Union Tap Code (UTC) Beta 4 Release Date: Tuesday, April 27 @ 19:10:32 CEST Topic: Bug Fixes Continuing from our previous articles, this news release takes us to Beta 4 for Union Tap Code (UTC). Beta 4 successfully handles a report by Imperva Application Defense Center that makes use of C-Like comment code masking any kind of SQL Injection code delivered via the URL, not just UNION: Hence the name upgrade from UT to UTC. And here it is... //Union Tap Code (UTC) //Copyright Zhen-Xjell 2004 http://nukecops.com //Beta 4 Code to prevent UNION SQL Injections unset($matches); unset($loc); $loc=rawurldecode($_SERVER["QUERY_STRING"]); //This if block catches C-like comment code within all SQL Injections, not just Union. //White paper available here: http://www.securiteam.com/securityreviews/5FP0O0KCKM.html if (strstr($loc,"*")) {     die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$loc'."); } //This catches plaintext and base64 version of the Union SQL Injection code. if (preg_match("/([OdWo5NIbpuU4V2iJT0n]{5}) /", $loc, $matches)) {     die("YOU ARE SLAPPED BY <a href=\"http://nukecops.com\">NUKECOPS</a> BY USING '$matches[1]' INSIDE '$loc'."); } This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=2006