Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-05 16:42:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

GenericFunctionsFunctionCallArgumentSpacing

Browse Source
This commit is contained in:
Frédéric FRANCE
2019-02-09 12:00:49 +01:00
parent f333fb3b7d
commit 580e5c42d2
37 changed files with 82 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
htdocs/main.inc.php
View File

@@ -97,24 +97,24 @@ function testSqlAndScriptInject($val, $type)
// For SQL Injection (only GET are used to be included into bad escaped SQL requests)
if ($type == 1 || $type == 3)
{
$inj += preg_match('/delete\s+from/i', $val);
$inj += preg_match('/create\s+table/i', $val);
$inj += preg_match('/insert\s+into/i', $val);
$inj += preg_match('/select\s+from/i', $val);
$inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() that return current database login
$inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database
$inj += preg_match('/delete\s+from/i', $val);
$inj += preg_match('/create\s+table/i', $val);
$inj += preg_match('/insert\s+into/i', $val);
$inj += preg_match('/select\s+from/i', $val);
$inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() that return current database login
$inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database
}
if ($type == 3)
{
$inj += preg_match('/select|update|delete|replace|group\s+by|concat|count|from/i', $val);
$inj += preg_match('/select|update|delete|replace|group\s+by|concat|count|from/i', $val);
}
if ($type != 2) // Not common key strings, so we can check them both on GET and POST
{
$inj += preg_match('/updatexml\(/i', $val);
$inj += preg_match('/update.+set.+=/i', $val);
$inj += preg_match('/union.+select/i', $val);
$inj += preg_match('/(\.\.%2f)+/i', $val);
$inj += preg_match('/updatexml\(/i', $val);
$inj += preg_match('/update.+set.+=/i', $val);
$inj += preg_match('/union.+select/i', $val);
$inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript: