PHP Code:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("[WEB]SQL_Injection.txt", "a+");
$sql_inject_1 = array(";","928db812f6c9dc1db9d9c36a1065db98","x","'\'","\'","'","CHARACTER_TBL","drop","dbo","tbl","table","dump","db","sp_executesql","union","insert","cast","create","char","convert","alter","declare","order","script","set","benchmark","encode","or","INVENTORY_TBL","PREMIUM_SHOP_TBL","MAIL_TBL","SKILLINFLUENCE_TBL","update","delete","select","shutdown","CHARACTER_01_DBF","ACCOUNT_DBF","LOGGING_01_DBF","%","exec"); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
function xw_sanitycheck($str){
if(strpos(str_replace("''",""," $str"),"'")!=false)
return str_replace("'", "''", $str);
else
return $str;
}
function secure($str){
// Case of an array
if (is_array($str)) {
foreach($str AS $id => $value) {
$str[$id] = secure($value);
}
}
else
$str = xw_sanitycheck($str);
return $str;
}
// Get Filter
$xweb_AI = array_keys($_GET);
$i=0;
while($i<count($xweb_AI)) {
$_GET[$xweb_AI[$i]]=secure($_GET[$xweb_AI[$i]]);
$i++;
}
unset($xweb_AI);
// Request Filter
$xweb_AI = array_keys($_REQUEST);
$i=0;
while($i<count($xweb_AI)) {
$_REQUEST[$xweb_AI[$i]]=secure($_REQUEST[$xweb_AI[$i]]);
$i++;
}
unset($xweb_AI);
// Post Filter
$xweb_AI = array_keys($_POST);
$i=0;
while($i<count($xweb_AI)) {
$_POST[$xweb_AI[$i]]=secure($_POST[$xweb_AI[$i]]);
$i++;
}
// Cookie Filter (do we have a login system?)
$xweb_AI = array_keys($_COOKIE);
$i=0;
while($i<count($xweb_AI)) {
$_COOKIE[$xweb_AI[$i]]=secure($_COOKIE[$xweb_AI[$i]]);
$i++;
}
// End
?>
you can insert filter in $sql_inject_1 and $sql_inject_2
test and enjoy.