sql injection

[hammackj]

using this code:

!/usr/bin/env ruby

require "rubygems" require "apachelogregex"

format = '%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"' parser = ApacheLogRegex.new(format)

referers = File.readlines('access.log').collect do |line| values = parser.parse!(line) end

the parser cannot handle the nested quotes in the get request.

[hammackj@taco:~/Projects]$ ./logparser.rb /Library/Ruby/Gems/1.8/gems/apachelogregex-0.1.0/lib/apache_log_regex.rb:124:in parse!': Invalid format%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"for line10.69.69.3 frijoles.hammackj.com - [03/Nov/2010:21:00:10 -0500] "GET /login/?user=|"id"| HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)"(ApacheLogRegex::ParseError) from ./logparser.rb:13 from ./logparser.rb:12:incollect' from ./logparser.rb:12

Just letting you know! I like the parser!