Your big opportunity may be right where you are now. Napoleon Hill
Idea Transcript
SQLiDetect: A WEB BASED INTRUSION DETECTION APPLICATION FOR SQL INJECTIONS Priyanka J. Hatwalne B.E., Pune University, India, 2006
PROJECT
Submitted in partial satisfaction of the requirements for the degree of
MASTER OF SCIENCE
in
COMPUTER SCIENCE
at
CALIFORNIA STATE UNIVERSITY, SACRAMENTO FALL 2011
SQLiDetect: A WEB BASED INTRUSION DETECTION APPLICATION FOR SQL INJECTIONS
A Project
by
Priyanka J. Hatwalne
Approved by: __________________________________, Committee Chair Scott Gordon, Ph. D.
__________________________________, Second Reader Meiliu Lu, Ph. D.
__________________________ Date
ii
Student: Priyanka J. Hatwalne
I certify that this student has met the requirements for format contained in the university format manual, and that this project is suitable for shelving in the Library and credit is to be awarded for the Project.
______________________________, Graduate Coordinator Nikrouz Faroughi, Ph. D Department of Computer Science
iii
________________ Date
Abstract of SQLiDetect: A WEB BASED INTRUSION DETECTION APPLICATION FOR SQL INJECTIONS by Priyanka J. Hatwalne ,reset_cnt= ".$config->RESET_COUNT.",blk_count=".$config->BLOCK_COUNT." where id = $config>BLACK_LIST_ID"; mysql_query($qry) or die(mysql_error()) ; }
36
if( $c_attack == 1) { $qry = "select id from INJECTIONS where injection_name = 'comment'"; $result = mysql_query($qry) or die(mysql_error()) ; while ($row = mysql_fetch_array($result)) { $injection_id = $row['id']; } $qry = "insert into ATTACK (injection_id ,black_list_id,attack_query) values (".$injection_id.",".$config>BLACK_LIST_ID.",'".mysql_real_escape_string($input)."')"; mysql_query($qry) or die(mysql_error()) ; } if($comment) { $qry = "select id from INJECTIONS where injection_name = 'multi line comments'"; $result = mysql_query($qry) or die(mysql_error()) ; while ($row = mysql_fetch_array($result)) { $injection_id = $row['id']; } $qry = "insert into ATTACK (injection_id ,black_list_id,attack_query) values (".$injection_id.",".$config>BLACK_LIST_ID.",'".mysql_real_escape_string($input)."')"; mysql_query($qry) or die(mysql_error()) ; } if($a_o_attack) { $qry = "select id from INJECTIONS where injection_name = 'and-or'"; $result = mysql_query($qry) or die(mysql_error()) ; while ($row = mysql_fetch_array($result)) { $injection_id = $row['id']; } $qry = "insert into ATTACK (injection_id ,black_list_id,attack_query) values (".$injection_id.",".$config>BLACK_LIST_ID.",'".mysql_real_escape_string($input)."')"; mysql_query($qry) or die(mysql_error()) ; } if($concat_attack) { $qry = "select id from INJECTIONS where injection_name = 'String concatination'"; $result = mysql_query($qry) or die(mysql_error()) ; while ($row = mysql_fetch_array($result)) { $injection_id = $row['id']; } $qry = "insert into ATTACK (injection_id ,black_list_id,attack_query) values (".$injection_id.",".$config>BLACK_LIST_ID.",'".mysql_real_escape_string($input)."')"; mysql_query($qry) or die(mysql_error()) ; } if($u_attack) { $qry = "select id from INJECTIONS where injection_name = 'union'"; $result = mysql_query($qry) or die(mysql_error()) ; while ($row = mysql_fetch_array($result)) { $injection_id = $row['id']; }
37 $qry = "insert into ATTACK (injection_id ,black_list_id,attack_query) values (".$injection_id.",".$config>BLACK_LIST_ID.",'".mysql_real_escape_string($input)."')"; mysql_query($qry) or die(mysql_error()) ; } if($multi_query_attack) { $qry = "select id from INJECTIONS where injection_name = 'multiple queries'"; $result = mysql_query($qry) or die(mysql_error()) ; while ($row = mysql_fetch_array($result)) { $injection_id = $row['id']; } $qry = "insert into ATTACK (injection_id ,black_list_id,attack_query) values (".$injection_id.",".$config>BLACK_LIST_ID.",'".mysql_real_escape_string($input)."')"; mysql_query($qry) or die(mysql_error()) ; } if($ascii_attack) { $qry = "select id from INJECTIONS where injection_name = 'ASCII'"; $result = mysql_query($qry) or die(mysql_error()) ; while ($row = mysql_fetch_array($result)) { $injection_id = $row['id']; } $qry = "insert into ATTACK (injection_id ,black_list_id,attack_query) values (".$injection_id.",".$config>BLACK_LIST_ID.",'".mysql_real_escape_string($input)."')"; mysql_query($qry) or die(mysql_error()) ; } $qry = "select * from users"; $result = mysql_query($qry); $from = "From:[email protected]"; $subject = "Injection detected"; $body = "Hello Adminstrator,\n\t An SQL injection has been encountered at".date("M-d-Y, h:i:s A") . ".\n The IP adress of the host is ".$_SERVER["REMOTE_ADDR"].". For details about the attack click here."; while ($row = mysql_fetch_array($result)) { if ($to) $to = $to.",".$row["email"]; else $to = $row["email"]; } //mail($to, $subject, $body,$form); //echo $to." ".$body; return 0; } else if($config->BLACK_LISTED=='y') { //update $qry = "update BLACK_LIST set last_attack_time=now(),block_status=".$config>BLOCK_STATUS.",reset_cnt= ".$config->RESET_COUNT.",blk_count=".$config->BLOCK_COUNT." where id = $config>BLACK_LIST_ID"; return 1; } else return 1; }