firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 3.3.0

Browse Source 
添加安装脚本install.php
This commit is contained in:
firesun
2016-01-28 02:19:09 +08:00
parent ba12756105
commit 03a2e79acf
18 changed files with 2116 additions and 1334 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
dio.php
View File

@@ -1,161 +1,149 @@
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
require_once("config.php");
require_once("load.php");
require_once("functions.php");
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
function save_xss_record($info,$filename)
function save_xss_record($info, $filename)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
!file_exists($logFile) && @touch($logFile);
$info=encrypt($info);
if(file_put_contents($logFile, '<?php exit();?>'.$info)===false)
return false;
else
return true;
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
!file_exists($logFile) && @touch($logFile);
$info = encrypt($info);
if (file_put_contents($logFile, '<?php exit();?>' . $info) === false)
return false;
else
return true;
}
function load_xss_record($filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
if(!file_exists($logFile))
return false;
$info=@file_get_contents($logFile);
if($info===false)
return false;
if(strncmp($info,'<?php exit();?>',15)!=0)
return false;
$info=substr($info,15);
$info=decrypt($info);
//只会出现在加密密码错误的时候
if(!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/',$info))
return false;
$info=json_decode($info, true);
//只会出现在加密密码错误的时候
if($info===false)
return false;
$isChange=false;
if(!isset($info['location']))
{
$info['location']=stripStr(convertip($info['user_IP'],IPDATA_PATH));
$isChange=true;
}
//只会出现在加密密码错误的时候
if(!isset($info['request_time']))
{
return false;
}
if($isChange)
save_xss_record(json_encode($info),$filename);
return $info;
}
else
return false;
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
if (!file_exists($logFile))
return false;
$info = @file_get_contents($logFile);
if ($info === false)
return false;
if (strncmp($info, '<?php exit();?>', 15) != 0)
return false;
$info = substr($info, 15);
$info = decrypt($info);
//只会出现在加密密码错误的时候
if (!preg_match('/^[A-Za-z0-9\x00-\x80~!@#$%&_+-=:";\'<>,\/"\[\]\\\^\.\|\?\*\+\(\)\{\}\s]+$/', $info))
return false;
$info = json_decode($info, true);
//只会出现在加密密码错误的时候
if ($info === false)
return false;
$isChange = false;
if (!isset($info['location'])) {
$info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH));
$isChange = true;
}
//只会出现在加密密码错误的时候
if (!isset($info['request_time'])) {
return false;
}
if ($isChange)
save_xss_record(json_encode($info), $filename);
return $info;
} else
return false;
}
function delete_xss_record($filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$logFile = dirname( __FILE__ ).'/'.DATA_PATH.'/'.$filename.'.php';
return unlink($logFile);
}
else
return false;
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
return unlink($logFile);
} else
return false;
}
function clear_xss_record()
{
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
unlink($file);
}
return true;
$files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function load_js_content($path,$filename)
function load_js_content($path, $filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
if(!file_exists($file))
return false;
$info=@file_get_contents($file);
if($info===false)
$info="";
return $info;
}
else
return false;
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
if (!file_exists($file))
return false;
$info = @file_get_contents($file);
if ($info === false)
$info = "";
return $info;
} else
return false;
}
function delete_js($path,$filename)
function delete_js($path, $filename)
{
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc';
unlink($file);
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
return unlink($file);
}
else
return false;
if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
unlink($file);
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
return unlink($file);
} else
return false;
}
function clear_js($path)
{
$files = glob($path . '/*.desc');
foreach ($files as $file) {
unlink($file);
}
$files = glob($path . '/*.js');
foreach ($files as $file) {
unlink($file);
}
return true;
$files = glob($path . '/*.desc');
foreach ($files as $file) {
unlink($file);
}
$files = glob($path . '/*.js');
foreach ($files as $file) {
unlink($file);
}
return true;
}
function save_js_content($path,$content,$filename)
function save_js_content($path, $content, $filename)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.js';
!file_exists($file) && @touch($file);
if(file_put_contents($file, $content)===false)
return false;
else
return true;
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
!file_exists($file) && @touch($file);
if (file_put_contents($file, $content) === false)
return false;
else
return true;
}
function save_js_desc($path,$desc,$filename)
function save_js_desc($path, $desc, $filename)
{
$file = dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc';
!file_exists($file) && @touch($file);
$desc=encrypt($desc);
if(file_put_contents($file, $desc)===false)
return false;
else
return true;
}
?>
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
!file_exists($file) && @touch($file);
$desc = encrypt($desc);
if (file_put_contents($file, $desc) === false)
return false;
else
return true;
}