//get拦截规则
$getfilter = "\\<.>|<.>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|
//post拦截规则
$postfilter = "<.>|<.>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*\)|sleep\s*?\(.*\)|\\b(group_)?concat[\\s\\/\\*]*?\\([^\\)]+?\\)|\bcase[\s\/\*]*?when[\s\/\*]*?\([^\)]+?\)|load_file\s*?\\()|]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|
//cookie拦截规则
$cookiefilter = "benchmark\s*?\(.*\)|sleep\s*?\(.*\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|
//referer获取
$webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']);
/*
参数拆分
*/
function webscan_arr_foreach($arr) {
static $str;
static $keystr;
if (!is_array($arr)) {
return $arr;
}
foreach ($arr as $key => $val ) {
$keystr=$keystr.$key;
if (is_array($val)) {
webscan_arr_foreach($val);
} else {
$str[] = $val.$keystr;
}
}
return implode($str);
}
/**
* 攻击检查拦截
*/
function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq) {
$StrFiltValue=webscan_arr_foreach($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
exit('代码君已私奔到月球~');
}
if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){
exit('代码君已私奔到月球~');
}
}
foreach($_GET as $key=>$value) {
webscan_StopAttack($key,$value,$getfilter);
}
foreach($_POST as $key=>$value) {
webscan_StopAttack($key,$value,$postfilter);
}
foreach($_COOKIE as $key=>$value) {
webscan_StopAttack($key,$value,$cookiefilter);
}
foreach($webscan_referer as $key=>$value) {
webscan_StopAttack($key,$value,$postfilter);
}
// echo 123123;
?>
一键复制
编辑
Web IDE
原始数据
按行查看
历史