Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FW: Introducing a new generic approach to detecting SQL injection

From: Bipin Gautam <gautam.bipin () gmail com>
Date: Sat, 23 Apr 2005 19:43:46 +0545
Before in our forum (we use to use phorum.org message board) we use to
strip "all harmful tags" from...
$HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS,
$HTTP_POST_FILES, $HTTP_SESSION_VARS; etc..... (all possible inputs)
although it restricted functionality, but indeed even protected us
from some 0-days. ;)  Its even better to check the max url length
(acceptable) and strictly defind the acceptable INPUT data type for
every INPUT feilds.

even better... if max. bad request execeds say 3 in error log add...
exec("/sbin/iptables -I INPUT -s $ip -j REJECT"); And email back the
admin with complete log details of the attack.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: