Aku Tambahi deh .. tapi ini VB yah ... he he he:
Imports System.Text.RegularExpressions
Public Class SearchSuspectInjection
Dim rgxSQLmetaCharacters As String = "(\%27)|(\')|(\-\-)|(\%23)|(#)"
Dim rgxAdvSQLmetaCharacters As String =
"((\%3D)|(=))[^\n]*((\%27)|(\')|(\-\-)|(\%3B)|(;))"
Dim rgxtypicalSQLInjectionAttack As String =
"\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))"
Dim rgxInjectionUNIONkeyword As String = "((\%27)|(\'))union"
Dim rgxattacksMSSQLServer As String = "exec(\s|\+)+(s|x)p\w+"
Dim rgxsimpleCSSattack As String =
"((\%3C)|<)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|>)"
Dim rgxImgSrcCSSattack As String =
"((\%3C)|<)((\%69)|i|(\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)"
Dim rgxParanoidCSSattacks As String = "((\%3C)|<)[^\n]+((\%3E)|>)"
'Dim rgxNumberOnly As String = "[^0-9a-zA-Z]"
Dim arListRGX As New ArrayList
Public Enum enTypeOfAttack
SQLmetaCharacters
AdvSQLmetaCharacters
typicalSQLInjectionAttack
InjectionUNIONkeyword
attacksMSSQLServer
simpleCSSattack
ImgSrcCSSattack
ParanoidCSSattacks
Unknown
End Enum
Public Sub New()
arListRGX.Clear()
arListRGX.Add(Me.rgxSQLmetaCharacters)
arListRGX.Add(rgxAdvSQLmetaCharacters)
arListRGX.Add(rgxtypicalSQLInjectionAttack)
arListRGX.Add(rgxInjectionUNIONkeyword)
arListRGX.Add(rgxattacksMSSQLServer)
arListRGX.Add(rgxsimpleCSSattack)
arListRGX.Add(rgxImgSrcCSSattack)
arListRGX.Add(rgxParanoidCSSattacks)
End Sub
Public Function Scan(ByVal SourceTeks As String) As String
Dim reg_exp As Regex
Dim i As Integer = 0
Dim strtmp As String = ""
Dim AttackType As enTypeOfAttack = enTypeOfAttack.Unknown
For i = 0 To arListRGX.Count - 1
reg_exp = New Regex(arListRGX(i), RegexOptions.IgnoreCase
Or RegexOptions.IgnorePatternWhitespace)
If reg_exp.IsMatch(SourceTeks, arListRGX(i)) Then
AttackType = i
strtmp &= AttackType.ToString & ","
End If
Next
Return strtmp
End Function
End Class
2006/8/23, AmiGelz <[EMAIL PROTECTED]>:
>
>
>
>
>
>
>
> problem saya dah teratasi dengan fungsi dibawah ini
>
> #region fungsi regex
> public void bersih(string masukan)
> {
> masukan= Regex.Replace(masukan, @"[^\w]", "");
> }
> #endregion
>
> *keterangan fungsi Regex.Replace(string input, string pattern, string
> replacement);
>
> fungsi diatas mereplace inputan(*lihat variable dg warna biru) yang akan
> diaproses, dia(*baca fungsi di atas) hanya memperbolehkan huruf dan angka
> saja (*lihat warna hijau) , bila ada tanda baca atopun sepasi maka akan
> direplace dengan kosong("")(*lihat warna merah).
>
> contoh kerja fungsi diatas:
> masukan == abc'; DROP TABLE A;--
> maka hasilnya = abcDROPTABLEA
>
> Dengan hasil itu maka, aplikasi kita akan aman dari SQL inject :)
>
> tadi iseng2 googling saya menemukan tools untuk mempermudah pembuatan regex
> terutama jika kita mau test dulu string pattern yang akan kita implemen
> tasikan (*free download) sarat di kompor(komputer) kita harus sudah ada .NET
> Framework v1.1, semua bisa di DL di :
> http://www.radsoftware.com.au/regexdesigner/
> dan untuk belajar syntacxnya
> http://www.radsoftware.com.au/articles/regexsyntaxadvanced.aspx
> Dan untuk belajar mendalam bisa juga baca di MSDN nya ato browsing di
> http://msdn.microsoft.com
>
> Nb. Jangan lupa include dulu dengan using System.Text.RegularExpressions;
>
> *trimaksihUntukSemuanyaSelamatM
> encobaDanDikembangkanDanYangSayaTulisIniJalanDiC#
> *Monggo2 Bagi yang punya cara lain mohon dishare
>
> --
> "Urip Pisan Jo` Digawe Soro"
> add fs and YmId AmiGelz [at] yahoo [dot] com
> -=*=-AmiGelz || NFS || Agen_dosa A.K.A Nurma A K H -=*=-
>>
--
Salam Revolusi IT Indonesia !!!!
Alpha Bagus Sunggono
http://bagusalfa.blogspot.com
[EMAIL PROTECTED]
--
www.itcenter.or.id - Komunitas Teknologi Informasi Indonesia
Info, Gabung, Keluar, Mode Kirim : [EMAIL PROTECTED]
:: Hapus bagian yang tidak perlu (footer, dst) saat reply! ::
## Jobs: itcenter.or.id/jobs ## Bursa: itcenter.or.id/bursa ##
$$ Iklan/promosi : www.itcenter.or.id/sponsorship $$
[@@] Jaket ITCENTER tersedia di http://shop.itcenter.or.id
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ITCENTER/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
