%100 Çözüm oLmasada Yeni Başlayan Arkaşlar İçin İdeal Bir Çözüm..
<?php
/**
* @Kodlama LoveRzSoft
* @copyright 2008-2009
* Sql Injection Fucker
* İzinsiz Çalanın Anasını Eşşekler Kovalasın :D
*/
==================== */
$queryString = $_SERVER['QUERY_STRING'];
$modul_guvenlik= addslashes(stripslashes($_SERVER['QUERY_STRING']));
$ip=$_SERVER["REMOTE_ADDR"];
//Bu bölüm GET Komutu kullanılan yerleri kontrol ediyor
foreach ($_GET as $secvalue) {
if(
(eregi("<[^>]*script*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*onmouseover *\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*body *\"?[^>]*", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key)))
{$datetime = date('Y-m-d H:i:s');
}
//--------------------------------------------------------------
//Bu bölüm Yazılan Mesajların Korunma Bölümü
$postString = "";
foreach ($_POST as $postkey => $postvalue) {
if ($postString > "") {
$postString .= "&".$postkey."=".$postvalue;
} else {
$postString .= $postkey."=".$postvalue;
}
}
str_replace("%09", "%20", $postString);
$postString_64 = base64_decode($postString);
if ((stristr($postString,'%20union%20')) OR (stristr($postString,'*/union/*')) OR
(eregi("<[^>]*iframe*\"?[^>]*", $postString)) OR
(eregi("<[^>]*object*\"?[^>]*", $postString)) OR
(eregi("<[^>]*applet*\"?[^>]*", $postString)) OR
(eregi("<[^>]*meta*\"?[^>]*", $postString)) OR
(eregi("<[^>]script*\"?[^>]*", $postString)) OR
(eregi("<[^>]*body*\"?[^>]*", $postString)) OR
(eregi("<[^>]style*\"?[^>]*", $postString)) OR
(stristr($postString,' union ')) OR
(stristr($postString,'%20union%20')) OR
(stristr($postString,'*/union/*')) OR
(stristr($postString,' union ')) OR
(stristr($postString,'+union+')) OR
(stristr($postString,'http-equiv')) OR
(stristr($postString,'http-equiv')) OR
(stristr($postString,'alert(')) OR
(stristr($postString,'alert(')) OR
(stristr($postString,'javascript:')) OR
(stristr($postString,'javascript:')) OR
(stristr($postString,'document.cookie')) OR
(stristr($postString,'onmouseover=')) OR
(stristr($postString,'onmouseover=')) OR
(stristr($postString,'document.location')) OR
(stristr($postString,'*/UNION ')) OR
(stristr($postString,' UNION/*')) OR
(stristr($postString,'/*')) OR
(stristr($postString,'c2nyaxb0')) OR
(stristr($postString,'document.location'))) {$datetime = date('Y-m-d H:i:s');
sed_sql_query("insert into alinan_hatalar values(NULL,'$datetime','POST HATASI','$modul_guvenlik','$ip')");
die('Hata!!-Bilgisayarınızın ipsi kontrol için kaydedildi!');
}
//-------------------------------------------------------
//Bu bölüm adres satırına yazılanları kontrol ediyor
if ($_SERVER['PHP_SELF'] != "/index.php")
{
if ((stristr($queryString,'http://')) || (stristr($queryString,'/')))
{$datetime = date('Y-m-d H:i:s');
}
if ((stristr($queryString,'%20union%20')) OR
(stristr($queryString,'/*')) OR
(stristr($queryString,'*/union/*')) OR
(stristr($queryString,'union')) OR
(stristr($queryString,'select')) OR
(stristr($queryString,'insert')) OR
(stristr($queryString,'c2nyaxb0')) OR
(stristr($queryString,'+union+')) OR
(stristr($queryString,'http://')) OR
(stristr($queryString,'shell')) OR
(stristr($queryString,'script')) OR
(eregi("<[^>]script*\"?[^>]*", $queryString)) OR
((stristr($queryString,'cmd=')) AND (!stristr($queryString,'&cmd'))) OR
((stristr($queryString,'exec')) AND (!stristr($queryString,'execu'))) OR
(stristr($queryString,'concat'))) {$datetime = date('Y-m-d H:i:s');
//---------------------------------------------------
?>Bunu Mysql Kaydedilen Kodları Sildim Çünkü Bu Biraz Kafa Karıştırır..
Selametle..