Php Effective Anti Injection Script -> No symbol block
I've been seeing all kinds of stuff about this topic.. Everyone gets his site hijacked in a way.. So here is a script that should put an end to this.
This script is 100% effective, does not block/replace any symbols (including the "'"). The scripts is a part of my web's security but i decided to share it.
Just put in the file that connects to the mssql server or ODBC data source.
PHP Code:
// Begin
/*
The muonline xweb base injection filter script
Mssql Injection Filter, Includes arrays
-----------------------------------------------------------------
Changelog: mu.vachev.net?mod=xweb
*/
function xw_sanitycheck($str){
if(strpos(str_replace("''",""," $str"),"'")!=false)
return str_replace("'", "''", $str);
else
return $str;
}
function secure($str){
// Case of an array
if (is_array($str)) {
foreach($str AS $id => $value) {
$str[$id] = secure($value);
}
}
else
$str = xw_sanitycheck($str);
return $str;
}
// Get Filter
$xweb_AI = array_keys($_GET);
$i=0;
while($i<count($xweb_AI)) {
$_GET[$xweb_AI[$i]]=secure($_GET[$xweb_AI[$i]]);
$i++;
}
unset($xweb_AI);
// Request Filter
$xweb_AI = array_keys($_REQUEST);
$i=0;
while($i<count($xweb_AI)) {
$_REQUEST[$xweb_AI[$i]]=secure($_REQUEST[$xweb_AI[$i]]);
$i++;
}
unset($xweb_AI);
// Post Filter
$xweb_AI = array_keys($_POST);
$i=0;
while($i<count($xweb_AI)) {
$_POST[$xweb_AI[$i]]=secure($_POST[$xweb_AI[$i]]);
$i++;
}
// Cookie Filter (do we have a login system?)
$xweb_AI = array_keys($_COOKIE);
$i=0;
while($i<count($xweb_AI)) {
$_COOKIE[$xweb_AI[$i]]=secure($_COOKIE[$xweb_AI[$i]]);
$i++;
}
// End
The script executed in less than 0.01 seconds.
Compatible with: PHP 4.x.x/5.x.x+
Credits: Savoy
Re: [Release]Php Effective Anti Injection Script -> No symbol block
good release, next time add a [release] tag
Re: [Release]Php Effective Anti Injection Script -> No symbol block
Quote:
Originally Posted by
Xurbus
good release, next time add a [release] tag
Totally forgot about that.. will have that in mind next time
Re: [Release]Php Effective Anti Injection Script -> No symbol block
Re: [Release] Php Effective Anti Injection Script -> No symbol block
xtremely nice :X :D thank you savoy!
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Re: [Release] Php Effective Anti Injection Script -> No symbol block
I dont understand were i put pls help me were I put this pllssssss
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Very nice and useful, keep up the good work! ^^
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Hello ppl , can you help me !!!
Re: [Release] Php Effective Anti Injection Script -> No symbol block
pfff help pls i dont understand were i put this cods !
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Quote:
Originally Posted by
CnC-Master
pfff help pls i dont understand were i put this cods !
OMG! READ!
Quote:
Originally Posted by
themad
Just put in the file that connects to the mssql server or ODBC data source.
And thanks a million for this script :))
This is really usefull :))
Re: [Release] Php Effective Anti Injection Script -> No symbol block
this can be used in any kind of script?
btw gj
Re: [Release] Php Effective Anti Injection Script -> No symbol block
Quote:
Originally Posted by
foxfirediego
this can be used in any kind of script?
Positive ..
