问题描述
|
我需要写一个阻止mySQL查询的规则。
RewriteCond %{QUERY_STRING} UNION [OR]
RewriteCond %{QUERY_STRING} SELECT (.*?) FROM [OR]
解决方法
这是答案。所以基于此。
数据操作语言(DML)和数据定义语言(DDL)。
查询和更新命令构成SQL的DML部分:
•SELECT-从数据库中提取数据
•UPDATE-更新数据库中的数据
•DELETE-从数据库中删除数据
•INSERT INTO-将新数据插入数据库
SQL的DDL部分允许创建或删除数据库表。它还定义索引(键),指定表之间的链接以及在表之间施加约束。 SQL中最重要的DDL语句是:
•CREATE DATABASE-创建一个新的数据库
•ALTER DATABASE-修改数据库
•CREATE TABLE-创建一个新表
•ALTER TABLE-修改表格
•DROP TABLE-删除表
•CREATE INDEX-创建索引(搜索关键字)
•DROP INDEX-删除索引
所以,我认为这涵盖了99%,这是一条规则..
RewriteCond %{QUERY_STRING} .*
(
(%73|%53|s)(%65|%45|e)(%6C|%4C|l)(%65|%45|e)(%63|%43|c)(%74|%54|t) #SELECT
| (%69|%49|i)(%6E|%4E|n)(%73|%53|s)(%65|%45|e)(%72|%52|r)(%74|%54|t) #INSERT
| (%44|%64|d)(%65|%45|e)(%6C|%4C|l)(%65|%45|e)(%74|%54|t)(%65|%45|e) #DELETE
| (%44|%64|d)(%72|%52|r)(%4F|%6F|o)(%70|%50|p) #DROP
| (%55|%75|u)(%70|%50|p)(%44|%64|d)(%41|%61|a)(%74|%54|t)(%65|%45|e) #UPDATE
| (%41|%61|a)(%6C|%4C|l)(%74|%54|t)(%65|%45|e)(%72|%52|r) #ALTER
| (%41|%61|a)(%44|%64|d)(%44|%64|d) #ADD
| (%4A|%6A|j)(%4F|%6F|o)(%69|%49|i)(%6E|%4E|n) #JOIN
| (%63|%43|c)(%72|%52|r)(%65|%45|e)(%41|%61|a)(%74|%54|t)(%65|%45|e) #CREATE
)
.*
(
(%74|%54|t)(%41|%61|a)(%42|%62|b)(%6C|%4C|l)(%65|%45|e) #TABLE
| (%46|%66|f)(%72|%52|r)(%4F|%6F|o)(%4D|%6D|m) #FROM
| (%69|%49|i)(%6E|%4E|n)(%74|%54|t)(%4F|%6F|o) #INTO
| (%73|%53|s)(%65|%45|e)(%74|%54|t) #SET
| (%63|%43|c)(%4F|%6F|o)(%6C|%4C|l)(%55|%75|u)(%4D|%6D|m)(%6E|%4E|n) #COLUMN
| (%69|%49|i)(%6E|%4E|n)(%44|%64|d)(%58|%78|e)(%72|%52|x) #INDEX
| (%56|%76|v)(%69|%49|i)(%58|%78|e)(%57|%77|w) #VIEW
| (%55|%75|u)(%6E|%4E|n)(%69|%49|i)(%4F|%6F|o)(%6E|%4E|n) #UNION
| (%44|%64|d)(%41|%61|a)(%74|%54|t)(%41|%61|a)(%42|%62|b)(%41|%61|a)(%73|%53|s)(%65|%45|e) #DATABASE
)
.*
(
(%57|%77|w)(%48|%68|h)(%65|%45|e)(%72|%52|r)(%65|%45|e) #WHERE
| (%4F|%6F|o)(%6E|%4E|n) #ON
| (%41|%61|a)(%6C|%4C|l)(%6C|%4C|l) #ALL
| (.*) # ##Blank so move on
)
.* [NC,OR]
RewriteCond %{QUERY_STRING} .*((%73|%53|s)(%65|%45|e)(%6C|%4C|l)(%65|%45|e)(%63|%43|c)(%74|%54|t)|(%69|%49|i)(%6E|%4E|n)(%73|%53|s)(%65|%45|e)(%72|%52|r)(%74|%54|t)|(%44|%64|d)(%65|%45|e)(%6C|%4C|l)(%65|%45|e)(%74|%54|t)(%65|%45|e)|(%44|%64|d)(%72|%52|r)(%4F|%6F|o)(%70|%50|p)|(%55|%75|u)(%70|%50|p)(%44|%64|d)(%41|%61|a)(%74|%54|t)(%65|%45|e)|(%41|%61|a)(%6C|%4C|l)(%74|%54|t)(%65|%45|e)(%72|%52|r)|(%41|%61|a)(%44|%64|d)(%44|%64|d)|(%4A|%6A|j)(%4F|%6F|o)(%69|%49|i)(%6E|%4E|n)|(%63|%43|c)(%72|%52|r)(%65|%45|e)(%41|%61|a)(%74|%54|t)(%65|%45|e)).*((%74|%54|t)(%41|%61|a)(%42|%62|b)(%6C|%4C|l)(%65|%45|e)|(%46|%66|f)(%72|%52|r)(%4F|%6F|o)(%4D|%6D|m)|(%69|%49|i)(%6E|%4E|n)(%74|%54|t)(%4F|%6F|o)|(%73|%53|s)(%65|%45|e)(%74|%54|t)|(%63|%43|c)(%4F|%6F|o)(%6C|%4C|l)(%55|%75|u)(%4D|%6D|m)(%6E|%4E|n)|(%69|%49|i)(%6E|%4E|n)(%44|%64|d)(%58|%78|e)(%72|%52|x)|(%56|%76|v)(%69|%49|i)(%58|%78|e)(%57|%77|w)|(%55|%75|u)(%6E|%4E|n)(%69|%49|i)(%4F|%6F|o)(%6E|%4E|n)|(%44|%64|d)(%41|%61|a)(%74|%54|t)(%41|%61|a)(%42|%62|b)(%41|%61|a)(%73|%53|s)(%65|%45|e)).*((%57|%77|w)(%48|%68|h)(%65|%45|e)(%72|%52|r)(%65|%45|e)|(%4F|%6F|o)(%6E|%4E|n)|(%41|%61|a)(%6C|%4C|l)(%6C|%4C|l)|(.*)).* [NC,OR]
http://www.domain.tdl/index.php?mact=jobs,dt,default,0&dtcategory=1%5C,)%23&dtsortby=1%0D%0AUN%69ON%20S%45LECT%201,2,3,4,5,CONCAT_WS(0x203a20,%20username,%20password),7,8,9,10,11,12,13,14,15,16,17,18,19,20%20%46ROM%20tec_users--