注入漏洞代码和分析
  代码如下:
<?php
function customerror($errno, $errstr, $errfile, $errline)
{
echo <b>error number:</b> [$errno],error on line $errline in $errfile<br />;
die();
}
set_error_handler(customerror,e_error);
$getfilter='|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|< \s*script\b|\bexec\b|union.+?select|update.+?set|insert \s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate) \s+(table|database);
$postfilter=\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/ \*.+?\*\/|<\s*script\b|\bexec \b|union.+?select|update.+?set|insert\s+into.+?values| (select|delete).+?from|(create|alter|drop|truncate)\s+(table|database);
$cookiefilter=\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/ \*.+?\*\/|<\s*script\b|\bexec \b|union.+?select|update.+?set|insert\s+into.+?values| (select|delete).+?from|(create|alter|drop|truncate)\s+(table|database);
function stopattack($strfiltkey,$strfiltvalue,$arrfiltreq)
{
if(is_array($strfiltvalue))
{
$strfiltvalue=implode($strfiltvalue);
}
if (preg_match(/.$arrfiltreq./is,$strfiltvalue)==1&&!isset($_request['securitytoken']))
{
slog(<br><br>操作ip: .$_server[remote_addr].<br>操作时间: .strftime(%y-%m-%d %h:%m:%s).<br>操作页面:.$_server[php_self].<br>提交方式: .$_server[request_method].<br>提交参数: .$strfiltkey.<br>提交数据: .$strfiltvalue);
print result notice:illegal operation!;
exit();
}
}
foreach($_get as $key=>$value)
{
stopattack($key,$value,$getfilter);
}
foreach($_post as $key=>$value)
{
stopattack($key,$value,$postfilter);
}
foreach($_cookie as $key=>$value)
{
stopattack($key,$value,$cookiefilter);
}
function slog($logs)
{
$toppath=log.htm;
$ts=fopen($toppath,a+);
fputs($ts,$logs. );
fclose($ts);
}
?>