Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function sql_proteccion($Variable) {
- $MalasCosas = array('--',
- "'",
- 'SELECT',
- 'UPDATE',
- 'ONION',
- 'union',
- 'UNION',
- 'DROP',
- 'drop',
- 'table',
- 'SET',
- 'set'
- );
- foreach ($MalasCosas as $Mala) {
- if (strpos(strtolower($Variable), strtolower($Mala)) !== false) {
- die("<h4>SQL Injection string detected. htmlentities(strtolower($Mala)) . "'</h4>");
- }
- }
- }
- function xss_proteccion($Variable) {
- $MalasCosas = array('<img',
- 'img>',
- 'document.cookie',
- 'onerror()',
- 'script>',
- '<script',
- 'alert()'
- );
- foreach ($MalasCosas as $Mala) {
- if (strpos(strtolower($Variable), strtolower($Mala)) !== false) {
- die("<h4>XSS String detected '". htmlentities(strtolower($Mala)) . "'</h4>");
- }
- }
- }
- $DefinedVARS = get_defined_vars();
- foreach ($DefinedVARS['_COOKIE'] as $key => $value) {
- xss_proteccion($value);
- sql_proteccion($value);
- }
- foreach ($DefinedVARS['_POST'] as $key => $value) {
- xss_proteccion($value);
- sql_proteccion($value);
- }
- foreach ($DefinedVARS['_GET'] as $key => $value) {
- xss_proteccion($value);
- sql_proteccion($value);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement