|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
<?php
/*云体检通用漏洞防护补丁v1.1
更新时间:2013-05-25
功能说明:防护XSS,SQL,代码执行,文件包含等多种高危漏洞
*/
$url_arr
=
array
(
'xss'
=>
"\\=\\+\\/v(?:8|9|\\+|\\/)|\\%0acontent\\-(?:id|location|type|transfer\\-encoding)"
,
);
$args_arr
=
array
(
'xss'
=>
"[\\'\\\"\\;\\*\\<\\>].*\\bon[a-zA-Z]{3,15}[\\s\\r\\n\\v\\f]*\\=|\\b(?:expression)\\(|\\<script[\\s\\\\\\/]|\\<\\!\\[cdata\\[|\\b(?:eval|alert|prompt|msgbox)\\s*\\(|url\\((?:\\#|data|javascript)"
,
'sql'
=>
"[^\\{\\s]{1}(\\s|\\b)+(?:select\\b|update\\b|insert(?:(\\/\\*.*?\\*\\/)|(\\s)|(\\+))+into\\b).+?(?:from\\b|set\\b)|[^\\{\\s]{1}(\\s|\\b)+(?:create|delete|drop|truncate|rename|desc)(?:(\\/\\*.*?\\*\\/)|(\\s)|(\\+))+(?:table\\b|from\\b|database\\b)|into(?:(\\/\\*.*?\\*\\/)|\\s|\\+)+(?:dump|out)file\\b|\\bsleep\\([\\s]*[\\d]+[\\s]*\\)|benchmark\\(([^\\,]*)\\,([^\\,]*)\\)|(?:declare|set|select)\\b.*@|union\\b.*(?:select|all)\\b|(?:select|update|insert|create|delete|drop|grant|truncate|rename|exec|desc|from|table|database|set|where)\\b.*(charset|ascii|bin|char|uncompress|concat|concat_ws|conv|export_set|hex|instr|left|load_file|locate|mid|sub|substring|oct|reverse|right|unhex)\\(|(?:master\\.\\.sysdatabases|msysaccessobjects|msysqueries|sysmodules|mysql\\.db|sys\\.database_name|information_schema\\.|sysobjects|sp_makewebtask|xp_cmdshell|sp_oamethod|sp_addextendedproc|sp_oacreate|xp_regread|sys\\.dbms_export_extension)"
,
'other'
=>
"\\.\\.[\\\\\\/].*\\%00([^0-9a-fA-F]|$)|%00[\\'\\\"\\.]"
);
$referer
=
empty
(
$_SERVER
[
'HTTP_REFERER'
]) ?
array
() :
array
(
$_SERVER
[
'HTTP_REFERER'
]);
$query_string
=
empty
(
$_SERVER
[
"QUERY_STRING"
]) ?
array
() :
array
(
$_SERVER
[
"QUERY_STRING"
]);
check_data(
$query_string
,
$url_arr
);
check_data(
$_GET
,
$args_arr
);
check_data(
$_POST
,
$args_arr
);
check_data(
$_COOKIE
,
$args_arr
);
check_data(
$referer
,
$args_arr
);
function
W_log(
$log
)
{
// $logpath=$_SERVER["DOCUMENT_ROOT"]."/".date('Ymd',time())."-log.txt";
//注意在/home/下建立 www用户组的文件夹 attacklog 用于记录攻击数据
$logpath
=
"/home/attacklog/"
.
$_SERVER
[
'HTTP_HOST'
].
"-"
.
date
(
'Ymd'
,time()).
"-log.txt"
;
$log_f
=
fopen
(
$logpath
,
"a+"
);
fputs
(
$log_f
,
$log
.
"\r\n"
);
fclose(
$log_f
);
}
function
check_data(
$arr
,
$v
) {
foreach
(
$arr
as
$key
=>
$value
)
{
if
(!
is_array
(
$key
))
{ check(
$key
,
$v
);}
else
{ check_data(
$key
,
$v
);}
if
(!
is_array
(
$value
))
{ check(
$value
,
$v
);}
else
{ check_data(
$value
,
$v
);}
}
}
function
check(
$str
,
$v
)
{
foreach
(
$v
as
$key
=>
$value
)
{
if
(preg_match(
"/"
.
$value
.
"/is"
,
$str
)==1||preg_match(
"/"
.
$value
.
"/is"
,urlencode(
$str
))==1)
{
W_log(
"<br>IP: "
.
$_SERVER
[
"REMOTE_ADDR"
].
"<br>时间: "
.
strftime
(
"%Y-%m-%d %H:%M:%S"
).
"<br>host:"
.
$_SERVER
[
'HTTP_HOST'
].
"<br>页面:"
.
$_SERVER
[
"PHP_SELF"
].
"<br>提交方式: "
.
$_SERVER
[
"REQUEST_METHOD"
].
"<br>提交数据: "
.
$str
);
switch
(
$_SERVER
[
'HTTP_HOST'
]) {
case
'dangjian.citic.com'
:
print
'{"code":"9999","msg":"数据包含非法参数,请重新操作"}'
;
break
;
case
'djfiles.citic.com'
:
print
'{"code":"9999","msg":"数据包含非法参数,请重新操作"}'
;
break
;
case
'xfzx.citic.com'
:
print
'{"code":"9999","msg":"数据包含非法参数,请重新操作"}'
;
break
;
default
:
print
'{"code":"9999","msg":"数据包含非法参数,请重新操作"}'
;
break
;
}
exit
();
}
}
}
?>
|
在yii中加在的方法,
|
1
2
3
4
5
|
defined(
'YII_TRACE_LEVEL'
)
or
define(
'YII_TRACE_LEVEL'
,3);
defined(
'G_APP_MODE_DEV'
)
or
define(
'G_APP_MODE_DEV'
,false);
require_once
(
'waf.php'
);
require_once
(
$yii
);
Yii::createWebApplication(
$config
)->run();
|
本文转自ning1022 51CTO博客,原文链接:http://blog.51cto.com/ning1022/1889624,如需转载请自行联系原作者
