diff --git a/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivity.php b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivity.php index d9686f58a4669e0b107fbce3f401afc7c34e21fe..c17600eafcd5c4d3e36d71a86edee2397ef13e07 100644 --- a/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivity.php +++ b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivity.php @@ -16,9 +16,14 @@ switch( $_GET['per']) { } #sqli todo + +#limits +$limit=""; + #selector if(!IsSet($_GET['where'])) { - $where="detected>from_unixtime(0)"; + $where="1=1"; + $limit="order by detected desc limit 1000"; } else { $where = base64_decode($_GET['where']); } @@ -51,7 +56,7 @@ $count_cols=count($cols); $data=array(); #casova posloupnost # premapuju podle staticky alokovanych sloupcu, posilam to rovnou do grafu -$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, count(*) as count FROM events WHERE $where GROUP BY $query_cols, t;"; +$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, count(*) as count FROM events WHERE $where GROUP BY $query_cols, t $limit"; #var_dump($q); $res = mysql_query($q, $db); while ($tmp = mysql_fetch_assoc($res)) { diff --git a/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale.php b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale.php index b89d6e2badd02e25473f091762fe126a271300f5..1b3ad51eb5853fdda2578c5436d2fb6cb69831a7 100644 --- a/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale.php +++ b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale.php @@ -16,9 +16,14 @@ switch( $_GET['per']) { } #sqli todo + +#limits +$limit=""; + #selector if(!IsSet($_GET['where'])) { - $where="detected>from_unixtime(0)"; + $where="1=1"; + $limit="order by detected desc limit 1000"; } else { $where = base64_decode($_GET['where']); } @@ -51,7 +56,7 @@ $count_cols=count($cols); $data=array(); #casova posloupnost # premapuju podle staticky alokovanych sloupcu, posilam to rovnou do grafu -$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, sum(attack_scale) as totalScale FROM events WHERE $where GROUP BY $query_cols, t;"; +$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, sum(attack_scale) as totalScale FROM events WHERE $where GROUP BY $query_cols, t $limit"; #var_dump($q); $res = mysql_query($q, $db); while ($tmp = mysql_fetch_assoc($res)) { diff --git a/src/warden-server/contrib/wardenweb/graph_TypeActivity.php b/src/warden-server/contrib/wardenweb/graph_TypeActivity.php index 50087770dc9570bf999b0bc2264071a23e919009..6be4a4df509adec4af38fcf5f4377526da14f975 100644 --- a/src/warden-server/contrib/wardenweb/graph_TypeActivity.php +++ b/src/warden-server/contrib/wardenweb/graph_TypeActivity.php @@ -17,7 +17,8 @@ switch( $_GET['per']) { #sqli todo #selector -$where="detected>from_unixtime(0)"; +$where="1=1"; +$limit="order by detected desc limit 1004"; $query_cols = "type"; @@ -46,7 +47,7 @@ $count_cols=count($cols); $data=array(); #casova posloupnost # premapuju podle staticky alokovanych sloupcu, posilam to rovnou do grafu -$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, count(*) as count FROM events WHERE $where GROUP BY $query_cols, t;"; +$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, count(*) as count FROM events WHERE $where GROUP BY $query_cols, t $limit"; #var_dump($q); $res = mysql_query($q, $db); while ($tmp = mysql_fetch_assoc($res)) { diff --git a/src/warden-server/contrib/wardenweb/graph_TypeActivityScale.php b/src/warden-server/contrib/wardenweb/graph_TypeActivityScale.php index c189c0f1c9c2701941a839cfe346ce6c080943fa..5f627a0f31854a9347dda66642fc411c43557b05 100644 --- a/src/warden-server/contrib/wardenweb/graph_TypeActivityScale.php +++ b/src/warden-server/contrib/wardenweb/graph_TypeActivityScale.php @@ -17,7 +17,8 @@ switch( $_GET['per']) { #sqli todo #selector -$where="detected>from_unixtime(0)"; +$where="1=1"; +$limit="order by detected desc limit 1003"; $query_cols = "type"; @@ -46,7 +47,7 @@ $count_cols=count($cols); $data=array(); #casova posloupnost # premapuju podle staticky alokovanych sloupcu, posilam to rovnou do grafu -$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, sum(attack_scale) as totalScale FROM events WHERE $where GROUP BY $query_cols, t;"; +$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, sum(attack_scale) as totalScale FROM events WHERE $where GROUP BY $query_cols, t $limit"; #var_dump($q); $res = mysql_query($q, $db); while ($tmp = mysql_fetch_assoc($res)) {