Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

SQL Injection Detection

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting SQL Injection Detection
# 1  
Old 06-18-2014
SQL Injection Detection
I want to grep/awk /var/log/httpd/mysite-access_log.log and check if 2 words from the following appear in a single line:

benchmark
union
information_schema
drop
truncate
group_concat
into
file
case
hex
lpad
group
order
having
insert
union
select
from
where
drop
delete
truncate

If 2 of these appear in a single line then I want the line to be listed.

Thanks
# 2  
Old 06-18-2014
Try
Code:
awk 'NR==FNR {SRCSTR=SRCSTR DELIM $0; DELIM="|"; next} gsub (SRCSTR,"&")==2' patternfile mysite-access_log.log

This will detect double occurrences of a single keyword as well.
# 3  
Old 06-18-2014
this does not ignore case of letters and I think it returns single occurrences based on the output
# 4  
Old 06-18-2014
add this BEGIN{IGNORECASE=1} to RudiC's code, if you have gawk it should work
Code:
awk 'BEGIN{IGNORECASE=1}NR==FNR {SRCSTR=SRCSTR DELIM $0; DELIM="|"; next} gsub (SRCSTR,"&")==2' patternfile mysite-access_log.log

---------- Post updated at 04:55 PM ---------- Previous update was at 04:52 PM ----------

OR

Code:
awk 'NR==FNR {SRCSTR=SRCSTR DELIM tolower($0); DELIM="|"; next}{p=tolower($0)} gsub(SRCSTR,"&",p)==2' patternfile mysite-access_log.log

Last edited by Akshay Hegde; 06-18-2014 at 07:44 AM..
# 5  
Old 06-18-2014
Not working.
the first:
-bash: syntax error near unexpected token `('

and the second does not return any of the dual word cases.

The patternfile contains:
benchmark
union
information_schema
drop
truncate
group_concat
into
case
hex
lpad
group
order
having
insert
union
select
from
where
delete
create
table


I want to list lines from /var/log/httpd/mysite-access_log.log

if the lines contain 2 or more of the words of patternfile:
sssss SElect xxxxx InTO
dsjdhshdj CREATE xxxx ss s ggggs TabLE
DElete sdsdssd from wjhdssd WHErE dffsdfsd
.....



# 6  
Old 06-18-2014
Working for me

Code:
[akshay@nio tmp]$ cat log 
sssss SElect xxxxx InTO
dsjdhshdj CREATE xxxx ss s ggggs TabLE
DElete sdsdssd from wjhdssd WHErE dffsdfsd

Code:
[akshay@nio tmp]$ cat pattern 
benchmark
union
information_schema
drop
truncate
group_concat
into
case
hex
lpad
group
order
having
insert
union
select
from
where
delete
create
table

Code:
[akshay@nio tmp]$ awk 'BEGIN{IGNORECASE=1}NR==FNR {SRCSTR=SRCSTR DELIM $0; DELIM="|"; next} gsub (SRCSTR,"&")==2' pattern log
sssss SElect xxxxx InTO
dsjdhshdj CREATE xxxx ss s ggggs TabLE

Code:
[akshay@nio tmp]$ awk 'NR==FNR {SRCSTR=SRCSTR DELIM tolower($0); DELIM="|"; next}{p=tolower($0)} gsub(SRCSTR,"&",p)==2' pattern log
sssss SElect xxxxx InTO
dsjdhshdj CREATE xxxx ss s ggggs TabLE

if you want 2 or more words then use this
Code:
awk 'BEGIN{IGNORECASE=1}NR==FNR {SRCSTR=SRCSTR DELIM $0; DELIM="|"; next} gsub (SRCSTR,"&")>=2' pattern log

OR
Code:
awk 'NR==FNR {SRCSTR=SRCSTR DELIM tolower($0); DELIM="|"; next}{p=tolower($0)} gsub(SRCSTR,"&",p)>=2' pattern log

# 7  
Old 06-18-2014
Quote:
Originally Posted by koutroul
this does not ignore case of letters (not specified) and I think it returns single occurrences based on the output (not true)
Anyhow - try
Code:
awk 'NR==FNR {SRCSTR=SRCSTR DELIM $0; DELIM="|"; next} {X=tolower($0)} gsub (SRCSTR,"&",X)==2'

And, before you complain that "Delete..." line is not there: it has three occurrences of keywords and thus does not meet the specification. Adaption of the proposal to this case is left to you.
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question