopInject
{
/*
Title: Stop Injection for Injection
Author: ylbhz
Contact: ylbhz@hotmail.com
Example:
$obj = new StopInject();
$obj->SetMessage("Stop Injection!!!");
$obj->Start();
*/
var $array_info = array();
var $fiter = array("","select","update",";","(",")","insert","exec");
var $warning = "";
Function StopInject()
{
$array_temp = array($_SERVER[HTTP_X_FORWARDED_FOR],$_SERVER[HTTP_REFERER]);
$this->array_info = array_merge($_REQUEST,$array_temp);
}
Function SetMessage($msg)
{
$this->warning = $msg;
}
Function ShowMessage()
{
if($this->warning != "")
{
$msg = "<script>alert("";
$msg .= $this->warning;
$msg .= "");</script>";
echo $msg;
}
exit(0);
}
Function Check($str_in)
{
foreach($this->fiter as $key => $value)
{
if(stripos($str_in, $value) != "") return true; //发现危险字符
}
return false;
}
Function Start()
{
foreach($this->array_info as $key => $value)
{
if($this->Check($value)) $this->ShowMessage();
}
}
}
$obj = new StopInject();
$obj->SetMessage("Stop!!!");
$obj->Start();
?>