Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

0

Over Secure?

Started by The Creator, Aug 18 2009 08:45 AM

You cannot reply to this topic
Go to first unread post

2 replies to this topic

#1 The Creator

Young Padawan

Members
115 posts

Gender:Male
Location:England
Interests:Computers, Music, Technology, Sport

Posted 18 August 2009 - 08:45 AM

Hi, it's been a while... Maybe even a year O__o but I'm back and in need of a bit of help.

My friend asked me to fix some script a programmer did for him, and one of the things that needed fixing was the sql_injection class which stops people doing sql_injection on a form.

In my opinion it's over secure, but anyway there problem is that it doesn't allow any special characters, anyone fancy helping me to let it allow special characters but also be secure?

Here is the function that tests for sql injections... tell me what you think...

function test($sRQ)
	{
		$sRQ = strtolower($sRQ);
		$this->rq = $sRQ;
		$aValues = array();
		$aTemp = array(); // temp array
		$aWords = array(); //
		$aSep = array(' and ',' or '); // separators for detect the
		$sConditions = '(';
		$matches = array();
		$sSep = '';
		// is there an attempt to unused part of the rq?
		if (is_int((strpos($sRQ,"#")))&&$this->_in_post('#')) return $this->detect();
		
		// is there a attempt to do a 2nd SQL requete ?
		if (is_int(strpos($sRQ,';'))){
			$aTemp = explode(';',$sRQ);
			if ($this->_in_post($aTemp[1])) return $this->detect();
		}
		
		$aTemp = explode(" where ",$sRQ);
		if (count($aTemp)==1) return FALSE;
		$sConditions = $aTemp[1];
		$aWords = explode(" ",$sConditions);
		if(strcasecmp($aWords[0],'select')!=0) $aSep[] = ',';
		$sSep = '('.implode('|',$aSep).')';
		$aValues = preg_split($sSep,$sConditions,-1, PREG_SPLIT_NO_EMPTY);

		// test the always true expressions
		foreach($aValues as $i => $v)
		{
			// SQL injection like 1=1 or a=a or 'za'='za'
			if (is_int(strpos($v,'=')))
			{
				 $aTemp = explode('=',$v);
				 if (trim($aTemp[0])==trim($aTemp[1])) return $this->detect();
			}
			
			//SQL injection like 1<>2
			if (is_int(strpos($v,'<>')))
			{
				$aTemp = explode('<>',$v);
				if ((trim($aTemp[0])!=trim($aTemp[1]))&& ($this->_in_post('<>'))) return $this->detect();
			}
		}
		
		if (strpos($sConditions,' null'))
		{
			if (preg_match("/null +is +null/",$sConditions)) return $this->detect();
			if (preg_match("/is +not +null/",$sConditions,$matches))
			{
				foreach($matches as $i => $v)
				{
					if ($this->_in_post($v))return $this->detect();
				}
			}
		}
		
		if (preg_match("/[a-z0-9]+ +between +[a-z0-9]+ +and +[a-z0-9]+/",$sConditions,$matches))
		{
			$Temp = explode(' between ',$matches[0]);
			$Evaluate = $Temp[0];
			$Temp = explode(' and ',$Temp[1]);
			if ((strcasecmp($Evaluate,$Temp[0])>0) && (strcasecmp($Evaluate,$Temp[1])<0) && $this->_in_post($matches[0])) return $this->detect();
		}
		return FALSE;
	}

Any help would be greatly appreciated,

The Creator

Back to top

#2 derek.sullivan

Jedi In Training

Members
341 posts

Gender:Male
Location:Georgia
Interests:preaching, programming, music, friends, outdoors, moves, books

Posted 19 August 2009 - 02:48 PM

first off, your friend got exactly what they asked for. A secure script for stoping sql injections... Second off, to answer your question, you may need to check some of your preg_match() statements. I unfortunatelly can't tell you specifically which one, but it may be a starting ground for solving your case.