'm=admin','post.php' => 'job=postnew&step=post','edit_space_info.php'=>''); //防护脚本版本号 define("WEBSCAN_VERSION", '0.1.3.2'); //get拦截规则 $getfilter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\$|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*$|sleep\s*?$.*$|load_file\s*?\$)|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\$'\"\\d]+?=[\$\$'\"\\d]+?|[\$\$'\"a-zA-Z]+?=[\$\$'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?$|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*($.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\$.+\$|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\$.+\$|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; //post拦截规则 $postfilter = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|\\b(alert\$|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\(.*$|sleep\s*?$.*$|load_file\s*?\$)|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\$'\"\\d]+?=[\$\$'\"\\d]+?|[\$\$'\"a-zA-Z]+?=[\$\$'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?$|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*($.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\$.+\$|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\$.+\$|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; //cookie拦截规则 $cookiefilter = "benchmark\s*?$.*$|sleep\s*?$.*$|load_file\s*?\$|\\b(and|or)\\b\\s*?([\\(\$'\"\\d]+?=[\$\$'\"\\d]+?|[\$\$'\"a-zA-Z]+?=[\$\$'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?$|\\blike\\b\\s+?[\"'])|\\/\\*.*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT\s*(\(.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)|UPDATE\s*($.+$\s*|@{1,2}.+?\s*|\s+?.+?|(`|'|\").*?(`|'|\")\s*)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)@{0,2}(\$.+\$|\\s+?.+?\\s+?|(`|'|\").*?(`|'|\"))FROM(\$.+\$|\\s+?.+?|(`|'|\").*?(`|'|\"))|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; //referer获取 $webscan_referer = empty($_SERVER['HTTP_REFERER']) ? array() : array('HTTP_REFERER'=>$_SERVER['HTTP_REFERER']); /** * 关闭用户错误提示 */ function webscan_error() { if (ini_get('display_errors')) { ini_set('display_errors', '0'); } } /** * 参数拆分 */ function webscan_arr_foreach($arr) { static $str; static $keystr; if (!is_array($arr)) { return $arr; } foreach ($arr as $key => $val ) { $keystr=$keystr.$key; if (is_array($val)) { webscan_arr_foreach($val); } else { $str[] = $val.$keystr; } } return implode($str); } /** * 防护提示页 */ function webscan_pape(){ $pape=<<

Bad Request

HTML; echo $pape; } /** * 攻击检查拦截 */ function webscan_StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq,$method) { $StrFiltValue=webscan_arr_foreach($StrFiltValue); if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){ exit(webscan_pape()); } if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){ exit(webscan_pape()); } } /** * 拦截目录白名单 */ function webscan_white($webscan_white_name,$webscan_white_url=array()) { $url_path=$_SERVER['SCRIPT_NAME']; $url_var=$_SERVER['QUERY_STRING']; if (preg_match("/".$webscan_white_name."/is",$url_path)==1&&!empty($webscan_white_name)) { return false; } foreach ($webscan_white_url as $key => $value) { if(!empty($url_var)&&!empty($value)){ if (stristr($url_path,$key)&&stristr($url_var,$value)) { return false; } } elseif (empty($url_var)&&empty($value)) { if (stristr($url_path,$key)) { return false; } } } return true; } if ($webscan_switch&&webscan_white($webscan_white_directory,$webscan_white_url)) { if ($webscan_get) { foreach($_GET as $key=>$value) { webscan_StopAttack($key,$value,$getfilter,"GET"); } } if ($webscan_post) { foreach($_POST as $key=>$value) { webscan_StopAttack($key,$value,$postfilter,"POST"); } } if ($webscan_cookie) { foreach($_COOKIE as $key=>$value) { webscan_StopAttack($key,$value,$cookiefilter,"COOKIE"); } } if ($webscan_referre) { foreach($webscan_referer as $key=>$value) { webscan_StopAttack($key,$value,$postfilter,"REFERRER"); } } }