PHP

kisa castle-php 소스 중 정책리스트 참고.

비개인오후 2012. 10. 11. 15:59

// 정책 리스트 목록

$LIST['sql_injection'] = array(

"delete[[:space:]]+from", 

"drop[[:space:]]+database", 

"drop[[:space:]]+table", 

"drop[[:space:]]+column", 

"drop[[:space:]]+procedure", 

"create[[:space:]]+table", 

"update[[:space:]]+.*set",

"insert[[:space:]]+into.*values",

"select[[:space:]]+.*from",

"bulk[[:space:]]+insert", 

"union[[:space:]]+select", 

"or[[:space:]]+['\"[[:space:]]]*[[:alnum:]]+['\"[[:space:]]]*[[:space:]]*=[[:space:]]*['\"[[:space:]]]*[[:alnum:]]+",

"or[[:space:]]+[[:alnum:]]+[[:space:]]*=[[:space:]]*[[:alnum:]]+",

"alter[[:space:]]+table", 

"into[[:space:]]+outfile", 

"load[[:space:]]+data",

"declare.+varchar.+set"

);


$LIST['xss'] = array(

"<script", 

"script[[:space:]]+.?src[[:space:]]*=", 

"%3cscript", 

"&#x3c;script", 

"javascript:", 

"expression[[:space:]]*\(", 

"xss:[[:space:]].*\(", 

"document\.cookie", 

"document\.location", 

"document\.write", 

"onAbort[[:space:]]*=", 

"onBlur[[:space:]]*=", 

"onChange[[:space:]]*=", 

"onClick[[:space:]]*=", 

"onDblClick[[:space:]]*=", 

"onDragDrop[[:space:]]*=", 

"onError[[:space:]]*=", 

"onFocus[[:space:]]*=", 

"onKeyDown[[:space:]]*=", 

"onKeyPress[[:space:]]*=", 

"onKeyUp[[:space:]]*=", 

"onLoad[[:space:]]*=", 

"onMouseDown[[:space:]]*=", 

"onMouseMove[[:space:]]*=", 

"onMouseOut[[:space:]]*=", 

"onMouseOver[[:space:]]*=", 

"onMouseUp[[:space:]]*=", 

"onMove[[:space:]]*=", 

"onReset[[:space:]]*=", 

"onResize[[:space:]]*=", 

"onSelect[[:space:]]*=", 

"onSubmit[[:space:]]*=", 

"onUnload[[:space:]]*=", 

"location.href[[:space:]]*="

);