hackingshield/hackingshield.php at master · CreateRemoteThread/hackingshield · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php

/*
  enterprise hackingshield [tm] with riskacceptor[tm] plugin
*/

session_start();
if(isset($_SESSION["hacking"]))
{
  print "You have been banned by hackingshield[tm] :(";
  die;
}

// WAF Change Log:
// 15/06: Informed in a meeting that XOR was an sqli keyword.
$blockedstrings = array("SELECT * FROM","UNION SELECT","<script>","<img>","<img src>","/etc/passwd","/etc/groups","/var/log/httpd.log","alert(","XOR","cmd/c");
$blocked = false;

foreach($_REQUEST as $key => $value)
{
  foreach($blockedstrings as $bs)
  {
    // following feedback during lectures, this is now
    // case insensitive :)
    if(stripos($value,$bs) !== false)
    {
      $blocked = true;
    }
  }
}

// now with support for OWASP Top Ten 2017 RC1
$i_definitely_protected_my_applications_A7 = true;
$i_remembered_to_protect_my_apis_A10 = true;

if($blocked)
{
  $_SESSION["hacking"] = true;
  print "You have been banned by hackingshield[tm] :(";
  die;
}

$risk_accepted = true;

?>