firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 3.3.0

Browse Source 
添加安装脚本install.php
This commit is contained in:
firesun
2016-01-28 02:19:09 +08:00
parent ba12756105
commit 03a2e79acf
18 changed files with 2116 additions and 1334 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
aes.php
View File

@@ -22,12 +22,14 @@ if(!defined('IN_XSS_PLATFORM')) {
* generated from the cipher key by KeyExpansion() * generated from the cipher key by KeyExpansion()
* @return ciphertext as byte-array (16 bytes) * @return ciphertext as byte-array (16 bytes)
*/ */
function Cipher($input, $w) { // main Cipher function [§5.1] function Cipher($input, $w) // main Cipher function [§5.1]
{
$Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES) $Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES)
$Nr = count($w) / $Nb - 1; // no of rounds: 10/12/14 for 128/192/256-bit keys $Nr = count($w) / $Nb - 1; // no of rounds: 10/12/14 for 128/192/256-bit keys
$state = array(); // initialise 4xNb byte-array 'state' with input [§3.4] $state = array(); // initialise 4xNb byte-array 'state' with input [§3.4]
for ($i=0; $i<4*$Nb; $i++) $state[$i%4][floor($i/4)] = $input[$i]; for ($i = 0; $i < 4 * $Nb; $i++)
$state[$i % 4][floor($i / 4)] = $input[$i];
$state = AddRoundKey($state, $w, 0, $Nb); $state = AddRoundKey($state, $w, 0, $Nb);
@@ -42,45 +44,62 @@ function Cipher($input, $w) { // main Cipher function [§5.1]
$state = ShiftRows($state, $Nb); $state = ShiftRows($state, $Nb);
$state = AddRoundKey($state, $w, $Nr, $Nb); $state = AddRoundKey($state, $w, $Nr, $Nb);
$output = array(4*$Nb); // convert state to 1-d array before returning [§3.4] $output = array(
for ($i=0; $i<4*$Nb; $i++) $output[$i] = $state[$i%4][floor($i/4)]; 4 * $Nb
); // convert state to 1-d array before returning [§3.4]
for ($i = 0; $i < 4 * $Nb; $i++)
$output[$i] = $state[$i % 4][floor($i / 4)];
return $output; return $output;
} }
function AddRoundKey($state, $w, $rnd, $Nb) { // xor Round Key into state S [§5.1.4] function AddRoundKey($state, $w, $rnd, $Nb) // xor Round Key into state S [§5.1.4]
{
for ($r = 0; $r < 4; $r++) { for ($r = 0; $r < 4; $r++) {
for ($c=0; $c<$Nb; $c++) $state[$r][$c] ^= $w[$rnd*4+$c][$r]; for ($c = 0; $c < $Nb; $c++)
$state[$r][$c] ^= $w[$rnd * 4 + $c][$r];
} }
return $state; return $state;
} }
function SubBytes($s, $Nb) { // apply SBox to state S [§5.1.1] function SubBytes($s, $Nb) // apply SBox to state S [§5.1.1]
{
global $Sbox; // PHP needs explicit declaration to access global variables! global $Sbox; // PHP needs explicit declaration to access global variables!
for ($r = 0; $r < 4; $r++) { for ($r = 0; $r < 4; $r++) {
for ($c=0; $c<$Nb; $c++) $s[$r][$c] = $Sbox[$s[$r][$c]]; for ($c = 0; $c < $Nb; $c++)
$s[$r][$c] = $Sbox[$s[$r][$c]];
} }
return $s; return $s;
} }
function ShiftRows($s, $Nb) { // shift row r of state S left by r bytes [§5.1.2] function ShiftRows($s, $Nb) // shift row r of state S left by r bytes [§5.1.2]
$t = array(4); {
$t = array(
4
);
for ($r = 1; $r < 4; $r++) { for ($r = 1; $r < 4; $r++) {
for ($c=0; $c<4; $c++) $t[$c] = $s[$r][($c+$r)%$Nb]; // shift into temp copy for ($c = 0; $c < 4; $c++)
for ($c=0; $c<4; $c++) $s[$r][$c] = $t[$c]; // and copy back $t[$c] = $s[$r][($c + $r) % $Nb]; // shift into temp copy
for ($c = 0; $c < 4; $c++)
$s[$r][$c] = $t[$c]; // and copy back
} // note that this will work for Nb=4,5,6, but not 7,8 (always 4 for AES): } // note that this will work for Nb=4,5,6, but not 7,8 (always 4 for AES):
return $s; // see fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.311.pdf return $s; // see fp.gladman.plus.com/cryptography_technology/rijndael/aes.spec.311.pdf
} }
function MixColumns($s, $Nb) { // combine bytes of each col of state S [§5.1.3] function MixColumns($s, $Nb) // combine bytes of each col of state S [§5.1.3]
{
for ($c = 0; $c < 4; $c++) { for ($c = 0; $c < 4; $c++) {
$a = array(4); // 'a' is a copy of the current column from 's' $a = array(
$b = array(4); // 'b' is a•{02} in GF(2^8) 4
); // 'a' is a copy of the current column from 's'
$b = array(
4
); // 'b' is a?{02} in GF(2^8)
for ($i = 0; $i < 4; $i++) { for ($i = 0; $i < 4; $i++) {
$a[$i] = $s[$i][$c]; $a[$i] = $s[$i][$c];
$b[$i] = $s[$i][$c] & 0x80 ? $s[$i][$c] << 1 ^ 0x011b : $s[$i][$c] << 1; $b[$i] = $s[$i][$c] & 0x80 ? $s[$i][$c] << 1 ^ 0x011b : $s[$i][$c] << 1;
} }
// a[n] ^ b[n] is a{03} in GF(2^8) // a[n] ^ b[n] is a?{03} in GF(2^8)
$s[0][$c] = $b[0] ^ $a[1] ^ $b[1] ^ $a[2] ^ $a[3]; // 2*a0 + 3*a1 + a2 + a3 $s[0][$c] = $b[0] ^ $a[1] ^ $b[1] ^ $a[2] ^ $a[3]; // 2*a0 + 3*a1 + a2 + a3
$s[1][$c] = $a[0] ^ $b[1] ^ $a[2] ^ $b[2] ^ $a[3]; // a0 * 2*a1 + 3*a2 + a3 $s[1][$c] = $a[0] ^ $b[1] ^ $a[2] ^ $b[2] ^ $a[3]; // a0 * 2*a1 + 3*a2 + a3
$s[2][$c] = $a[0] ^ $a[1] ^ $b[2] ^ $a[3] ^ $b[3]; // a0 + a1 + 2*a2 + 3*a3 $s[2][$c] = $a[0] ^ $a[1] ^ $b[2] ^ $a[3] ^ $b[3]; // a0 + a1 + 2*a2 + 3*a3
@@ -96,7 +115,8 @@ function MixColumns($s, $Nb) { // combine bytes of each col of state S [§5.1.
* @param key cipher key byte-array (16 bytes) * @param key cipher key byte-array (16 bytes)
* @return key schedule as 2D byte-array (Nr+1 x Nb bytes) * @return key schedule as 2D byte-array (Nr+1 x Nb bytes)
*/ */
function KeyExpansion($key) { // generate Key Schedule from Cipher Key [§5.2] function KeyExpansion($key) // generate Key Schedule from Cipher Key [§5.2]
{
global $Rcon; // PHP needs explicit declaration to access global variables! global $Rcon; // PHP needs explicit declaration to access global variables!
$Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES) $Nb = 4; // block size (in words): no of columns in state (fixed at 4 for AES)
$Nk = count($key) / 4; // key length (in words): 4/6/8 for 128/192/256-bit keys $Nk = count($key) / 4; // key length (in words): 4/6/8 for 128/192/256-bit keys
@@ -106,33 +126,45 @@ function KeyExpansion($key) { // generate Key Schedule from Cipher Key [§5.2]
$temp = array(); $temp = array();
for ($i = 0; $i < $Nk; $i++) { for ($i = 0; $i < $Nk; $i++) {
$r = array($key[4*$i], $key[4*$i+1], $key[4*$i+2], $key[4*$i+3]); $r = array(
$key[4 * $i],
$key[4 * $i + 1],
$key[4 * $i + 2],
$key[4 * $i + 3]
);
$w[$i] = $r; $w[$i] = $r;
} }
for ($i = $Nk; $i < ($Nb * ($Nr + 1)); $i++) { for ($i = $Nk; $i < ($Nb * ($Nr + 1)); $i++) {
$w[$i] = array(); $w[$i] = array();
for ($t=0; $t<4; $t++) $temp[$t] = $w[$i-1][$t]; for ($t = 0; $t < 4; $t++)
$temp[$t] = $w[$i - 1][$t];
if ($i % $Nk == 0) { if ($i % $Nk == 0) {
$temp = SubWord(RotWord($temp)); $temp = SubWord(RotWord($temp));
for ($t=0; $t<4; $t++) $temp[$t] ^= $Rcon[$i/$Nk][$t]; for ($t = 0; $t < 4; $t++)
$temp[$t] ^= $Rcon[$i / $Nk][$t];
} else if ($Nk > 6 && $i % $Nk == 4) { } else if ($Nk > 6 && $i % $Nk == 4) {
$temp = SubWord($temp); $temp = SubWord($temp);
} }
for ($t=0; $t<4; $t++) $w[$i][$t] = $w[$i-$Nk][$t] ^ $temp[$t]; for ($t = 0; $t < 4; $t++)
$w[$i][$t] = $w[$i - $Nk][$t] ^ $temp[$t];
} }
return $w; return $w;
} }
function SubWord($w) { // apply SBox to 4-byte word w function SubWord($w) // apply SBox to 4-byte word w
{
global $Sbox; // PHP needs explicit declaration to access global variables! global $Sbox; // PHP needs explicit declaration to access global variables!
for ($i=0; $i<4; $i++) $w[$i] = $Sbox[$w[$i]]; for ($i = 0; $i < 4; $i++)
$w[$i] = $Sbox[$w[$i]];
return $w; return $w;
} }
function RotWord($w) { // rotate 4-byte word w left by one byte function RotWord($w) // rotate 4-byte word w left by one byte
{
$w[4] = $w[0]; $w[4] = $w[0];
for ($i=0; $i<4; $i++) $w[$i] = $w[$i+1]; for ($i = 0; $i < 4; $i++)
$w[$i] = $w[$i + 1];
return $w; return $w;
} }
@@ -181,16 +213,19 @@ $Rcon = array( array(0x00, 0x00, 0x00, 0x00),
* @param nBits number of bits to be used in the key (128, 192, or 256) * @param nBits number of bits to be used in the key (128, 192, or 256)
* @return encrypted text * @return encrypted text
*/ */
function AESEncryptCtr($plaintext, $password="blue-lotus", $nBits=128) { function AESEncryptCtr($plaintext, $password = "blue-lotus", $nBits = 128)
{
$blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits==128 || $nBits==192 || $nBits==256)) return ''; // standard allows 128/192/256 bit keys if (!($nBits == 128 || $nBits == 192 || $nBits == 256))
return ''; // standard allows 128/192/256 bit keys
// note PHP (5) gives us plaintext and password in UTF8 encoding! // note PHP (5) gives us plaintext and password in UTF8 encoding!
// use AES itself to encrypt password to get cipher key (using plain password as source for key // use AES itself to encrypt password to get cipher key (using plain password as source for key
// expansion) - gives us well encrypted key // expansion) - gives us well encrypted key
$nBytes = $nBits / 8; // no bytes in key $nBytes = $nBits / 8; // no bytes in key
$pwBytes = array(); $pwBytes = array();
for ($i=0; $i<$nBytes; $i++) $pwBytes[$i] = ord(substr($password,$i,1)) & 0xff; for ($i = 0; $i < $nBytes; $i++)
$pwBytes[$i] = ord(substr($password, $i, 1)) & 0xff;
$key = Cipher($pwBytes, KeyExpansion($pwBytes)); $key = Cipher($pwBytes, KeyExpansion($pwBytes));
$key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long $key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long
@@ -201,11 +236,14 @@ function AESEncryptCtr($plaintext, $password="blue-lotus", $nBits=128) {
$nonceSec = floor($nonce / 1000); $nonceSec = floor($nonce / 1000);
$nonceMs = $nonce % 1000; $nonceMs = $nonce % 1000;
// encode nonce with seconds in 1st 4 bytes, and (repeated) ms part filling 2nd 4 bytes // encode nonce with seconds in 1st 4 bytes, and (repeated) ms part filling 2nd 4 bytes
for ($i=0; $i<4; $i++) $counterBlock[$i] = urs($nonceSec, $i*8) & 0xff; for ($i = 0; $i < 4; $i++)
for ($i=0; $i<4; $i++) $counterBlock[$i+4] = $nonceMs & 0xff; $counterBlock[$i] = urs($nonceSec, $i * 8) & 0xff;
for ($i = 0; $i < 4; $i++)
$counterBlock[$i + 4] = $nonceMs & 0xff;
// and convert it to a string to go on the front of the ciphertext // and convert it to a string to go on the front of the ciphertext
$ctrTxt = ''; $ctrTxt = '';
for ($i=0; $i<8; $i++) $ctrTxt .= chr($counterBlock[$i]); for ($i = 0; $i < 8; $i++)
$ctrTxt .= chr($counterBlock[$i]);
// generate key schedule - an expansion of the key into distinct Key Rounds for each round // generate key schedule - an expansion of the key into distinct Key Rounds for each round
$keySchedule = KeyExpansion($key); $keySchedule = KeyExpansion($key);
@@ -216,8 +254,10 @@ function AESEncryptCtr($plaintext, $password="blue-lotus", $nBits=128) {
for ($b = 0; $b < $blockCount; $b++) { for ($b = 0; $b < $blockCount; $b++) {
// set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes) // set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
// done in two stages for 32-bit ops: using two words allows us to go past 2^32 blocks (68GB) // done in two stages for 32-bit ops: using two words allows us to go past 2^32 blocks (68GB)
for ($c=0; $c<4; $c++) $counterBlock[15-$c] = urs($b, $c*8) & 0xff; for ($c = 0; $c < 4; $c++)
for ($c=0; $c<4; $c++) $counterBlock[15-$c-4] = urs($b/0x100000000, $c*8); $counterBlock[15 - $c] = urs($b, $c * 8) & 0xff;
for ($c = 0; $c < 4; $c++)
$counterBlock[15 - $c - 4] = urs($b / 0x100000000, $c * 8);
$cipherCntr = Cipher($counterBlock, $keySchedule); // -- encrypt counter block -- $cipherCntr = Cipher($counterBlock, $keySchedule); // -- encrypt counter block --
@@ -247,22 +287,26 @@ function AESEncryptCtr($plaintext, $password="blue-lotus", $nBits=128) {
* @param nBits number of bits to be used in the key (128, 192, or 256) * @param nBits number of bits to be used in the key (128, 192, or 256)
* @return decrypted text * @return decrypted text
*/ */
function AESDecryptCtr($ciphertext, $password="blue-lotus", $nBits=128) { function AESDecryptCtr($ciphertext, $password = "blue-lotus", $nBits = 128)
{
$blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES $blockSize = 16; // block size fixed at 16 bytes / 128 bits (Nb=4) for AES
if (!($nBits==128 || $nBits==192 || $nBits==256)) return ''; // standard allows 128/192/256 bit keys if (!($nBits == 128 || $nBits == 192 || $nBits == 256))
return ''; // standard allows 128/192/256 bit keys
$ciphertext = base64_decode($ciphertext); $ciphertext = base64_decode($ciphertext);
// use AES to encrypt password (mirroring encrypt routine) // use AES to encrypt password (mirroring encrypt routine)
$nBytes = $nBits / 8; // no bytes in key $nBytes = $nBits / 8; // no bytes in key
$pwBytes = array(); $pwBytes = array();
for ($i=0; $i<$nBytes; $i++) $pwBytes[$i] = ord(substr($password,$i,1)) & 0xff; for ($i = 0; $i < $nBytes; $i++)
$pwBytes[$i] = ord(substr($password, $i, 1)) & 0xff;
$key = Cipher($pwBytes, KeyExpansion($pwBytes)); $key = Cipher($pwBytes, KeyExpansion($pwBytes));
$key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long $key = array_merge($key, array_slice($key, 0, $nBytes - 16)); // expand key to 16/24/32 bytes long
// recover nonce from 1st element of ciphertext // recover nonce from 1st element of ciphertext
$counterBlock = array(); $counterBlock = array();
$ctrTxt = substr($ciphertext, 0, 8); $ctrTxt = substr($ciphertext, 0, 8);
for ($i=0; $i<8; $i++) $counterBlock[$i] = ord(substr($ctrTxt,$i,1)); for ($i = 0; $i < 8; $i++)
$counterBlock[$i] = ord(substr($ctrTxt, $i, 1));
// generate key schedule // generate key schedule
$keySchedule = KeyExpansion($key); $keySchedule = KeyExpansion($key);
@@ -270,7 +314,8 @@ function AESDecryptCtr($ciphertext, $password="blue-lotus", $nBits=128) {
// separate ciphertext into blocks (skipping past initial 8 bytes) // separate ciphertext into blocks (skipping past initial 8 bytes)
$nBlocks = ceil((strlen($ciphertext) - 8) / $blockSize); $nBlocks = ceil((strlen($ciphertext) - 8) / $blockSize);
$ct = array(); $ct = array();
for ($b=0; $b<$nBlocks; $b++) $ct[$b] = substr($ciphertext, 8+$b*$blockSize, 16); for ($b = 0; $b < $nBlocks; $b++)
$ct[$b] = substr($ciphertext, 8 + $b * $blockSize, 16);
$ciphertext = $ct; // ciphertext is now array of block-length strings $ciphertext = $ct; // ciphertext is now array of block-length strings
// plaintext will get generated block-by-block into array of block-length strings // plaintext will get generated block-by-block into array of block-length strings
@@ -278,8 +323,10 @@ function AESDecryptCtr($ciphertext, $password="blue-lotus", $nBits=128) {
for ($b = 0; $b < $nBlocks; $b++) { for ($b = 0; $b < $nBlocks; $b++) {
// set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes) // set counter (block #) in last 8 bytes of counter block (leaving nonce in 1st 8 bytes)
for ($c=0; $c<4; $c++) $counterBlock[15-$c] = urs($b, $c*8) & 0xff; for ($c = 0; $c < 4; $c++)
for ($c=0; $c<4; $c++) $counterBlock[15-$c-4] = urs(($b+1)/0x100000000-1, $c*8) & 0xff; $counterBlock[15 - $c] = urs($b, $c * 8) & 0xff;
for ($c = 0; $c < 4; $c++)
$counterBlock[15 - $c - 4] = urs(($b + 1) / 0x100000000 - 1, $c * 8) & 0xff;
$cipherCntr = Cipher($counterBlock, $keySchedule); // encrypt counter block $cipherCntr = Cipher($counterBlock, $keySchedule); // encrypt counter block
@@ -307,8 +354,10 @@ function AESDecryptCtr($ciphertext, $password="blue-lotus", $nBits=128) {
* @param b number of bits to shift a to the right (0..31) * @param b number of bits to shift a to the right (0..31)
* @return a right-shifted and zero-filled by b bits * @return a right-shifted and zero-filled by b bits
*/ */
function urs($a, $b) { function urs($a, $b)
$a &= 0xffffffff; $b &= 0x1f; // (bounds check) {
$a &= 0xffffffff;
$b &= 0x1f; // (bounds check)
if ($a & 0x80000000 && $b > 0) { // if left-most bit set if ($a & 0x80000000 && $b > 0) { // if left-most bit set
$a = ($a >> 1) & 0x7fffffff; // right-shift one bit & clear left-most bit $a = ($a >> 1) & 0x7fffffff; // right-shift one bit & clear left-most bit
$a = $a >> ($b - 1); // remaining right-shifts $a = $a >> ($b - 1); // remaining right-shifts
@@ -317,4 +366,3 @@ function urs($a, $b) {
} }
return $a; return $a;
} }
?>

75
api.php
View File

@@ -1,8 +1,8 @@
<?php <?php
define("IN_XSS_PLATFORM", true); define("IN_XSS_PLATFORM", true);
require('auth.php'); require_once('auth.php');
require_once("load.php");
require_once("functions.php"); require_once("functions.php");
require_once("config.php");
require_once("dio.php"); require_once("dio.php");
header('Content-Type: application/json'); header('Content-Type: application/json');
@@ -11,12 +11,9 @@ define('ID_REGEX', '/^[0-9]{10}$/');
//合法文件名的正则表达式 //合法文件名的正则表达式
define('FILE_REGEX', '/(?!((^(con)$)|^(con)\..*|(^(prn)$)|^(prn)\..*|(^(aux)$)|^(aux)\..*|(^(nul)$)|^(nul)\..*|(^(com)[1-9]$)|^(com)[1-9]\..*|(^(lpt)[1-9]$)|^(lpt)[1-9]\..*)|^\s+|.*\s$)(^[^\/\\\:\*\?\"\<\>\|]{1,255}$)/'); define('FILE_REGEX', '/(?!((^(con)$)|^(con)\..*|(^(prn)$)|^(prn)\..*|(^(aux)$)|^(aux)\..*|(^(nul)$)|^(nul)\..*|(^(com)[1-9]$)|^(com)[1-9]\..*|(^(lpt)[1-9]$)|^(lpt)[1-9]\..*)|^\s+|.*\s$)(^[^\/\\\:\*\?\"\<\>\|]{1,255}$)/');
//与xss记录相关api //与xss记录相关api
if(isset($_GET['cmd'])) if (isset($_GET['cmd'])) {
{ switch ($_GET['cmd']) {
switch($_GET['cmd'])
{
//获取所有记录包括详细信息 //获取所有记录包括详细信息
case 'list': case 'list':
echo json_encode(xss_record_detail_list()); echo json_encode(xss_record_detail_list());
@@ -53,10 +50,8 @@ if(isset($_GET['cmd']))
} }
} }
//与js模板相关api //与js模板相关api
else if(isset($_GET['js_template_cmd'])) else if (isset($_GET['js_template_cmd'])) {
{ switch ($_GET['js_template_cmd']) {
switch($_GET['js_template_cmd'])
{
//获取所有js模板的名字与描述 //获取所有js模板的名字与描述
case 'list': case 'list':
echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH)); echo json_encode(js_name_and_desc_list(JS_TEMPLATE_PATH));
@@ -64,30 +59,25 @@ else if(isset($_GET['js_template_cmd']))
//添加js模板 //添加js模板
case 'add': case 'add':
if(isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['name'])) if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) {
{
if (!is_writable(JS_TEMPLATE_PATH)) if (!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false); echo json_encode(false);
else else {
{
save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']); save_js_desc(JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name']);
save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']); save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true); echo json_encode(true);
} }
} } else
else
echo json_encode(false); echo json_encode(false);
break; break;
//修改js模板 //修改js模板
case 'modify': case 'modify':
if(isset($_POST['old_name'])&&isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['old_name'])&&preg_match(FILE_REGEX,$_POST['name'])) if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) {
{
if (!is_writable(JS_TEMPLATE_PATH)) if (!is_writable(JS_TEMPLATE_PATH))
echo json_encode(false); echo json_encode(false);
else else {
{
if ($_POST['old_name'] != $_POST['name']) if ($_POST['old_name'] != $_POST['name'])
delete_js(JS_TEMPLATE_PATH, $_POST['old_name']); delete_js(JS_TEMPLATE_PATH, $_POST['old_name']);
@@ -95,8 +85,7 @@ else if(isset($_GET['js_template_cmd']))
save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']); save_js_content(JS_TEMPLATE_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true); echo json_encode(true);
} }
} } else
else
echo json_encode(false); echo json_encode(false);
break; break;
@@ -127,10 +116,8 @@ else if(isset($_GET['js_template_cmd']))
} }
} }
//与我的js相关api //与我的js相关api
else if(isset($_GET['my_js_cmd'])) else if (isset($_GET['my_js_cmd'])) {
{ switch ($_GET['my_js_cmd']) {
switch($_GET['my_js_cmd'])
{
//获取所有我的js的名字与描述 //获取所有我的js的名字与描述
case 'list': case 'list':
echo json_encode(js_name_and_desc_list(MY_JS_PATH)); echo json_encode(js_name_and_desc_list(MY_JS_PATH));
@@ -138,31 +125,26 @@ else if(isset($_GET['my_js_cmd']))
//添加js模板 //添加js模板
case 'add': case 'add':
if(isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['name'])) if (isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['name'])) {
{
if (!is_writable(MY_JS_PATH)) if (!is_writable(MY_JS_PATH))
echo json_encode(false); echo json_encode(false);
else else {
{
save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']); save_js_desc(MY_JS_PATH, $_POST['desc'], $_POST['name']);
save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']); save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true); echo json_encode(true);
} }
} } else
else
echo json_encode(false); echo json_encode(false);
break; break;
//修改js模板 //修改js模板
case 'modify': case 'modify':
if(isset($_POST['old_name'])&&isset($_POST['name'])&&isset($_POST['desc'])&&isset($_POST['content'])&&preg_match(FILE_REGEX,$_POST['old_name'])&&preg_match(FILE_REGEX,$_POST['name'])) if (isset($_POST['old_name']) && isset($_POST['name']) && isset($_POST['desc']) && isset($_POST['content']) && preg_match(FILE_REGEX, $_POST['old_name']) && preg_match(FILE_REGEX, $_POST['name'])) {
{
if (!is_writable(MY_JS_PATH)) if (!is_writable(MY_JS_PATH))
echo json_encode(false); echo json_encode(false);
else else {
{
if ($_POST['old_name'] != $_POST['name']) if ($_POST['old_name'] != $_POST['name'])
delete_js(MY_JS_PATH, $_POST['old_name']); delete_js(MY_JS_PATH, $_POST['old_name']);
@@ -170,8 +152,7 @@ else if(isset($_GET['my_js_cmd']))
save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']); save_js_content(MY_JS_PATH, $_POST['content'], $_POST['name']);
echo json_encode(true); echo json_encode(true);
} }
} } else
else
echo json_encode(false); echo json_encode(false);
break; break;
@@ -200,12 +181,12 @@ else if(isset($_GET['my_js_cmd']))
default: default:
echo json_encode(false); echo json_encode(false);
} }
} } else
else
echo json_encode(false); echo json_encode(false);
function xss_record_id_list() { function xss_record_id_list()
{
$files = glob(DATA_PATH . '/*.php'); $files = glob(DATA_PATH . '/*.php');
$list = array(); $list = array();
foreach ($files as $file) { foreach ($files as $file) {
@@ -216,23 +197,22 @@ function xss_record_id_list() {
return $list; return $list;
} }
function xss_record_detail_list() { function xss_record_detail_list()
{
$list = array(); $list = array();
$files = glob(DATA_PATH . '/*.php'); $files = glob(DATA_PATH . '/*.php');
arsort($files); arsort($files);
foreach ($files as $file) { foreach ($files as $file) {
$filename = basename($file, ".php"); $filename = basename($file, ".php");
if( preg_match(ID_REGEX, $filename) ) if (preg_match(ID_REGEX, $filename)) {
{
$info = load_xss_record($filename); $info = load_xss_record($filename);
if ($info === false) if ($info === false)
continue; continue;
$isChange = false; $isChange = false;
//如果没有设置location就查询qqwry.dat判断location //如果没有设置location就查询qqwry.dat判断location
if(!isset($info['location'])) if (!isset($info['location'])) {
{
$info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH)); $info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH));
$isChange = true; $isChange = true;
} }
@@ -281,4 +261,3 @@ function js_name_and_desc_list($path)
return $list; return $list;
} }
?>

5
auth.php
View File

@@ -8,8 +8,7 @@ ini_set("session.cookie_httponly", 1);
session_start(); session_start();
//判断登陆情况ip和useragent是否改变改变则强制退出 //判断登陆情况ip和useragent是否改变改变则强制退出
if(!(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true && isset($_SESSION['user_IP']) &&$_SESSION['user_IP']!="" &&$_SESSION['user_IP']=== $_SERVER['REMOTE_ADDR'] &&isset($_SESSION['user_agent']) &&$_SESSION['user_agent']!="" &&$_SESSION['user_agent']=== $_SERVER['HTTP_USER_AGENT'] )) if (!(isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true && isset($_SESSION['user_IP']) && $_SESSION['user_IP'] != "" && $_SESSION['user_IP'] === $_SERVER['REMOTE_ADDR'] && isset($_SESSION['user_agent']) && $_SESSION['user_agent'] != "" && $_SESSION['user_agent'] === $_SERVER['HTTP_USER_AGENT'])) {
{
$_SESSION['isLogin'] = false; $_SESSION['isLogin'] = false;
$_SESSION['user_IP'] = ""; $_SESSION['user_IP'] = "";
$_SESSION['user_agent'] = ""; $_SESSION['user_agent'] = "";
@@ -23,5 +22,3 @@ if(!(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true && isset($_SESSI
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'"); header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'"); header("X-Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'none'");
header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'"); header("X-WebKit-CSP: default-src 'self'; style-src 'self' 'unsafe-inline';img-src 'self' data:; frame-src 'none'");
?>

70
change_encrypt_pass.php
View File

@@ -29,20 +29,21 @@ if($argv[1]==="update")
else else
change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]); change_pass($argv[1], $argv[2], $argv[3], $argv[4], $argv[5], $argv[6]);
function update_from_old_version($old_enable_encrypt,$old_encrypt_pass){ function update_from_old_version($old_encrypt_enable, $old_encrypt_pass)
//如果从旧版本升级就统一先切换为RC4密码bluelotus
modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,"AES","true","bluelotus", "RC4");
modify_xss_record($old_enable_encrypt,$old_encrypt_pass,"AES","true","bluelotus","RC4");
}
function change_pass($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type)
{ {
modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type); //如果从旧版本升级就统一先切换为RC4密码bluelotus
modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type); modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4");
modify_js_desc(MY_JS_PATH,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type); modify_xss_record($old_encrypt_enable, $old_encrypt_pass, "AES", "true", "bluelotus", "RC4");
modify_js_desc(JS_TEMPLATE_PATH,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type); }
function change_pass($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{
modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_js_desc(MY_JS_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
modify_js_desc(JS_TEMPLATE_PATH, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
} }
function modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type) function modify_ForbiddenIPList($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{ {
$logfile = DATA_PATH . '/forbiddenIPList.dat'; $logfile = DATA_PATH . '/forbiddenIPList.dat';
@@ -50,8 +51,8 @@ function modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encry
if ($str === false) if ($str === false)
return; return;
$str=decrypt($str,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type); $str = decrypt($str, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
$str=encrypt($str, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type); $str = encrypt($str, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents($logfile, $str)) if (@file_put_contents($logfile, $str))
echo "修改封禁ip成功\n"; echo "修改封禁ip成功\n";
@@ -59,25 +60,22 @@ function modify_ForbiddenIPList($old_enable_encrypt,$old_encrypt_pass,$old_encry
echo "修改封禁ip失败可能是没有权限chmod 777\n"; echo "修改封禁ip失败可能是没有权限chmod 777\n";
} }
function modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type) function modify_xss_record($old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{ {
$files = glob(DATA_PATH . '/*.php'); $files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) { foreach ($files as $file) {
$filename = basename($file, ".php"); $filename = basename($file, ".php");
if( preg_match("/^[0-9]{10}$/", $filename) ) if (preg_match("/^[0-9]{10}$/", $filename)) {
{
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
$info = @file_get_contents($logFile); $info = @file_get_contents($logFile);
if($info!==false && strncmp($info,'<?php exit();?>',15)===0) if ($info !== false && strncmp($info, '<?php exit();?>', 15) === 0) {
{
$info = substr($info, 15); $info = substr($info, 15);
$info=decrypt($info,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type); $info = decrypt($info, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
} } else
else
$info = ""; $info = "";
$info=encrypt($info, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type); $info = encrypt($info, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents($logFile, '<?php exit();?>' . $info)) if (@file_put_contents($logFile, '<?php exit();?>' . $info))
echo "修改一条xss记录成功\n"; echo "修改一条xss记录成功\n";
@@ -87,7 +85,7 @@ function modify_xss_record($old_enable_encrypt,$old_encrypt_pass,$old_encrypt_ty
} }
} }
} }
function modify_js_desc($path,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type,$new_enable_encrypt,$new_encrypt_pass, $new_encrypt_type) function modify_js_desc($path, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type)
{ {
$files = glob($path . '/*.js'); $files = glob($path . '/*.js');
foreach ($files as $file) { foreach ($files as $file) {
@@ -98,11 +96,11 @@ function modify_js_desc($path,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt
$desc = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'); $desc = @file_get_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc');
if ($desc !== false) if ($desc !== false)
$desc=decrypt($desc,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt_type); $desc = decrypt($desc, $old_encrypt_enable, $old_encrypt_pass, $old_encrypt_type);
else else
$desc = ""; $desc = "";
$desc=encrypt($desc, $new_enable_encrypt, $new_encrypt_pass, $new_encrypt_type); $desc = encrypt($desc, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
if (@file_put_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc', $desc)) if (@file_put_contents(dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc', $desc))
echo "修改一条js描述成功\n"; echo "修改一条js描述成功\n";
@@ -111,40 +109,34 @@ function modify_js_desc($path,$old_enable_encrypt,$old_encrypt_pass,$old_encrypt
} }
} }
function encrypt($info,$enable_encrypt,$encrypt_pass,$encrypt_type) function encrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type)
{ {
if($enable_encrypt) { if ($encrypt_enable) {
if ($encrypt_type === "AES") { if ($encrypt_type === "AES") {
require_once("aes.php"); require_once("aes.php");
$info = AESEncryptCtr($info, $encrypt_pass); $info = AESEncryptCtr($info, $encrypt_pass);
} } else {
else {
require_once("rc4.php"); require_once("rc4.php");
$info = base64_encode(rc4($info, $encrypt_pass)); $info = base64_encode(rc4($info, $encrypt_pass));
} }
} } else
else
$info = base64_encode($info); $info = base64_encode($info);
return $info; return $info;
} }
function decrypt($info,$enable_encrypt,$encrypt_pass,$encrypt_type) function decrypt($info, $encrypt_enable, $encrypt_pass, $encrypt_type)
{ {
if($enable_encrypt) { if ($encrypt_enable) {
if ($encrypt_type === "AES") { if ($encrypt_type === "AES") {
require_once("aes.php"); require_once("aes.php");
$info = AESDecryptCtr($info, $encrypt_pass); $info = AESDecryptCtr($info, $encrypt_pass);
} } else {
else {
require_once("rc4.php"); require_once("rc4.php");
$info = rc4(base64_decode($info), $encrypt_pass); $info = rc4(base64_decode($info), $encrypt_pass);
} }
} } else
else
$info = base64_decode($info); $info = base64_decode($info);
return $info; return $info;
} }
?>

25
config-sample.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
define("PASS", "2a05218c7aa0a6dbd370985d984627b8"); //后台登录密码默认密码bluelotus
define("DATA_PATH", "data"); //xss记录、封禁ip列表存放目录
define("JS_TEMPLATE_PATH", "template"); //js模板存放目录
define("MY_JS_PATH", "myjs"); //我的js存放目录
define("ENCRYPT_ENABLE", true); //是否加密“xss记录封禁ip列表js描述”
define("ENCRYPT_PASS", "bluelotus"); //加密密码
define("ENCRYPT_TYPE", "RC4"); //加密方法AES或RC4
define("KEEP_SESSION", true); //是否启用KEEP_SESSION功能需要外部定时访问keepsession.php
define("IPDATA_PATH", "qqwry.dat"); //ip归属地数据库地址
/*邮件通知相关配置*/
define("MAIL_ENABLE", false); //开启邮件通知
define("SMTP_SERVER", "smtp.xxx.com"); //smtp服务器
define("SMTP_PORT", 465); //端口
define("SMTP_SECURE", "ssl");
define("MAIL_USER", "xxx@xxx.com"); //发件人用户名
define("MAIL_PASS", "xxxxxx"); //发件人密码
define("MAIL_FROM", "xxx@xxx.com"); //发件人地址(需真实,不可伪造)
define("MAIL_RECV", "xxxx@xxxx.com"); //接收通知的邮件地址

27
config.php
View File

@@ -1,27 +0,0 @@
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
define('PASS', '2a05218c7aa0a6dbd370985d984627b8');//后台登录密码默认密码bluelotus
define('DATA_PATH', 'data');//xss记录、封禁ip列表存放目录
define('JS_TEMPLATE_PATH', 'template');//js模板存放目录
define('MY_JS_PATH', 'myjs');//我的js存放目录
define('ENABLE_ENCRYPT', true);//是否加密“xss记录封禁ip列表js描述”
define('ENCRYPT_PASS', "bluelotus");//加密密码
define('ENCRYPT_TYPE', "RC4");//加密方法AES或RC4
define('KEEP_SESSION', true);//是否启用KEEP_SESSION功能需要外部定时访问keepsession.php
define('IPDATA_PATH', "qqwry.dat");//ip归属地数据库地址
/*邮件通知相关配置*/
define('MAIL_ENABLE', false);//开启邮件通知
define('SMTP_SERVER', "smtp.xxx.com");//smtp服务器
define('SMTP_PORT', 465);//端口
define('SMTP_SECURE', "ssl");
define('MAIL_USER', "xxx@xxx.com");//发件人用户名
define('MAIL_PASS', "xxxxxx");//发件人密码
define('MAIL_FROM', "xxx@xxx.com");//发件人地址(需真实,不可伪造)
define('MAIL_RECV', "xxxx@xxxx.com");//接收通知的邮件地址
?>

34
dio.php
View File

@@ -2,7 +2,7 @@
if (!defined('IN_XSS_PLATFORM')) { if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied'); exit('Access Denied');
} }
require_once("config.php"); require_once("load.php");
require_once("functions.php"); require_once("functions.php");
//对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id //对记录的读写操作无数据库采用读写文件的方式文件名即请求时的时间戳同时也是记录的id
@@ -21,8 +21,7 @@ function save_xss_record($info,$filename)
function load_xss_record($filename) function load_xss_record($filename)
{ {
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false) if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
{
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
if (!file_exists($logFile)) if (!file_exists($logFile))
return false; return false;
@@ -47,15 +46,13 @@ function load_xss_record($filename)
return false; return false;
$isChange = false; $isChange = false;
if(!isset($info['location'])) if (!isset($info['location'])) {
{
$info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH)); $info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH));
$isChange = true; $isChange = true;
} }
//只会出现在加密密码错误的时候 //只会出现在加密密码错误的时候
if(!isset($info['request_time'])) if (!isset($info['request_time'])) {
{
return false; return false;
} }
@@ -63,19 +60,16 @@ function load_xss_record($filename)
save_xss_record(json_encode($info), $filename); save_xss_record(json_encode($info), $filename);
return $info; return $info;
} } else
else
return false; return false;
} }
function delete_xss_record($filename) function delete_xss_record($filename)
{ {
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false) if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
{
$logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php';
return unlink($logFile); return unlink($logFile);
} } else
else
return false; return false;
} }
@@ -91,8 +85,7 @@ function clear_xss_record()
function load_js_content($path, $filename) function load_js_content($path, $filename)
{ {
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false) if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
{
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
if (!file_exists($file)) if (!file_exists($file))
return false; return false;
@@ -101,21 +94,18 @@ function load_js_content($path,$filename)
if ($info === false) if ($info === false)
$info = ""; $info = "";
return $info; return $info;
} } else
else
return false; return false;
} }
function delete_js($path, $filename) function delete_js($path, $filename)
{ {
if(strpos($filename, "..")===false && strpos($filename, "/")===false && strpos($filename, "\\")===false) if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) {
{
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc'; $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc';
unlink($file); unlink($file);
$file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js'; $file = dirname(__FILE__) . '/' . $path . '/' . $filename . '.js';
return unlink($file); return unlink($file);
} } else
else
return false; return false;
} }
@@ -157,5 +147,3 @@ function save_js_desc($path,$desc,$filename)
else else
return true; return true;
} }
?>

66
functions.php
View File

@@ -3,11 +3,12 @@ if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied'); exit('Access Denied');
} }
require_once("config.php"); require_once("load.php");
//nginx无getallheaders函数 //nginx无getallheaders函数
if (!function_exists('getallheaders')) { if (!function_exists('getallheaders')) {
function getallheaders() { function getallheaders()
{
foreach ($_SERVER as $name => $value) { foreach ($_SERVER as $name => $value) {
if (substr($name, 0, 5) == 'HTTP_') { if (substr($name, 0, 5) == 'HTTP_') {
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value; $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
@@ -18,28 +19,26 @@ if (!function_exists('getallheaders')) {
} }
//判断该记录是否 //判断该记录是否
function isKeepSession($info){ function isKeepSession($info)
{
$keepsession = false; $keepsession = false;
foreach ($info['get_data'] as $k => $v) { foreach ($info['get_data'] as $k => $v) {
if($k==="keepsession") if ($k === "keepsession") {
{
$keepsession = ($v === "1" ? true : false); $keepsession = ($v === "1" ? true : false);
return $keepsession; return $keepsession;
} }
} }
foreach ($info['post_data'] as $k => $v) { foreach ($info['post_data'] as $k => $v) {
if($k==="keepsession") if ($k === "keepsession") {
{
$keepsession = ($v === "1" ? true : false); $keepsession = ($v === "1" ? true : false);
return $keepsession; return $keepsession;
} }
} }
foreach ($info['cookie_data'] as $k => $v) { foreach ($info['cookie_data'] as $k => $v) {
if($k==="keepsession") if ($k === "keepsession") {
{
$keepsession = ($v === "1" ? true : false); $keepsession = ($v === "1" ? true : false);
return $keepsession; return $keepsession;
} }
@@ -48,13 +47,15 @@ function isKeepSession($info){
} }
//xss过滤 //xss过滤
function stripStr($str){ function stripStr($str)
{
if (get_magic_quotes_gpc()) if (get_magic_quotes_gpc())
$str = stripslashes($str); $str = stripslashes($str);
return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8')); return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8'));
} }
function stripArr($arr){ function stripArr($arr)
{
$new_arr = array(); $new_arr = array();
foreach ($arr as $k => $v) { foreach ($arr as $k => $v) {
$new_arr[stripStr($k)] = stripStr($v); $new_arr[stripStr($k)] = stripStr($v);
@@ -65,8 +66,7 @@ function stripArr($arr){
//尝试base64解码 //尝试base64解码
function tryBase64Decode($arr) function tryBase64Decode($arr)
{ {
if(isset($arr)&&count($arr)>0) if (isset($arr) && count($arr) > 0) {
{
$isChanged = 0; $isChanged = 0;
$new_arr = array(); $new_arr = array();
@@ -83,8 +83,7 @@ function tryBase64Decode($arr)
return $new_arr; return $new_arr;
else else
return false; return false;
} } else
else
return false; return false;
} }
@@ -100,17 +99,15 @@ function isBase64Formatted($str)
function encrypt($info) function encrypt($info)
{ {
if(ENABLE_ENCRYPT) { if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") { if (ENCRYPT_TYPE === "AES") {
require_once("aes.php"); require_once("aes.php");
$info = AESEncryptCtr($info, ENCRYPT_PASS); $info = AESEncryptCtr($info, ENCRYPT_PASS);
} } else {
else {
require_once("rc4.php"); require_once("rc4.php");
$info = base64_encode(rc4($info, ENCRYPT_PASS)); $info = base64_encode(rc4($info, ENCRYPT_PASS));
} }
} } else
else
$info = base64_encode($info); $info = base64_encode($info);
return $info; return $info;
@@ -118,24 +115,23 @@ function encrypt($info)
function decrypt($info) function decrypt($info)
{ {
if(ENABLE_ENCRYPT) { if (ENCRYPT_ENABLE) {
if (ENCRYPT_TYPE === "AES") { if (ENCRYPT_TYPE === "AES") {
require_once("aes.php"); require_once("aes.php");
$info = AESDecryptCtr($info, ENCRYPT_PASS); $info = AESDecryptCtr($info, ENCRYPT_PASS);
} } else {
else {
require_once("rc4.php"); require_once("rc4.php");
$info = rc4(base64_decode($info), ENCRYPT_PASS); $info = rc4(base64_decode($info), ENCRYPT_PASS);
} }
} } else
else
$info = base64_decode($info); $info = base64_decode($info);
return $info; return $info;
} }
//基于Discuz X3.1 function_misc.php //基于Discuz X3.1 function_misc.php
function convertip($ip, $ipdatafile) { function convertip($ip, $ipdatafile)
{
$ipaddr = '未知'; $ipaddr = '未知';
if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) { if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) {
$iparray = explode('.', $ip); $iparray = explode('.', $ip);
@@ -152,11 +148,14 @@ function convertip($ip, $ipdatafile) {
$ip = explode('.', $ip); $ip = explode('.', $ip);
$ipNum = $ip[0] * 16777216 + $ip[1] * 65536 + $ip[2] * 256 + $ip[3]; $ipNum = $ip[0] * 16777216 + $ip[1] * 65536 + $ip[2] * 256 + $ip[3];
if(!($DataBegin = fread($fd, 4)) || !($DataEnd = fread($fd, 4)) ) return; if (!($DataBegin = fread($fd, 4)) || !($DataEnd = fread($fd, 4)))
return;
@$ipbegin = implode('', unpack('L', $DataBegin)); @$ipbegin = implode('', unpack('L', $DataBegin));
if($ipbegin < 0) $ipbegin += pow(2, 32); if ($ipbegin < 0)
$ipbegin += pow(2, 32);
@$ipend = implode('', unpack('L', $DataEnd)); @$ipend = implode('', unpack('L', $DataEnd));
if($ipend < 0) $ipend += pow(2, 32); if ($ipend < 0)
$ipend += pow(2, 32);
$ipAllNum = ($ipend - $ipbegin) / 7 + 1; $ipAllNum = ($ipend - $ipbegin) / 7 + 1;
$BeginNum = $ip2num = $ip1num = 0; $BeginNum = $ip2num = $ip1num = 0;
@@ -173,7 +172,8 @@ function convertip($ip, $ipdatafile) {
return '系统错误'; return '系统错误';
} }
$ip1num = implode('', unpack('L', $ipData1)); $ip1num = implode('', unpack('L', $ipData1));
if($ip1num < 0) $ip1num += pow(2, 32); if ($ip1num < 0)
$ip1num += pow(2, 32);
if ($ip1num > $ipNum) { if ($ip1num > $ipNum) {
$EndNum = $Middle; $EndNum = $Middle;
@@ -193,7 +193,8 @@ function convertip($ip, $ipdatafile) {
return '系统错误'; return '系统错误';
} }
$ip2num = implode('', unpack('L', $ipData2)); $ip2num = implode('', unpack('L', $ipData2));
if($ip2num < 0) $ip2num += pow(2, 32); if ($ip2num < 0)
$ip2num += pow(2, 32);
if ($ip2num < $ipNum) { if ($ip2num < $ipNum) {
if ($Middle == $BeginNum) { if ($Middle == $BeginNum) {
@@ -290,6 +291,3 @@ function convertip($ip, $ipdatafile) {
} }
return $ipaddr; return $ipaddr;
} }
?>

7
index.php
View File

@@ -4,14 +4,15 @@ ignore_user_abort(true);
error_reporting(0); error_reporting(0);
//sometimes we only need "referfer". //sometimes we only need "referfer".
/* /*
if(count($_GET)==0&&count($_POST)==0&&count($_COOKIE)==0) if(count($_GET)==0&&count($_POST)==0&&count($_COOKIE)==0)
exit(); exit();
*/ */
header("Access-Control-Allow-Origin:*"); header("Access-Control-Allow-Origin:*");
require_once("load.php");
require_once("functions.php"); require_once("functions.php");
require_once("dio.php"); require_once("dio.php");
require_once("config.php");
$info = array(); $info = array();
@@ -61,7 +62,5 @@ save_xss_record(json_encode($info),$request_time);
//发送邮件通知 //发送邮件通知
if (MAIL_ENABLE) { if (MAIL_ENABLE) {
require_once("mail.php"); require_once("mail.php");
send_mail($info); @send_mail($info);
} }
?>

465
install.php Normal file
View File

@@ -0,0 +1,465 @@
<?php
define("IN_XSS_PLATFORM",true);
ignore_user_abort(true);
//检测是否已经安装
if ( file_exists('config.php') ) {
display_header();
@unlink($_SERVER['SCRIPT_FILENAME']);
die( '<h1>已安装</h1><p>请勿重复安装!</p><p class="step"><a href="login.php" class="button button-large">登录</a></p></body></html>' );
}
$step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0;
switch($step) {
case 0: // 显示说明
display_header();
?>
<form id="setup" method="post" action="?step=1">
<h1>欢迎</h1>
<p>欢迎使用本平台,安装开始前,请仔细阅读以下说明</p>
<p>手动安装方法将config-sample.php改名为config.php删除install.php即可。</p>
<h2>警告:</h2>
<p><b>本工具仅允许用于学习、研究场景,严禁用于任何非法用途!</b></p>
<p>人在做,天在看。善恶终有报,天道好轮回。不信抬头看,苍天饶过谁。</p>
<p class="step"><input name="submit" type="submit" value="安装" class="button button-large"></p>
</form>
<?php
break;
case 1: // 配置
display_header();
?>
<h1>配置</h1>
<p>请按照下面提示配置xss平台默认配置可直接下一步</p>
<?php
display_setup_form();
break;
case 2: // 写入config.php
display_header();
//输入处理使用stripStr过滤xss使用json_encode生成最终string
$encrypt_enable = isset( $_POST['encrypt_enable'] ) ? true : false;
$keep_session_enable = isset( $_POST['keep_session_enable'] ) ? true : false;
$mail_enable = isset( $_POST['mail_enable'] ) ? true : false;
$pass = isset( $_POST['pass'] ) ? stripStr($_POST['pass']) : '';
$encrypt_pass = isset( $_POST['encrypt_pass'] ) ? stripStr($_POST['encrypt_pass']) : '';
$mail_pass = isset( $_POST['mail_pass'] ) ? stripStr($_POST['mail_pass']) : '';
$data_path = isset($_POST['data_path']) ? stripStr(trim( $_POST['data_path'] )) : '';
$js_template_path = isset( $_POST['js_template_path'] ) ? stripStr(trim( $_POST['js_template_path'] )) : '';
$my_js_path = isset( $_POST['my_js_path'] ) ? stripStr(trim( $_POST['my_js_path'] )) : '';
$encrypt_type = isset( $_POST['encrypt_type'] ) ? stripStr(trim( $_POST['encrypt_type'] )) : '';
$ipdata_path = isset( $_POST['ipdata_path'] ) ? stripStr(trim( $_POST['ipdata_path'] )) : '';
$smtp_server = isset( $_POST['smtp_server'] ) ? stripStr(trim( $_POST['smtp_server'] )) : '';
$smtp_port = isset( $_POST['smtp_port'] ) ? stripStr(trim( $_POST['smtp_port'] )) : '';
$smtp_secure = isset( $_POST['smtp_secure'] ) ? stripStr(trim( $_POST['smtp_secure'] )) : '';
$mail_user = isset( $_POST['mail_user'] ) ? stripStr(trim( $_POST['mail_user'] )) : '';
$mail_from = isset( $_POST['mail_from'] ) ? stripStr(trim( $_POST['mail_from'] )) : '';
$mail_recv = isset( $_POST['mail_recv'] ) ? stripStr(trim( $_POST['mail_recv'] )) : '';
$error = false;
if ( $pass==='' ) {
display_setup_form( '登录密码不可为空' );
$error = true;
}
else if ( !preg_match( '/^[0-9a-zA-Z_\/\\\.]+$/' , $data_path ) ) {
display_setup_form( 'xss数据存储路径非法' );
$error = true;
}
else if ( !is_dir ( $data_path ) ) {
display_setup_form( 'xss数据存储路径不存在' );
$error = true;
}
else if ( !is_writable ( $data_path ) ) {
display_setup_form( 'xss数据存储路径不可写' );
$error = true;
}
else if ( glob($js_template_path.'/*')=== glob('static/js'.'/*') ) {
display_setup_form( 'js模板存储路径非法' );
$error = true;
}
else if ( !preg_match( '/^[0-9a-zA-Z_\/\\\.]+$/' , $js_template_path ) ) {
display_setup_form( 'js模板存储路径非法' );
$error = true;
}
else if ( !is_dir ( $js_template_path ) ) {
display_setup_form( 'js模板存储路径不存在' );
$error = true;
}
else if ( !is_writable ( $js_template_path ) ) {
display_setup_form( 'js模板存储路径不可写' );
$error = true;
}
else if ( glob($my_js_path.'/*')=== glob('static/js'.'/*') ) {
display_setup_form( '我的js存储路径非法' );
$error = true;
}
else if ( !preg_match( '/^[0-9a-zA-Z_\/\\\.]+$/' , $my_js_path ) ) {
display_setup_form( '我的js存储路径非法' );
$error = true;
}
else if ( !is_dir ( $my_js_path ) ) {
display_setup_form( '我的js存储路径不存在' );
$error = true;
}
else if ( !is_writable ( $my_js_path ) ) {
display_setup_form( '我的js存储路径不可写' );
$error = true;
}
else if ( $encrypt_enable && $encrypt_pass==='' ) {
display_setup_form( '加密密码不可为空' );
$error = true;
}
else if ( $encrypt_type!=="RC4" && $encrypt_type !== "AES" ) {
display_setup_form( '加密方式错误' );
$error = true;
}
else if ( !file_exists( $ipdata_path ) ) {
display_setup_form( 'ip数据库不存在' );
$error = true;
}
else if ( !preg_match( '/^[0-9]*$/' , $smtp_port ) ) {
display_setup_form( 'SMTP端口不合法' );
$error = true;
}
else
{
//生成密码hash
$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';
$pass=md5($salt.$pass.$salt);
$pass=md5($salt.$pass.$salt);
$pass=md5($salt.$pass.$salt);
$config_str = <<<CONFIG
<?php
if(!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
CONFIG;
$config_str .= 'define("PASS", '.json_encode($pass).');//后台登录密码默认密码bluelotus' . PHP_EOL;
//正则判断过不做json_encode处理
$config_str .= 'define("DATA_PATH", "'.$data_path.'");//xss记录、封禁ip列表存放目录' . PHP_EOL;
$config_str .= 'define("JS_TEMPLATE_PATH", "'.$js_template_path.'");//js模板存放目录' . PHP_EOL;
$config_str .= 'define("MY_JS_PATH", "'.$my_js_path.'");//我的js存放目录' . PHP_EOL;
$config_str .= 'define("ENCRYPT_ENABLE", '.($encrypt_enable?"true":"false").');//是否加密“xss记录封禁ip列表js描述”' . PHP_EOL;
$config_str .= 'define("ENCRYPT_PASS", '.json_encode( $encrypt_pass).');//加密密码' . PHP_EOL;
$config_str .= 'define("ENCRYPT_TYPE", '.json_encode( $encrypt_type).');//加密方法AES或RC4' . PHP_EOL;
$config_str .= 'define("KEEP_SESSION", '.($keep_session_enable?"true":"false").');//是否启用KEEP_SESSION功能需要外部定时访问keepsession.php' . PHP_EOL;
$config_str .= 'define("IPDATA_PATH", '.json_encode( $ipdata_path).');//ip归属地数据库地址' . PHP_EOL;
$config_str .= 'define("MAIL_ENABLE", '.($mail_enable?"true":"false").');//开启邮件通知' . PHP_EOL;
$config_str .= 'define("SMTP_SERVER", '.json_encode( $smtp_server).');//smtp服务器' . PHP_EOL;
//正则判断过不做json_encode处理
$config_str .= 'define("SMTP_PORT", '.$smtp_port.');//端口' . PHP_EOL;
$config_str .= 'define("SMTP_SECURE", '.json_encode( $smtp_secure).');' . PHP_EOL;
$config_str .= 'define("MAIL_USER", '.json_encode( $mail_user).');//发件人用户名' . PHP_EOL;
$config_str .= 'define("MAIL_PASS", '.json_encode( $mail_pass).');//发件人密码' . PHP_EOL;
$config_str .= 'define("MAIL_FROM", '.json_encode( $mail_from).');//发件人地址(需真实,不可伪造)' . PHP_EOL;
$config_str .= 'define("MAIL_RECV", '.json_encode( $mail_recv).');//接收通知的邮件地址' . PHP_EOL;
if (file_put_contents("config.php", $config_str)===false)
{
display_setup_form( '无法写入配置文件,请确保根目录有写权限' );
$error = true;
}
}
if ( $error === false ) {
//重加密记录
modify_js_desc($my_js_path,true,'bluelotus','RC4',$encrypt_enable,$encrypt_pass, $encrypt_type);
modify_js_desc($js_template_path,true,'bluelotus','RC4',$encrypt_enable,$encrypt_pass, $encrypt_type);
//安装完成,自杀
@unlink($_SERVER['SCRIPT_FILENAME']);
@unlink('config-sample.php');
?>
<h1>安装成功</h1>
<p>XSS平台安装成功请点下方链接登录后台</p>
<p class="step"><a href="login.php" class="button button-large">登录</a></p>
<?php
}
break;
}
function display_header( ) {
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex,nofollow" />
<title>安装</title>
<link rel="stylesheet" href="static/css/install.css" type="text/css" />
</head>
<body class="core-ui">
<p id="logo">
<a href="1" tabindex="-1"></a>
</p>
<?php
} // end display_header()
function display_setup_form( $error = null ) {
$encrypt_enable = isset( $_POST['encrypt_enable'] ) ? true : false;
$keep_session_enable = isset( $_POST['keep_session_enable'] ) ? true : false;
$mail_enable = isset( $_POST['mail_enable'] ) ? true : false;
$pass = isset( $_POST['pass'] ) ? stripStr($_POST['pass']) : 'bluelotus';
$encrypt_pass = isset( $_POST['encrypt_pass'] ) ? stripStr($_POST['encrypt_pass']) : 'bluelotus';
$mail_pass = isset( $_POST['mail_pass'] ) ? stripStr($_POST['mail_pass']) : 'xxxxxx';
$data_path = isset($_POST['data_path']) ? stripStr(trim( $_POST['data_path'] )) : 'data';
$js_template_path = isset( $_POST['js_template_path'] ) ? stripStr(trim( $_POST['js_template_path'] )) : 'template';
$my_js_path = isset( $_POST['my_js_path'] ) ? stripStr(trim( $_POST['my_js_path'] )) : 'myjs';
$encrypt_type = isset( $_POST['encrypt_type'] ) ? stripStr(trim( $_POST['encrypt_type'] )) : 'RC4';
$ipdata_path = isset( $_POST['ipdata_path'] ) ? stripStr(trim( $_POST['ipdata_path'] )) : 'qqwry.dat';
$smtp_server = isset( $_POST['smtp_server'] ) ? stripStr(trim( $_POST['smtp_server'] )) : 'smtp.xxx.com';
$smtp_port = isset( $_POST['smtp_port'] ) ? stripStr(trim( $_POST['smtp_port'] )) : '465';
$smtp_secure = isset( $_POST['smtp_secure'] ) ? stripStr(trim( $_POST['smtp_secure'] )) : 'ssl';
$mail_user = isset( $_POST['mail_user'] ) ? stripStr(trim( $_POST['mail_user'] )) : 'xxx@xxx.com';
$mail_from = isset( $_POST['mail_from'] ) ? stripStr(trim( $_POST['mail_from'] )) : 'xxx@xxx.com';
$mail_recv = isset( $_POST['mail_recv'] ) ? stripStr(trim( $_POST['mail_recv'] )) : 'xxx@xxx.com';
if ( ! is_null( $error ) ) {
?>
<h1>错误</h1>
<p class="message"><?php echo stripStr($error); ?></p>
<?php
}
?>
<form id="setup" method="post" action="install.php?step=2" novalidate="novalidate">
<table class="form-table">
<tr>
<th scope="row"><label for="pass">后台登录密码</label></th>
<td>
<input name="pass" type="text" id="pass" size="25" value="<?php echo $pass;?>" required="required" />
<p>特殊字符会被转义,慎用,下同</p>
</td>
</tr>
<tr>
<th scope="row"><label for="data_path">xss数据存储路径</label></th>
<td>
<input name="data_path" type="text" id="data_path" size="25" value="<?php echo $data_path; ?>" required="required" />
<p>文件夹需要有写权限</p>
</td>
</tr>
<tr>
<th scope="row"><label for="js_template_path">js模板存储路径</label></th>
<td>
<input name="js_template_path" type="text" id="js_template_path" size="25" value="<?php echo $js_template_path;?>" required="required" />
<p>文件夹需要有写权限</p>
</td>
</tr>
<tr>
<th scope="row"><label for="my_js_path">我的js存储路径</label></th>
<td>
<input name="my_js_path" type="text" id="my_js_path" size="25" value="<?php echo $my_js_path;?>" required="required" />
<p>文件夹需要有写权限</p>
</td>
</tr>
<tr>
<th scope="row"><label for="encrypt_enable">启用数据加密</label></th>
<td>
<input type="checkbox" name="encrypt_enable" type="text" id="encrypt_enable" size="25" value="1" <?php if( !isset( $_POST['encrypt_enable'] ) || $encrypt_enable===true ) echo 'checked="checked"';?> />
<p>对xss记录js描述文件加密</p>
</td>
</tr>
<tr>
<th scope="row"><label for="encrypt_pass">数据加密密码</label></th>
<td>
<input name="encrypt_pass" type="text" id="encrypt_pass" size="25" value="<?php echo $encrypt_pass;?>" />
<p>加密数据的密码</p>
</td>
</tr>
<tr>
<th scope="row"><label for="encrypt_type">加密方式</label></th>
<td>
<select name="encrypt_type" type="text" id="encrypt_type" size="1">
<option value ="RC4" <?php if($encrypt_type==="RC4") echo 'selected="selected"';?> >RC4</option>
<option value ="AES" <?php if($encrypt_type!=="RC4") echo 'selected="selected"';?> >AES</option>
</select>
</td>
</tr>
<tr>
<th scope="row"><label for="keep_session_enable">启用keepsession</label></th>
<td>
<input type="checkbox" name="keep_session_enable" type="text" id="keep_session_enable" size="25" value="1" <?php if(!isset( $_POST['keep_session_enable'] ) || $keep_session_enable===true) echo 'checked="checked"';?> />
<p>详见README.md说明</p>
</td>
</tr>
<tr>
<th scope="row"><label for="ipdata_path">ip数据库位置</label></th>
<td>
<input name="ipdata_path" type="text" id="ipdata_path" size="25" value="<?php echo $ipdata_path;?>" required="required" />
<p>纯真qqwry.dat位置</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_enable">启用邮件通知</label></th>
<td>
<input type="checkbox" name="mail_enable" type="text" id="mail_enable" size="25" value="1" <?php if($mail_enable===true) echo 'checked="checked"';?> />
<p>收到xss消息后邮件通知</p>
</td>
</tr>
<tr>
<th scope="row"><label for="smtp_server">SMTP服务器</label></th>
<td>
<input name="smtp_server" type="text" id="smtp_server" size="25" value="<?php echo $smtp_server;?>" />
<p>SMTP服务器地址</p>
</td>
</tr>
<tr>
<th scope="row"><label for="smtp_port">SMTP服务器端口</label></th>
<td>
<input name="smtp_port" type="text" id="smtp_port" size="25" value="<?php echo $smtp_port;?>" />
<p>详询服务提供商</p>
</td>
</tr>
<tr>
<th scope="row"><label for="smtp_secure">SMTP安全项</label></th>
<td>
<input name="smtp_secure" type="text" id="smtp_secure" size="25" value="<?php echo $smtp_secure;?>" />
<p>默认无需修改</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_user">SMTP用户名</label></th>
<td>
<input name="mail_user" type="text" id="mail_user" size="25" value="<?php echo $mail_user;?>" />
<p>一般只是邮箱@之前的部分</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_pass">SMTP密码</label></th>
<td>
<input name="mail_pass" type="text" id="mail_pass" size="25" value="<?php echo $mail_pass;?>" />
<p>发件邮箱的密码</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_from">发件人地址</label></th>
<td>
<input name="mail_from" type="text" id="mail_from" size="25" value="<?php echo $mail_from;?>" />
<p>不可伪造,否者无法发送</p>
</td>
</tr>
<tr>
<th scope="row"><label for="mail_recv">收件人地址</label></th>
<td>
<input name="mail_recv" type="text" id="mail_recv" size="25" value="<?php echo $mail_recv;?>" />
<p>接收通知的邮件地址</p>
</td>
</tr>
</table>
<p class="step"><input name="submit" type="submit" value="提交" class="button button-large"></p>
</form>
<?php
} // end display_setup_form()
//xss过滤
function stripStr($str){
if(get_magic_quotes_gpc())
$str=stripslashes($str);
return htmlspecialchars($str,ENT_QUOTES,'UTF-8');
}
//js描述重加密
function modify_js_desc($path,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_type,$new_encrypt_enable,$new_encrypt_pass, $new_encrypt_type)
{
$files = glob($path . '/*.js');
foreach ($files as $file){
//由于可能有中文名,故使用正则来提取文件名
$filename=preg_replace('/^.+[\\\\\\/]/', '', $file);
$filename=substr ( $filename , 0 , strlen ($filename)-3 );
$desc=@file_get_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc');
if($desc!==false)
$desc=decrypt($desc,$old_encrypt_enable,$old_encrypt_pass,$old_encrypt_type);
else
$desc="";
$desc=encrypt($desc, $new_encrypt_enable, $new_encrypt_pass, $new_encrypt_type);
@file_put_contents(dirname( __FILE__ ).'/'.$path.'/'.$filename.'.desc', $desc);
}
}
//加密
function encrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type)
{
if($encrypt_enable) {
if($encrypt_type==="AES") {
require_once("aes.php");
$info=AESEncryptCtr($info,$encrypt_pass);
}
else {
require_once("rc4.php");
$info=base64_encode( rc4($info,$encrypt_pass) );
}
}
else
$info=base64_encode($info);
return $info;
}
//解密
function decrypt($info,$encrypt_enable,$encrypt_pass,$encrypt_type)
{
if($encrypt_enable) {
if($encrypt_type==="AES") {
require_once("aes.php");
$info=AESDecryptCtr($info,$encrypt_pass);
}
else {
require_once("rc4.php");
$info=rc4(base64_decode($info),$encrypt_pass);
}
}
else
$info=base64_decode($info);
return $info;
}
?>

22
keepsession.php
View File

@@ -5,25 +5,22 @@ ignore_user_abort();
//Windows平台最好别设成0因为windows上lock没法实现非阻塞 //Windows平台最好别设成0因为windows上lock没法实现非阻塞
set_time_limit(0); set_time_limit(0);
require_once("config.php"); require_once("load.php");
require_once("functions.php"); require_once("functions.php");
require_once("dio.php"); require_once("dio.php");
if(KEEP_SESSION) if (KEEP_SESSION) {
{
//利用非阻塞的flock实现单例运行 //利用非阻塞的flock实现单例运行
$pid = fopen(DATA_PATH . '/check.pid', "w"); $pid = fopen(DATA_PATH . '/check.pid', "w");
if (!$pid) if (!$pid)
exit(); exit();
if(flock($pid, LOCK_EX|LOCK_NB)) if (flock($pid, LOCK_EX | LOCK_NB)) {
{
$files = glob(DATA_PATH . '/*.php'); $files = glob(DATA_PATH . '/*.php');
foreach ($files as $file) { foreach ($files as $file) {
$filename = basename($file, ".php"); $filename = basename($file, ".php");
$info = load_xss_record($filename); $info = load_xss_record($filename);
if($info['keepsession']===true) if ($info['keepsession'] === true) {
{
$url = getLocation($info); $url = getLocation($info);
$cookie = getCookie($info); $cookie = getCookie($info);
@@ -32,8 +29,7 @@ if(KEEP_SESSION)
$useragent = $info['headers_data']['User-Agent']; $useragent = $info['headers_data']['User-Agent'];
$ip = $info['user_IP']; $ip = $info['user_IP'];
if($url!="" && $cookie!="") if ($url != "" && $cookie != "") {
{
$ch = curl_init(); $ch = curl_init();
$header[] = 'User-Agent: ' . $useragent; $header[] = 'User-Agent: ' . $useragent;
$header[] = 'Cookie: ' . $cookie; $header[] = 'Cookie: ' . $cookie;
@@ -62,7 +58,8 @@ if(KEEP_SESSION)
} }
function getCookie($info){ function getCookie($info)
{
$cookie = ""; $cookie = "";
if (isset($info['decoded_get_data']['cookie']) && $info['decoded_get_data']['cookie'] != "") if (isset($info['decoded_get_data']['cookie']) && $info['decoded_get_data']['cookie'] != "")
@@ -82,7 +79,8 @@ function getCookie($info){
} }
function getLocation($info){ function getLocation($info)
{
$location = ""; $location = "";
if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "") if (isset($info['decoded_get_data']['location']) && $info['decoded_get_data']['location'] != "")
@@ -102,5 +100,3 @@ function getLocation($info){
return htmlspecialchars_decode(stripslashes($location), ENT_QUOTES); return htmlspecialchars_decode(stripslashes($location), ENT_QUOTES);
} }
?>

8
load.php Normal file
View File

@@ -0,0 +1,8 @@
<?php
if (file_exists('config.php')) {
require_once('config.php');
} else {
//缺少config文件转至install.php
header("Location: install.php");
exit();
}

47
login.php
View File

@@ -1,5 +1,9 @@
<?php <?php
define("IN_XSS_PLATFORM", true); define("IN_XSS_PLATFORM", true);
require_once("load.php");
require_once("functions.php");
//CSP开启 //CSP开启
header("Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'"); header("Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'"); header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'");
@@ -8,12 +12,10 @@ header("X-WebKit-CSP: default-src 'self'; object-src 'none'; frame-src 'none'");
//设置httponly //设置httponly
ini_set("session.cookie_httponly", 1); ini_set("session.cookie_httponly", 1);
session_start(); session_start();
require_once("config.php");
require_once("functions.php");
//判断是否登陆 //判断是否登陆
if(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true) if (isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true) {
{
header("Location: admin.php"); header("Location: admin.php");
exit(); exit();
} }
@@ -22,25 +24,19 @@ if(isset($_SESSION['isLogin']) && $_SESSION['isLogin']===true)
$forbiddenIPList = loadForbiddenIPList(); $forbiddenIPList = loadForbiddenIPList();
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
$is_pass_wrong = false; $is_pass_wrong = false;
if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<=5) if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] <= 5) {
{ if (isset($_POST['password']) && $_POST['password'] != "") {
if(isset($_POST['password']) && $_POST['password']!="") if (checkPassword($_POST['password'])) {
{
if(checkPassword($_POST['password']))
{
$_SESSION['isLogin'] = true; $_SESSION['isLogin'] = true;
$_SESSION['user_IP'] = $ip; $_SESSION['user_IP'] = $ip;
$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
if(isset($forbiddenIPList[$ip])) if (isset($forbiddenIPList[$ip])) {
{
unset($forbiddenIPList[$ip]); unset($forbiddenIPList[$ip]);
saveForbiddenIPList($forbiddenIPList); saveForbiddenIPList($forbiddenIPList);
} }
header("Location: admin.php"); header("Location: admin.php");
exit(); exit();
} } else {
else
{
if (isset($forbiddenIPList[$ip])) if (isset($forbiddenIPList[$ip]))
$forbiddenIPList[$ip]++; $forbiddenIPList[$ip]++;
else else
@@ -49,8 +45,7 @@ if(!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip]<=5)
$is_pass_wrong = true; $is_pass_wrong = true;
} }
} }
} } else
else
$is_pass_wrong = true; $is_pass_wrong = true;
function loadForbiddenIPList() function loadForbiddenIPList()
@@ -64,15 +59,13 @@ function loadForbiddenIPList()
$str = decrypt($str); $str = decrypt($str);
if($str!='') if ($str != '') {
{
$result = json_decode($str, true); $result = json_decode($str, true);
if ($result != null) if ($result != null)
return $result; return $result;
else else
return array(); return array();
} } else
else
return array(); return array();
} }
@@ -91,8 +84,7 @@ php -r "$salt='!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl';$key='bluelotus';$key=md5($salt
*/ */
function checkPassword($p) function checkPassword($p)
{ {
if(isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck']!="" && $_POST['firesunCheck']===$_SESSION['firesunCheck']) if (isset($_POST['firesunCheck']) && isset($_SESSION['firesunCheck']) && $_SESSION['firesunCheck'] != "" && $_POST['firesunCheck'] === $_SESSION['firesunCheck']) {
{
//改了这个盐记得改login.js里的两个要一致 //改了这个盐记得改login.js里的两个要一致
$salt = "!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl"; $salt = "!KTMdg#^^I6Z!deIVR#SgpAI6qTN7oVl";
$key = PASS; $key = PASS;
@@ -105,7 +97,8 @@ function checkPassword($p)
} }
//生成挑战应答的随机值 //生成挑战应答的随机值
function generate_password( $length = 32 ) { function generate_password($length = 32)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = ""; $password = "";
for ($i = 0; $i < $length; $i++) for ($i = 0; $i < $length; $i++)
@@ -138,7 +131,11 @@ function generate_password( $length = 32 ) {
</h1> </h1>
<form action="" method="post"> <form action="" method="post">
<input type="password" placeholder="password" id="password" name="password" required="required"> <input type="password" placeholder="password" id="password" name="password" required="required">
<input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php $firesunCheck=generate_password(32); $_SESSION['firesunCheck']=$firesunCheck;echo json_encode($_SESSION['firesunCheck']);?> /> <input id="firesunCheck" type="hidden" name="firesunCheck" value=<?php
$firesunCheck = generate_password(32);
$_SESSION['firesunCheck'] = $firesunCheck;
echo json_encode($_SESSION['firesunCheck']);
?> />
<button type="submit" id="submit" disabled="disabled"> <button type="submit" id="submit" disabled="disabled">
<i class="fa fa-arrow-right"> <i class="fa fa-arrow-right">

1
logout.php
View File

@@ -7,4 +7,3 @@ session_unset();
session_destroy(); session_destroy();
header("Location: login.php"); header("Location: login.php");
exit(); exit();
?>

4
mail.php
View File

@@ -4,7 +4,8 @@ if(!defined('IN_XSS_PLATFORM')) {
} }
require_once("PHPMailer/PHPMailerAutoload.php"); require_once("PHPMailer/PHPMailerAutoload.php");
require_once("config.php"); require_once("load.php");
function send_mail($xss_record_json) function send_mail($xss_record_json)
{ {
$subject = "GET:" . count($xss_record_json['get_data']) . "个 POST:" . count($xss_record_json['post_data']) . "个 Cookie:" . count($xss_record_json['cookie_data']) . ""; $subject = "GET:" . count($xss_record_json['get_data']) . "个 POST:" . count($xss_record_json['post_data']) . "个 Cookie:" . count($xss_record_json['cookie_data']) . "";
@@ -38,4 +39,3 @@ function send_mail($xss_record_json)
$mail->Body = $body; $mail->Body = $body;
$mail->Send(); $mail->Send();
} }
?>

9
rc4.php
View File

@@ -1,4 +1,8 @@
<?php <?php
if (!defined('IN_XSS_PLATFORM')) {
exit('Access Denied');
}
/* /*
* Copyright 2011 Michael Cutler <m@cotdp.com> * Copyright 2011 Michael Cutler <m@cotdp.com>
* *
@@ -26,7 +30,8 @@
* @return the result of the RC4 as a binary string * @return the result of the RC4 as a binary string
* @author Michael Cutler <m@cotdp.com> * @author Michael Cutler <m@cotdp.com>
*/ */
function rc4($data_str , $key_str) { function rc4($data_str, $key_str)
{
// convert input string(s) to array(s) // convert input string(s) to array(s)
$key = array(); $key = array();
$data = array(); $data = array();
@@ -80,5 +85,3 @@
} }
return $data_str; return $data_str;
} }
?>

315
static/css/install.css Normal file
View File

@@ -0,0 +1,315 @@
html {
background: #222526;
margin: 0 20px;
}
body {
background: #fff;
color: #444;
font-family: 'Microsoft YaHei', "Open Sans", sans-serif;
margin: 190px auto 25px;
padding: 20px 20px 10px 20px;
max-width: 600px;
-webkit-font-smoothing: subpixel-antialiased;
-webkit-box-shadow: 0 1px 3px rgba(0,0,0,0.13);
box-shadow: 0 1px 3px rgba(0,0,0,0.13);
}
a {
color: #0073aa;
}
a:hover,
a:active {
color: #00a0d2;
}
a:focus {
color: #124964;
-webkit-box-shadow:
0 0 0 1px #5b9dd9,
0 0 2px 1px rgba(30, 140, 190, .8);
box-shadow:
0 0 0 1px #5b9dd9,
0 0 2px 1px rgba(30, 140, 190, .8);
}
.ie8 a:focus {
outline: #5b9dd9 solid 1px;
}
h1, h2 {
border-bottom: 1px solid #dedede;
clear: both;
color: #666;
font-size: 24px;
padding: 0;
padding-bottom: 7px;
font-weight: normal;
}
h3 {
font-size: 16px;
}
p, li, dd, dt {
padding-bottom: 2px;
font-size: 14px;
line-height: 1.5;
}
code, .code {
font-family: 'Microsoft YaHei', Consolas, Monaco, monospace;
}
ul, ol, dl {
padding: 5px 5px 5px 22px;
}
a img {
border:0
}
abbr {
border: 0;
font-variant: normal;
}
fieldset {
border: 0;
padding: 0;
margin: 0;
}
label {
cursor: pointer;
}
#logo {
margin: -170px 0 37px 0;
padding: 0 0 7px 0;
border-bottom: none;
text-align: center;
}
#logo a {
background-image: url(../images/logo.png);
-webkit-background-size: 180px;
background-size: 180px;
background-position: center top;
background-repeat: no-repeat;
color: #999;
height: 180px;
width: 300px;
font-size: 20px;
font-weight: normal;
line-height: 1.3em;
margin: -110px auto -50px;
padding: 0;
text-decoration: none;
text-indent: -9999px;
outline: none;
overflow: hidden;
display: block;
}
#logo a:focus {
-webkit-box-shadow: none;
box-shadow: none;
}
.step {
margin: 20px 0 15px;
}
.step, th {
text-align: left;
padding: 0;
}
.form-table {
border-collapse: collapse;
margin-top: 1em;
width: 100%;
}
.form-table td {
margin-bottom: 9px;
padding: 10px 20px 10px 0;
font-size: 14px;
vertical-align: top
}
.form-table th {
font-size: 14px;
text-align: left;
padding: 10px 20px 10px 0;
width: 140px;
vertical-align: top;
}
.form-table code {
line-height: 18px;
font-size: 14px;
}
.form-table p {
margin: 4px 0 0 0;
font-size: 11px;
display: inline;
}
.form-table input {
line-height: 20px;
font-size: 15px;
padding: 3px 5px;
border: 1px solid #ddd;
-webkit-box-shadow: inset 0 1px 2px rgba(0,0,0,0.07);
box-shadow: inset 0 1px 2px rgba(0,0,0,0.07);
}
input,
submit {
font-family: 'Microsoft YaHei',"Open Sans", sans-serif;
}
.form-table input[type=text],
.form-table input[type=email],
.form-table input[type=url],
.form-table input[type=password] {
width: 206px;
}
.form-table th p {
font-weight: normal;
}
.form-table.install-success th,
.form-table.install-success td {
vertical-align: middle;
padding: 16px 20px 16px 0;
}
.form-table.install-success td p {
margin: 0;
font-size: 14px;
}
.form-table.install-success td code {
margin: 0;
font-size: 18px;
}
.message {
border: 1px solid #c00;
padding: 0.5em 0.7em;
margin: 5px 0 15px;
background-color: #ffebe8;
}
.form-table span.description.important {
font-size: 12px;
}
/* localization */
body.rtl,
.rtl textarea,
.rtl input,
.rtl submit {
font-family: 'Microsoft YaHei', Tahoma, sans-serif;
}
:lang(he-il) body.rtl,
:lang(he-il) .rtl textarea,
:lang(he-il) .rtl input,
:lang(he-il) .rtl submit {
font-family: 'Microsoft YaHei', Arial, sans-serif;
}
@media only screen and (max-width: 799px) {
body {
margin-top: 115px;
}
#logo a {
margin: -125px auto 30px;
}
}
@media screen and ( max-width: 782px ) {
.form-table {
margin-top: 0;
}
.form-table th,
.form-table td {
display: block;
width: auto;
vertical-align: middle;
}
.form-table th {
padding: 20px 0 0;
}
.form-table td {
padding: 5px 0;
border: 0;
margin: 0;
}
textarea,
input {
font-size: 16px;
}
.form-table td input[type="text"],
.form-table td input[type="email"],
.form-table td input[type="url"],
.form-table td input[type="password"],
.form-table td select,
.form-table td textarea,
.form-table span.description {
width: 100%;
font-size: 16px;
line-height: 1.5;
padding: 7px 10px;
display: block;
max-width: none;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
}
#encrypt_enable, #keep_session_enable, #mail_enable {
margin-right: 200px;
}
.core-ui .button {
color: #555;
border-color: #ccc;
background: #f7f7f7;
-webkit-box-shadow: 0 1px 0 #ccc;
box-shadow: 0 1px 0 #ccc;
vertical-align: top;
display: inline-block;
text-decoration: none;
font-size: 13px;
line-height: 26px;
height: 28px;
margin: 0;
padding: 0 10px 1px;
cursor: pointer;
border-width: 1px;
border-style: solid;
-webkit-appearance: none;
-webkit-border-radius: 3px;
border-radius: 3px;
white-space: nowrap;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}