Common SQL attack regular expression rollup in PHP, SQL regular Expression _php tutorial

Source: Internet
Author: User
Tags php error php regular expression

Summary of regular expressions of SQL attacks common in PHP, SQL regular expressions


The examples in this article describe common SQL attack regular expressions in PHP. Share to everyone for your reference. The specific analysis is as follows:

As we all know, in MySQL 5+, all the library names, indicating and field name information are stored in the INFORMATION_SCHEMA library. The attack mode is as follows:

1. Determine if the first character of the first table name is a character in a-Z, where Blind_sqli is the assumed known library name.
Note: ^[a-z in regular expressions] means that the start character in the string is within a-Z range

Copy the Code code as follows: Index.php?id=1 and 1= (select 1 from information_schema.tables WHERE table_schema= "Blind_sqli" and table_name REGEXP ' ^[a-z] ' LIMIT 0,1)/*

2. Determine if the first character is a character in A-n

Copy the Code code as follows: Index.php?id=1 and 1= (select 1 from information_schema.tables WHERE table_schema= "Blind_sqli" and table_name REGEXP ' ^[a-n] ' LIMIT 0,1)/*

3. Determine that the character is n

Copy the Code code as follows: Index.php?id=1 and 1= (select 1 from information_schema.tables WHERE table_schema= "Blind_sqli" and table_name REGEXP ' ^n ' LIMIT 0,1)/*

4. The replacement of the expression is as follows

Copy the code as follows: expression like this: ' ^n[a-z ', ' ^ne[a-z ', ' ^new[a-z ', ' ^news[a-z] ', FALSE
At this point the table name is news, to verify that the regular expression is ' ^news$ ', but it is not necessary to directly judge table_name = ' news ' is OK.

5. Next, guess the rest of the table. You only need to modify limit 2,1 to blind the next table.

For example:
Copy the code as follows: $Exec _commond = "(\s|\s) * (Exec (\s|\+) + (s|x) p\w+) (\s|\s) *";
$Simple _XSS = "(\s|\s) * ((%3C) |<) ((%2f) |/) *[a-z0-9%]+ ((%3e) |>) (\s|\s) *";
$Eval _XSS = "(\s|\s) * ((%65) |e) (\s) * ((%76) |v) (\s) * ((%61) |a) (\s) * ((%6C) |l) (\s|\s) *";
$Image _XSS = "(\s|\s) * ((%3C) |<) ((%69) |i| i| (%49)) ((%6d) |m| m| (%4D)) ((%67) |g| G| (%47)) [^\n]+ ((%3e) |>) (\s|\s) * ";
$Script _XSS = "(\s|\s) * ((%73) |s) (\s) * ((%63) |c) (\s) * ((%72) |r) (\s) * ((%69) |i) (\s) * ((%70) |p) (\s) * (%74) |t) (\s|\s) *";
$SQL _injection = "(\s|\s) * ((%27) | (') | (%3d) | (=)| (/)| (%2f) | (")| ((%22) | (-|%2d) {2}) | (%23) | (%3b) | (;)) + (\s|\s) * ";

SQL Attack Code:
Copy CodeThe code is as follows: <?php
function Customerror ($errno, $errstr, $errfile, $errline)
{
echo "Error Number:[$errno],error on line $errline in $errfile
";
Die ();
}
Set_error_handler ("Customerror", e_error);
$getfilter = "' | (And|or) \b.+? (>|<|=|in|like) |\/\*.+?\*\/|<\s*script\b|\bexec\b| Union.+? Select| Update.+? Set| Insert\s+into.+? values| (select| DELETE). +? From| (create| alter| drop| TRUNCATE) \s+ (table| DATABASE) ";
$postfilter = "\b (and|or) \b.{1,6}?" (=|>|<|\bin\b|\blike\b) |\/\*.+?\*\/|<\s*script\b|\bexec\b| Union.+? Select| Update.+? Set| Insert\s+into.+? values| (select| DELETE). +? From| (create| alter| drop| TRUNCATE) \s+ (table| DATABASE) ";
$cookiefilter = "\b (and|or) \b.{1,6}?" (=|>|<|\bin\b|\blike\b) |\/\*.+?\*\/|<\s*script\b|\bexec\b| Union.+? Select| Update.+? Set| Insert\s+into.+? values| (select| DELETE). +? From| (create| alter| drop| TRUNCATE) \s+ (table| DATABASE) ";
function Stopattack ($StrFiltKey, $StrFiltValue, $ArrFiltReq)
{
if (Is_array ($StrFiltValue))
{
$StrFiltValue =implode ($StrFiltValue);
}
if (Preg_match ("/". $ArrFiltReq. " /is ", $StrFiltValue) ==1&&!isset ($_request[' SecurityToken '))
{
Slog ("

Operation IP: ". $_server[" REMOTE_ADDR "]."
Operating time: ". Strftime ("%y-%m-%d%h:%m:%s ")."
Action page: ". $_server[" Php_self "]."
Submission method: ". $_server[" Request_method "]."
Submit parameter: ". $StrFiltKey."
Submit data: ". $StrFiltValue);
Print "Result Notice:illegal operation!";
Exit ();
}
}
foreach ($_get as $key = $value)
{
Stopattack ($key, $value, $getfilter);
}
foreach ($_post as $key = $value)
{
Stopattack ($key, $value, $postfilter);
}
foreach ($_cookie as $key = $value)
{
Stopattack ($key, $value, $cookiefilter);
}

function Slog ($logs)
{
$toppath = "log.htm";
$Ts =fopen ($toppath, "A +");
Fputs ($Ts, $logs. " RN ");
Fclose ($Ts);
}
?>
SQL Analysis:

If you use this function, this function will bypass PHP's standard error handling, so that you define the error handler (Die ()).
Second, if the code is executed before the error, the user-defined program has not been executed, so the user will not use their own write error handling program.

Well, PHP has a set of error handling mechanisms, you can use Set_error_handler () to take over PHP error handling, or you can use the Trigger_error () function to actively throw an error.

The Set_error_handler () function sets the user-defined error-handling function. The function is used to create the user's own error-handling method during the run. It needs to first create an error handler and then set the error level.
About the usage:
Copy the Code code as follows: function Customerror ($errno, $errstr, $errfile, $errline)
{
echo " error code: [${errno}] ${errstr}\r\n";
echo "The line of code where the error is: {$errline} file {$errfile}\r\n";
echo "PHP version", Php_version, "(", Php_os, ") \ r \ n";
Die ();
}
Set_error_handler ("Customerror", e_all| E_STRICT);

Summarize

When PHP encounters an error, it gives the location of the error script, the number of rows, and the reason, and many people say it's not a big deal. But the consequences of revealing the actual path are disastrous, and for some intruders, this information is very important, and in fact there are a lot of servers that are having this problem. Some network management simply set the PHP configuration file display_errors to Off to solve, but I think this method is too negative. Sometimes, we really need PHP to return the wrong information for debugging. And in the case of errors may also need to give the user a confession, or even navigate to another page. But with Set_error_handler (), these contradictions can be solved. But this function is seldom found.

I hope this article is helpful to everyone's PHP programming.


PHP Regular Expression parsing sql

$sql = '
CREATE TABLE IF not EXISTS uploadtype (
ID Int (one) not NULL auto_increment,
Title varchar (DEFAULT ' 0 '),
Sydefault char (1) DEFAULT ' 0 ',
PRIMARY KEY (ID)
) Engine=myisam
';
Preg_match (' #CREATE table.*\ (. *\) Engine=myisam#isu ', $sql, $typefile);
Var_dump ($typefile);

Common symbols for SQL regular expressions

SQL classification:
ddl-Data Definition language (create,alter,drop,declare)
dml-Data Manipulation Language (Select,delete,update,insert)
dcl-Data Control Language (Grant,revoke,commit,rollback)

First, a brief introduction to the underlying statement:
1. Description: Create Database
CREATE DATABASE Database-name
2. Description: Delete Database
Drop Database dbname
3. Description: Back up SQL Server
---to create a device that backs up data
Use master
EXEC sp_addumpdevice ' disk ', ' testback ', ' C:\mssql7backup\MyNwind_1.dat '
---start Backup
BACKUP DATABASE pubs to Testback
4. Description: Create a new table
CREATE TABLE TabName (col1 type1 [NOT NULL] [primary key],col2 type2 [NOT NULL],..)
To create a new table from an existing table:
A:create table tab_new like Tab_old (create new table with old table)
B:create table tab_new as Select Col1,col2 ... from tab_old definition only
5. Description: Delete new table drop table TabName
6. Description: Add a column
Alter table tabname Add column col type
Note: Columns cannot be deleted after they are added. DB2 the column plus the data type can not be changed, the only change is to increase the length of the varchar type.
7. Description: Add primary key: Alter table TabName Add primary key (COL)
Description: Delete primary key: Alter table tabname drop primary key (COL)
8. Description: Create INDEX: [unique] index idxname on tabname (col ...)
Drop INDEX: Idxname
Note: The index is immutable and you must remove the rebuild if you want to change it.
9. Description: Creating view: Create VIEW viewname AS SELECT statement
Delete view: Drop View ViewName
10, Description: A few simple basic SQL statements
Select: SELECT * FROM table1 where range
Insert: INSERT INTO table1 (field1,field2) VALUES (value1,value2)
Delete: Delete from table1 where range
Updated: Update table1 set field1=value1 where range
Find: SELECT * FROM table1 where field1 like '%value1% '---the syntax of like is very subtle, check the information!
Sort: SELECT * FROM table1 ORDER by FIELD1,FIELD2 [DESC]
Total: Select COUNT (*) as TotalCount from table1
Sum: Select SUM (field1) as Sumvalue from table1
Average: Select AVG (field1) as Avgvalue from table1
Biggest...... Remaining full text >>

http://www.bkjia.com/PHPjc/907279.html www.bkjia.com true http://www.bkjia.com/PHPjc/907279.html techarticle Summary of regular expressions of SQL attacks common in PHP, SQL regular Expressions This article describes common SQL attack regular expressions in PHP. Share to everyone for your reference. The specific analysis is as follows: ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.